需求背景
场景:一台电脑上既需要下载公司(内网)代码,也需要下载github、gitee、gitlab等平台代码。
而且为了避免每次操作代码(pull/push …etc)时需要输入账号密码,采用ssh方式。
生成ssh-key
以管理员身份运行,打开git bash,输入以下命令生成密钥:
ssh-keygen -t rsa -C “email”
如下示例:
jiangly@jiangly-laptop MINGW64 /
$ ssh-keygen -t rsa -C jiangliangyou@hotmail.com
Generating public/private rsa key pair.
Enter file in which to save the key (/c/Users/jiangly/.ssh/id_rsa): /c/Users/jiangly/.ssh/id_rsa_gitee_jiangliangyou
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /c/Users/jiangly/.ssh/id_rsa_gitee_jiangliangyou.
Your public key has been saved in /c/Users/jiangly/.ssh/id_rsa_gitee_jiangliangyou.pub.
The key fingerprint is:
SHA256:EgxxxxxxxxxxxxxxxxxxxxmZQOTLnaJPxxxx/000/Jxxx jiangliangyou@hotmail.com
The key’s randomart image is:
±–[RSA 2048]----+
| …*OB. |
|= o+B=o |
|.O.=.+=. |
|o B.=+.o |
| B +=… o |
| .o. …o . . |
| . o o . o .|
| . . .E .|
| oS … |
±—[SHA256]-----+
- ssh-keygen: ssh 为 Secure Shell 的缩写,是建立在应用层基础上的安全协议,-keygen是指基于密匙的安全验证
- -t rsa:t 为 type 缩写,密钥类型,一种是 RSA(非对称加密算法),一种是 DSA,默认为 RSA
- -b 4096 : b 为 bit 的缩写 ,默认为2048[^1] ,越长越安全,但生成、解密、认证等 CPU 消耗时间更长,耗电更多、存储空间占用更大
- -C “email” : C 为 comment 的缩写,识别密钥的注释,可填写任何内容,建议用邮箱,可不带双引号
- Enter file in which to save the key:windows下默认文件 /c/Users/{user}/.ssh/id_rsa ,此处是重点: 为区分出不同平台的不同账号,建议命名为 id_rsa_{platform}_{userName},例如:
- id_rsa_gitlab_jiangly
- id_rsa_gitlab_jiangliangyou
- id_rsa_gitee_jiangliangyou
- id_rsa_github_jiangliangyou
多个git账号的ssh密钥生成后:
jiangly@jiangly-laptop MINGW64 ~/.ssh
$ ll
total 31
-rw-r–r-- 1 jiangly 197121 1062 5月 7 22:08 config
-rw-r–r-- 1 jiangly 197121 1831 5月 7 21:54 id_rsa_gitlab_jiangly
-rw-r–r-- 1 jiangly 197121 0404 5月 7 21:54 id_rsa_gitlab_jiangly.pub
-rw-r–r-- 1 jiangly 197121 1831 5月 7 21:58 id_rsa_gitlab_jiangliangyou
-rw-r–r-- 1 jiangly 197121 0404 5月 7 21:58 id_rsa_gitlab_jiangliangyou.pub
-rw-r–r-- 1 jiangly 197121 3389 5月 7 23:53 id_rsa_gitee_jiangliangyou
-rw-r–r-- 1 jiangly 197121 0751 5月 7 23:53 id_rsa_gitee_jiangliangyou.pub
-rw-r–r-- 1 jiangly 197121 1831 5月 7 21:48 id_rsa_github_jiangliangyou
-rw-r–r-- 1 jiangly 197121 0407 5月 7 21:48 id_rsa_github_jiangliangyou.pub
-rw-r–r-- 1 jiangly 197121 1434 5月 7 22:14 known_hosts
其中 known_hosts 是在本电脑上 clone 过的远程服务器列表,是自动生成的文件
配置ssh密钥
a.打开 /c/Users/{user}/.ssh/ 目录;
b.登录github、gitee、gitlab等平台,将对应 .pub 公钥内容完整复制到各平台用户配置-SSH密钥管理中;
c.手动创建 config 文件,无后缀,内容填写如下
# 添加config配置文件
# 配置文件参数
# Host : 别名,可以取自己喜欢的名字,不过这个会影响git相关命令,例如定义为:Host mygithub 时,clone命令为git clone git@mygithub.com:WordPress/WordPress.git
# HostName : 要登录主机的主机名,真实的域名地址
# User : 登录名
# IdentityFile : 指明上面User对应的identityFile路径
# PreferredAuthentications : 配置登录时的权限认证方式--可设为publickey,password publickey,keyboard-interactive等
# 文件内容如下:
# github.com - jiangliangyou@hotmail.com
Host github.com
HostName github.com
PreferredAuthentications publickey
IdentityFile C:/Users/jiangly/.ssh/id_rsa_github_jiangliangyou
User jiangliangyou
# jiangly.gitlab.com - jiangly@xxx.com
Host jiangly.gitlab.com
HostName gitlab.com
PreferredAuthentications publickey
IdentityFile C:/Users/jiangly/.ssh/id_rsa_gitlab_jiangly
User jiangly
# jiangliangyou.gitlab.com - jiangliangyou@hotmail.com
Host jiangliangyou.gitlab.com
HostName gitlab.com
PreferredAuthentications publickey
IdentityFile C:/Users/jiangly/.ssh/id_rsa_gitlab_jiangliangyou
User jiangly
配置git
由于要区分不同git账号,因此需要取消 git 的全局设置
> git config --global --unset user.name
> git config --global --unset user.email