git的ssh配置和使用

Posted on by loong

一、秘钥生成

我是在Windows的gitbase里面操作的。
生成秘钥:
$ ssh-keygen -t rsa -f sample
t 为密码类型
f 为生成的秘钥文件名称
回车键后会让你输入密码,你可以不输,直接按回车到下一步。
ssh-keygen -t rsa -C "your_email@youremail.com"
有些为了方便识别,会以自己的邮箱做标记。
这个是命令输入去执行的结果:

$ ssh-keygen -t rsa -f sample
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in sample.
Your public key has been saved in sample.pub.
The key fingerprint is:
SHA256:d1TDf+SYS8BADB4MvGO3yXvdIy6IJsMgncOBSsO4BqE admin@DESKTOP
The key's randomart image is:
+---[RSA 2048]----+
|     ..oo+oo .o  |
|.     ..... o....|
|+o     ..   .. * |
|E+.   + .  .  + +|
|++.o . +So. .. ..|
|+.*     +. .  .  |
|.. +   . o . .   |
|    + o o o o o  |
|     +   . o.. . |
+----[SHA256]-----+

在电脑C:\Users\yourname.ssh会生成对应的私钥和公钥。外来的私钥也可以放这里。
如果你没加名称会生成默认名字:id_rsa和id_rsa.pub。id_rsa为私钥,id_rsa.pub为公钥。打开它,里面是一段字符。
在本例里会生成sample_rsa和sample.pub
$ cd ~/.ssh
进入文件夹可以查看

私钥保存在您的电脑上,公钥交添加到服务器上。
用户必须拥有与服务器公钥所配对的私钥,才能访问服务器上的代码库。
下面罗列的是ssh-keygen的各个参数的作用

usage: ssh-keygen [options]
Options:
  -A          Generate non-existent host keys for all key types.
  -a number   Number of KDF rounds for new key format or moduli primality tests.
  -B          Show bubblebabble digest of key file.
  -b bits     Number of bits in the key to create.
  -C comment  Provide new comment.
  -c          Change comment in private and public key files.
  -D pkcs11   Download public key from pkcs11 token.
  -e          Export OpenSSH to foreign format key file.
  -F hostname Find hostname in known hosts file.
  -f filename Filename of the key file.
  -G file     Generate candidates for DH-GEX moduli.
  -g          Use generic DNS resource record format.
  -H          Hash names in known_hosts file.
  -h          Generate host certificate instead of a user certificate.
  -I key_id   Key identifier to include in certificate.
  -i          Import foreign format to OpenSSH key file.
  -J number   Screen this number of moduli lines.
  -j number   Start screening moduli at specified line.
  -K checkpt  Write checkpoints to this file.
  -k          Generate a KRL file.
  -L          Print the contents of a certificate.
  -l          Show fingerprint of key file.
  -M memory   Amount of memory (MB) to use for generating DH-GEX moduli.
  -m key_fmt  Conversion format for -e/-i (PEM|PKCS8|RFC4716).
  -N phrase   Provide new passphrase.
  -n name,... User/host principal names to include in certificate
  -O option   Specify a certificate option.
  -o          Enforce new private key format.
  -P phrase   Provide old passphrase.
  -p          Change passphrase of private key file.
  -Q          Test whether key(s) are revoked in KRL.
  -q          Quiet.
  -R hostname Remove host from known_hosts file.
  -r hostname Print DNS resource record.
  -S start    Start point (hex) for generating DH-GEX moduli.
  -s ca_key   Certify keys with CA key.
  -T file     Screen candidates for DH-GEX moduli.
  -t type     Specify type of key to create.
  -u          Update KRL rather than creating a new one.
  -V from:to  Specify certificate validity interval.
  -v          Verbose.
  -W gen      Generator to use for generating DH-GEX moduli.
  -y          Read private key file and print public key.
  -Z cipher   Specify a cipher for new private key format.
  -z serial   Specify a serial number.

二、放秘钥到服务器上

1.GitHub服务器

路径:settings——SSH and GPS keys里面new一个ssh key
把对应的公钥(sample.pub)放上去(把文件里的字符复制进去)。
GitHub_ssh
这时,你已经可以用ssh获取别人的项目代码了
获取源码:
$ git clone git@github.com:username/gitproj.git

2.配置git服务器

其实就是放了一个远程仓在服务器上。
ubuntu上安装git

 sudo apt-get install git

centos上安装git

yum install -y git

创建用户git

adduser git

我用的是centos
进入git用户

su git

创建秘钥

 ssh-keygen -t rsa -f ~/.ssh/aliyun

私钥自行保存。

创建authorized_keys文件保存公钥

mkdir .ssh
chmod 700 ~/.ssh
touch ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
cat ~/.ssh/aliyun.pub >> ~/.ssh/authorized_keys

出于安全考虑,创建的git用户不允许登录shell,这可以通过编辑/etc/passwd文件完成。找到类似下面的一行:

git:x:1000:1000::/home/git:/bin/bash

改为

git:x:1000:1000::/home/git:/usr/bin/git-shell

测试

 mkdir ~/gitrepo
 cd ~/gitrepo
 git init --bare sample.git
 ##把仓库所属用户改为git
 chown -R git:git sample.git

pc端上
配置pc端的私钥,放在~/.ssh文件夹下面,如有需要可以再配置一个config文件同样放在~/.ssh文件夹下面,config文件配置见下文。

客户端验证

  git clone git@aliyun-git:gitrepo/sample.git
  cd sample
  touch a.txt
  git add a.txt
  git commit -m "init commit" 
  git push origin master

这里aliyun-get是域名,更多详细请看下面的config配置。执行到这一步基本ok了。

3.多服务器ssh

如果有多台服务器上怎么分别对应不同秘钥呢?你需要配置一个config文件在~/.ssh里面
里面写有各个服务器的配置清单。
~/.ssh/config

Host github.com
  HostName        github.com
  User            git
  IdentityFile    ~/.ssh/id_rsa_github

host aliyun-git
  port 22
  compression yes
  hostname 192.168.1.120
  user git
  identityfile ~/.ssh/aliyun

发表回复

您的电子邮箱地址不会被公开。

粤ICP备17041560号-2