GitHub官方文档:
https://docs.github.com/cn/github/authenticating-to-github/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent
1. 在MAC本地生成SSH
打开终端,输入以下命令生成
ssh-keygen -t ed25519 -C "your_email@example.com"其中 your_email@example.com 改成你自己的GitHub邮箱
Enter a file in which to save the key (/Users/you/.ssh/id_ed25519): 此时系统会提示你输入文件名字保存密钥。此时不要输入任何文件,系统将自动保存至默认位置。
修改 ~/.ssh/config 文件使其包含:
Host *
AddKeysToAgent yes
UseKeychain yes
IdentityFile ~/.ssh/id_ed255192. 添加密钥到GitHub
复制 /Users/you/.ssh/id_ed25519 文件中又像前面的所有内容到GitHub密钥处,如图:
最后添加成功,然后可以 git clone ssh链接,用正常的其它git命令。
Tip:
用 man ssh-keygen 查看命令用法详解:
$ man key-keygen
SSH-KEYGEN(1) BSD General Commands Manual SSH-KEYGEN(1)
NAME
ssh-keygen -- authentication key generation, management and conversion
SYNOPSIS
ssh-keygen [-q] [-b bits] [-C comment] [-f output_keyfile] [-m format]
[-N new_passphrase] [-t dsa | ecdsa | ed25519 | rsa]
ssh-keygen -p [-f keyfile] [-m format] [-N new_passphrase]
[-P old_passphrase]
ssh-keygen -i [-f input_keyfile] [-m key_format]
ssh-keygen -e [-f input_keyfile] [-m key_format]
ssh-keygen -y [-f input_keyfile]
ssh-keygen -c [-C comment] [-f keyfile] [-P passphrase]
ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]
ssh-keygen -B [-f input_keyfile]
ssh-keygen -D pkcs11
ssh-keygen -F hostname [-lv] [-f known_hosts_file]
ssh-keygen -H [-f known_hosts_file]
ssh-keygen -R hostname [-f known_hosts_file]
ssh-keygen -r hostname [-g] [-f input_keyfile]
ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point]
ssh-keygen -f input_file -T output_file [-v] [-a rounds] [-J num_lines]
[-j start_line] [-K checkpt] [-W generator]
ssh-keygen -I certificate_identity -s ca_key [-hU] [-D pkcs11_provider]
[-n principals] [-O option] [-V validity_interval]
[-z serial_number] file ...
ssh-keygen -L [-f input_keyfile]
ssh-keygen -A [-f prefix_path]
ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number]
file ...
ssh-keygen -Q -f krl_file file ...
ssh-keygen -Y check-novalidate -n namespace -s signature_file
ssh-keygen -Y sign -f key_file -n namespace file ...
ssh-keygen -Y verify -f allowed_signers_file -I signer_identity -n
namespace -s signature_file [-r revocation_file]
DESCRIPTION
ssh-keygen generates, manages and converts authentication keys for
ssh(1). ssh-keygen can create keys for use by SSH protocol version 2.
The type of key to be generated is specified with the -t option. If
invoked without any arguments, ssh-keygen will generate an RSA key.
ssh-keygen is also used to generate groups for use in Diffie-Hellman
group exchange (DH-GEX). See the MODULI GENERATION section for details.
Finally, ssh-keygen can be used to generate and update Key Revocation
Lists, and to test whether given keys have been revoked by one. See the
KEY REVOCATION LISTS section for details.
Normally each user wishing to use SSH with public key authentication runs
this once to create the authentication key in ~/.ssh/id_dsa,
~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 or ~/.ssh/id_rsa. Additionally, the
system administrator may use this to generate host keys, as seen in
/etc/rc.
Normally this program generates the key and asks for a file in which to
store the private key. The public key is stored in a file with the same
name but ``.pub'' appended. The program also asks for a passphrase. The
passphrase may be empty to indicate no passphrase (host keys must have an
empty passphrase), or it may be a string of arbitrary length. A
passphrase is similar to a password, except it can be a phrase with a
series of words, punctuation, numbers, whitespace, or any string of char-
acters you want. Good passphrases are 10-30 characters long, are not
simple sentences or otherwise easily guessable (English prose has only
1-2 bits of entropy per character, and provides very bad passphrases),
and contain a mix of upper and lowercase letters, numbers, and non-
alphanumeric characters. The passphrase can be changed later by using
the -p option.
There is no way to recover a lost passphrase. If the passphrase is lost
or forgotten, a new key must be generated and the corresponding public
key copied to other machines.
ssh-keygen will by default write keys in an OpenSSH-specific format.
This format is preferred as it offers better protection for keys at rest
as well as allowing storage of key comments within the private key file
itself. The key comment may be useful to help identify the key. The
comment is initialized to ``user@host'' when the key is created, but can
be changed using the -c option.
It is still possible for ssh-keygen to write the previously-used PEM for-
mat private keys using the -m flag. This may be used when generating new
keys, and existing new-format keys may be converted using this option in
conjunction with the -p (change passphrase) flag.
After a key is generated, instructions below detail where the keys should
be placed to be activated.
The options are as follows:
-A For each of the key types (rsa, dsa, ecdsa and ed25519) for which
host keys do not exist, generate the host keys with the default
key file path, an empty passphrase, default bits for the key
type, and default comment. If -f has also been specified, its
argument is used as a prefix to the default path for the result-
ing host key files. This is used by /etc/rc to generate new host
keys.
-a rounds
When saving a private key, this option specifies the number of
KDF (key derivation function) rounds used. Higher numbers result
in slower passphrase verification and increased resistance to
brute-force password cracking (should the keys be stolen).
When screening DH-GEX candidates (using the -T command), this
option specifies the number of primality tests to perform.
-B Show the bubblebabble digest of specified private or public key
file
最低0.47元/天 解锁文章
3752
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
