02月28, 2017

创建独立密钥对连接 Github

首先使用 ssh-keygen 创建密钥对,启用一个代理进程 ssh-agent 用于保管私钥,让其代理完成SSH链接的验证过程,其可同时管理多个私钥,然后使用 ssh-add -K 添加私钥到代理进程的私钥链中,-K 参数要求将私钥的验证密码也存到代理的私钥链中,代理SSH校验时自动使用,将公钥部分内容添加到 Github 的 SSH Keys 列表,最后使用 ssh -T 测试连接是否可用。

Step 1: 创建密钥对

$ ssh-keygen -t rsa -b 4096 -f github_rsa -C "xlangersir@gmail.com"
$ ls ~/.ssh
github_rsa     github_rsa.pub     known_hosts

Step 2: 配置ssh到GitHub时使用私钥 github_rsa

$ cat << EOF > ~/.ssh/config
heredoc> # Default GitHub
Host github.com
    HostName github.com
    PreferredAuthentications publickey
    IdentityFile ~/.ssh/github_rsa
heredoc> EOF

Step 3: 把密钥添加到代理 ssh-agent

$ eval $(ssh-agent -s) # 在后台启用
Agent pid 46600
$ ssh-add -l # 列出agent中已添加的密钥的指纹
2048 SHA256:qENxrZtlC6yxUIE0A8lFKvOhfhVkI1HECqBy9o04HQw github_rsa (RSA)
$ ssh-add -K ~/.ssh/github_rsa # 没有则添加私钥到列表

Step 4: 将公钥 github_rsa.pub 添加到Github的SSH Keys列表中

$ pbcopy < ~/.ssh/github_rsa.pub # MacOS复制到粘贴板
$ sudo apt-get install xclip
$ xclip -sel clip < ~/.ssh/github_rsa.pub  # Linux复制到粘贴板

Step 5: 测试连接到Github

$ ssh -T git@github.com
Hi xlanger! You've successfully authenticated, but GitHub does not provide shell access.

Github Help Connecting to GitHub with SSH

Atlassian Doc Configure multiple SSH identities for GitBash, Mac OSX, & Linux

帮助信息

$ ssh-keygen --help
ssh-keygen: illegal option -- -
usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1]
                  [-N new_passphrase] [-C comment] [-f output_keyfile]
       ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]
       ssh-keygen -i [-m key_format] [-f input_keyfile]
       ssh-keygen -e [-m key_format] [-f input_keyfile]
       ssh-keygen -y [-f input_keyfile]
       ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]
       ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]
       ssh-keygen -B [-f input_keyfile]
       ssh-keygen -D pkcs11
       ssh-keygen -F hostname [-f known_hosts_file] [-l]
       ssh-keygen -H [-f known_hosts_file]
       ssh-keygen -R hostname [-f known_hosts_file]
       ssh-keygen -r hostname [-f input_keyfile] [-g]
       ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point]
       ssh-keygen -T output_file -f input_file [-v] [-a rounds] [-J num_lines]
                  [-j start_line] [-K checkpt] [-W generator]
       ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals]
                  [-O option] [-V validity_interval] [-z serial_number] file ...
       ssh-keygen -L [-f input_keyfile]
       ssh-keygen -A
       ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number]
                  file ...
       ssh-keygen -Q -f krl_file file ...
$ ssh-add --help
ssh-add: illegal option -- -
usage: ssh-add [options] [file ...]
Options:
  -l          List fingerprints of all identities. # 列出所有身份密钥的哈希指纹
  -E hash     Specify hash algorithm used for fingerprints.
  -L          List public key parameters of all identities. # 列出所有身份密钥的公钥内容
  -k          Load only keys and not certificates.
  -c          Require confirmation to sign using identities
  -t life     Set lifetime (in seconds) when adding identities.
  -d          Delete identity.
  -D          Delete all identities.
  -x          Lock agent.
  -X          Unlock agent.
  -s pkcs11   Add keys from PKCS#11 provider.
  -e pkcs11   Remove keys provided by PKCS#11 provider.
  -A          Add all identities stored in your keychain.
  -K          Store passphrases in your keychain. # 在添加到代理(ssh-agent)中的私钥链中保存
              With -d, remove passphrases from your keychain.

本文链接:https://xlange.com/post/connecting-to-github-with-ssh

-- EOF --

Comments

?