ssh @ -p 密钥_SSH终极指南-设置SSH密钥

ssh @ -p 密钥

Welcome to our ultimate guide to setting up SSH (Secure Shell) keys. This tutorial will walk you through the basics of creating SSH keys, and also how to manage multiple keys and key pairs.

欢迎使用我们的终极指南来设置SSH(安全外壳)密钥。 本教程将指导您创建SSH密钥的基础知识，以及如何管理多个密钥和密钥对。

创建一个新的SSH密钥对 (Create a New SSH Key Pair)

Open a terminal and run the following command:

打开一个终端并运行以下命令：

ssh-keygen

You will see the following text:

您将看到以下文本：

Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):

Press enter to save your keys to the default /home/username/.ssh directory.

按Enter键将密钥保存到默认的/home/username/.ssh目录。

Then you'll be prompted to enter a password:

然后将提示您输入密码：

Enter passphrase (empty for no passphrase):

It's recommended to enter a password here for an extra layer of security. By setting a password, you could prevent unauthorized access to your servers and accounts if someone ever gets a hold of your private SSH key or your machine.

建议在此处输入密码以增加安全性。 通过设置密码，如果有人持有您的私有SSH密钥或计算机，则可以防止未经授权访问您的服务器和帐户。

After entering and confirming your password, you'll see the following:

输入并确认密码后，您将看到以下内容：

Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:/qRoWhRcIBTw0D4KpTUyK6YepyL6RQ2CQrtWsaicCb4 username@871e129f767b
The key's randomart image is:
+---[RSA 2048]----+
| .o=+....        |
|+.*o+o .         |
|+X.=o o          |
|@.=.oo .         |
|=O ...o S        |
|o.oo . .         |
|.E+ . . . .      |
|oo . ... +       |
|=.. .o. . .      |
+----[SHA256]-----+

You now have a public and private SSH key pair you can use to access remote servers and to handle authentication for command line programs like Git.

现在，您拥有一个公共和私有SSH密钥对，可用于访问远程服务器并处理诸如Git之类的命令行程序的身份验证。

管理多个SSH密钥 (Manage Multiple SSH Keys)

Though it's considered good practice to have only one public-private key pair per device, sometimes you need to use multiple keys or you have unorthodox key names. For example, you might be using one SSH key pair for working on your company's internal projects, but you might be using a different key for accessing a client's servers. On top of that, you might be using a different key pair for accessing your own private server.

尽管每台设备只有一个公私钥对被认为是一种很好的做法，但是有时您需要使用多个密钥，或者您拥有非正统的密钥名称。 例如，您可能正在使用一个SSH密钥对来处理公司的内部项目，但是可能正在使用其他密钥来访问客户端的服务器。 最重要的是，您可能使用其他密钥对来访问自己的私有服务器。

Managing SSH keys can become cumbersome as soon as you need to use a second key. Traditionally, you would use ssh-add to store your keys to ssh-agent, typing in the password for each key. The problem is that you would need to do this every time you restart your computer, which can quickly become tedious.

一旦需要使用第二个密钥，管理SSH密钥就会变得很麻烦。 传统上，您将使用ssh-add将密钥存储到ssh-agent ，为每个密钥输入密码。 问题在于，每次重新启动计算机时都需要执行此操作，这很快就会变得乏味。

A better solution is to automate adding keys, store passwords, and to specify which key to use when accessing certain servers.

更好的解决方案是自动添加密钥，存储密码，并指定访问某些服务器时使用哪个密钥。

SSH config (SSH config)

Enter SSH config, which is a per-user configuration file for SSH communication. Create a new file: ~/.ssh/config and open it for editing:

输入SSH config ，这是用于SSH通信的每个用户的配置文件。 创建一个新文件： ~/.ssh/config并打开以进行编辑：

nano ~/.ssh/config

管理自定义命名的SSH密钥 (Managing Custom Named SSH key)

The first thing we are going to solve using this config file is to avoid having to add custom-named SSH keys using ssh-add. Assuming your private SSH key is named ~/.ssh/id_rsa, add following to the config file:

使用此config文件，我们要解决的第一件事是避免必须使用ssh-add添加自定义名称的SSH密钥。 假设您的私人SSH密钥名为~/.ssh/id_rsa ，请将以下内容添加到config文件中：

Host github.com
  HostName github.com
  User git
  IdentityFile ~/.ssh/id_rsa
  IdentitiesOnly yes

Next, make sure that ~/.ssh/id_rsa is not in ssh-agent by opening another terminal and running the following command:

接下来，通过打开另一个终端并运行以下命令，确保~/.ssh/id_rsa不在ssh-agent ：

ssh-add -D

This command will remove all keys from currently active ssh-agent session.

此命令将从当前活动的ssh-agent会话中删除所有密钥。

Now if you try closing a GitHub repository, your config file will use the key at ~/.ssh/ida_rsa.

现在，如果您尝试关闭GitHub存储库，则config文件将使用~/.ssh/ida_rsa处的密钥。

Here are some other useful configuration examples:

以下是一些其他有用的配置示例：

Host bitbucket-corporate
        HostName bitbucket.org
        User git
        IdentityFile ~/.ssh/id_rsa_corp
        IdentitiesOnly yes

Now you can use git clone git@bitbucket-corporate:company/project.git

现在您可以使用git clone git@bitbucket-corporate:company/project.git

Host bitbucket-personal
        HostName bitbucket.org
        User git
        IdentityFile ~/.ssh/id_rsa_personal
        IdentitiesOnly yes

Now you can use git clone git@bitbucket-personal:username/other-pi-project.git

现在您可以使用git clone git@bitbucket-personal:username/other-pi-project.git

Host myserver
        HostName ssh.username.com
        Port 1111
        IdentityFile ~/.ssh/id_rsa_personal
        IdentitiesOnly yes
        User username
        IdentitiesOnly yes

Now you can SSH into your server using ssh myserver. You no longer need to enter a port and username every time you SSH into your private server.

现在，您可以使用ssh myserver SSH进入服务器。 每次SSH进入专用服务器时，您都不再需要输入端口和用户名。

密码管理 (Password management)

The last piece of the puzzle is managing passwords. It can get very tedious entering a password every time you initialize an SSH connection. To get around this, we can use the password management software that comes with macOS and various Linux distributions.

最后一个难题是管理密码。 每次初始化SSH连接时，输入密码都会非常麻烦。 为了解决这个问题，我们可以使用macOS和各种Linux发行版随附的密码管理软件。

For this tutorial we will use macOS's Keychain Access program. Start by adding your key to the Keychain Access by passing -K option to the ssh-add command:

在本教程中，我们将使用macOS的“钥匙串访问”程序。 首先，通过将-K选项传递给ssh-add命令，将密钥添加到“钥匙串访问”中：

ssh-add -K ~/.ssh/id_rsa_whatever

Now you can see your SSH key in Keychain Access:

现在，您可以在“钥匙串访问”中看到您的SSH密钥：

But if you remove the keys from ssh-agent with ssh-add -D or restart your computer, you will be prompted for password again when you try to use SSH. Turns out there's one more hoop to jump through. Open your SSH config file by running nano ~/.ssh/config and add the following:

但是，如果使用ssh-add -D从ssh-agent删除密钥或重新启动计算机，则在尝试使用SSH时会再次提示您输入密码。 事实证明，还有另外一环要跳。 通过运行nano ~/.ssh/config打开SSH config文件，并添加以下内容：

Host *
  AddKeysToAgent yes
  UseKeychain yes

With that, whenever you run ssh it will look for keys in Keychain Access. If it finds one, you will no longer be prompted for a password. Keys will also automatically be added to ssh-agent every time you restart your machine.

这样，每当您运行ssh ，它将在Keychain Access中查找密钥。 如果找到一个，将不再提示您输入密码。 每次重新启动计算机时，密钥也会自动添加到ssh-agent 。

Now that you know the basics of creating new SSH keys and managing multiple keys, go out and ssh to your heart's content!

现在，您已经了解了创建新的SSH密钥和管理多个密钥的基础知识，然后动身并ssh吧！

翻译自: https://www.freecodecamp.org/news/the-ultimate-guide-to-ssh-setting-up-ssh-keys/

ssh @ -p 密钥