git通过SSH指定秘钥文件克隆代码的三种方法

github官方操作文档：Generating a new SSH key and adding it to the ssh-agent - GitHub Docs

操作流程如下

1.生成一个新的ssh文件（your_email@example.com 替换为自己的邮箱）

ssh-keygen -t ed25519 -C "your_email@example.com"

# 如果系统不支持 Ed25519  算法，可以使用下面方法创建
# ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

# 如果需要给秘钥设置密码，也可以在这两步的时候，设置密码
> Enter passphrase (empty for no passphrase): [Type a passphrase]
> Enter same passphrase again: [Type passphrase again]

2.添加公钥到github

复制公钥内容到剪贴板

打开浏览器，登录github.com ,右上角，点击settings

 找到 SSH and GPG keys ,点击进入

 点击添加

 

 测试权限是否正常，能否通过ssh访问git

ssh -T git@github.com

 a.访问成功如下：

b.访问失败如下：

 访问失败，需要检查公钥文件是否添加到github

其他机器通过指定秘钥文件访问【方式一】 

 1.创建目录，并拷贝秘钥文件该目录下，并修改为0600权限

mkdir -pv ~/.ssh_git

# 将私钥文件拷贝到该目录，并修改权限
chmod 0600 -R ~/.ssh_git

2.启动ssh-agent代理，并添加私钥，然后进行测试

eval "$(ssh-agent -s)"
ssh-add ~/.ssh_git/id_ed25519
ssh -T git@github.com

当ssh-agent进程结束时，将失去访问权限，若想继续访问，还需要重新执行操作

 

 重新添加私有执行

 其他机器通过指定秘钥文件访问【方式二】 

通过 .gitconfig 配置文件进行配置，该配置针对git命令

core.sshCommand

If this variable is set, git fetch and git push will use the specified command instead of ssh when they need to connect to a remote system. The command is in the same form as the GIT_SSH_COMMAND environment variable and is overridden when the environment variable is set.

git config --global core.sshCommand 'ssh -i ~/.ssh_git/id_ed25519 -p 22'

该操作会在用户家目录自动生成.gitconfig配置文件,内容如下

测试，需要指定克隆私有仓库进行测试，下图表示测试成功

 其他机器通过指定秘钥文件访问【方式三】 

通过 GIT_SSH_COMMAND 环境变量实现访问

 $GIT_SSH_COMMAND takes precedence over $GIT_SSH, and is interpreted by the shell, which allows additional arguments to be included. $GIT_SSH on the other hand must be just the path to a program (which can be a wrapper shell script, if additional arguments are needed).

export GIT_SSH_COMMAND="ssh -i ~/.ssh_git/id_ed25519 -p 22"

注意：GIT_SSH_COMMAND  的优先权大于 GIT_SSH

通过 GIT_SSH 环境变量实现访问

官方文档：Git - git Documentation

      GIT_SSH, if specified, is a program that is invoked instead of ssh when Git tries to connect to an SSH host. It is invoked like $GIT_SSH [username@]host [-p <port>] <command>. Note that this isn’t the easiest way to customize how ssh is invoked; it won’t support extra command-line parameters, so you’d have to write a wrapper script and set GIT_SSH to point to it. It’s probably easier just to use the ~/.ssh/config file for that.

 大概意思指定了 GIT_SSH ,则当git通过ssh连接主机是，调用GIT_SSH设置的脚本来替换默认的ssh命令

1.创建一个文件，内容如下 ~/.ssh_git/ssh-git.sh

vim ~/.ssh_git/ssh-git.sh

#!/bin/bash
if [ -z "$PKEY" ]; then
        # if PKEY is not specified, run ssh using default keyfile
        ssh "$@"
else
        ssh -i "$PKEY" -p 22 "$@"
fi

2.添加可执行权限

chmod a+x ~/.ssh_git/ssh-git.sh

3.通过添加私有方式进行访问

export GIT_SSH=~/.ssh_git/ssh-git.sh
PKEY=~/.ssh_git/id_ed25519 git clone git@github.com:nineaiyu/scorems.git

 4.整理上面操作步骤，可总结一个脚本git.sh，内容如下：

#!/bin/bash
# 

if [ $# -eq 0 ]; then
    echo "git.sh -i ssh-key-file git-command"
    exit 1
fi

git_ssh_tmp=~/.git_ssh.tmp

trap "rm -f ${git_ssh_tmp}" 0

if [ "$1" = "-i" ]; then
    SSH_KEY=$2
    shift
    shift
    echo "ssh -i $SSH_KEY -p 22 \$@" > ${git_ssh_tmp}
    chmod +x ${git_ssh_tmp}
    export GIT_SSH=${git_ssh_tmp}
fi

[ "$1" = "git" ] && shift

git "$@"

执行操作如下：

chmod a+x git.sh
./git.sh -i ~/.ssh_git/id_ed25519  clone git@github.com:nineaiyu/scorems.git