git的ssh配置和使用

一、秘钥生成

我是在Windows的gitbase里面操作的。

生成秘钥：

$ ssh-keygen -t rsa -f sample

t 为密码类型

f 为生成的秘钥文件名称

回车键后会让你输入密码，你可以不输，直接按回车到下一步。

ssh-keygen -t rsa -C “your_email@youremail.com”

有些为了方便识别，会以自己的邮箱做标记。

这个是命令输入去执行的结果：

$ ssh-keygen -t rsa -f sample
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in sample.
Your public key has been saved in sample.pub.
The key fingerprint is:
SHA256:d1TDf+SYS8BADB4MvGO3yXvdIy6IJsMgncOBSsO4BqE admin@DESKTOP
The key's randomart image is:
+---[RSA 2048]----+
|     ..oo+oo .o  |
|.     ..... o....|
|+o     ..   .. * |
|E+.   + .  .  + +|
|++.o . +So. .. ..|
|+.*     +. .  .  |
|.. +   . o . .   |
|    + o o o o o  |
|     +   . o.. . |
+----[SHA256]-----+

在电脑C:\Users\yourname.ssh会生成对应的私钥和公钥。外来的私钥也可以放这里。

如果你没加名称会生成默认名字：id_rsa和id_rsa.pub。id_rsa为私钥，id_rsa.pub为公钥。打开它，里面是一段字符。

在本例里会生成sample_rsa和sample.pub

$ cd ~/.ssh

进入文件夹可以查看

私钥保存在您的电脑上，公钥交添加到服务器上。

用户必须拥有与服务器公钥所配对的私钥，才能访问服务器上的代码库。

下面罗列的是ssh-keygen的各个参数的作用

usage: ssh-keygen [options]
Options:
-A          Generate non-existent host keys for all key types.
-a number   Number of KDF rounds for new key format or moduli primality tests.
-B          Show bubblebabble digest of key file.
-b bits     Number of bits in the key to create.
-C comment  Provide new comment.
-c          Change comment in private and public key files.
-D pkcs11   Download public key from pkcs11 token.
-e          Export OpenSSH to foreign format key file.
-F hostname Find hostname in known hosts file.
-f filename Filename of the key file.
-G file     Generate candidates for DH-GEX moduli.
-g          Use generic DNS resource record format.
-H          Hash names in known_hosts file.
-h          Generate host certificate instead of a user certificate.
-I key_id   Key identifier to include in certificate.
-i          Import foreign format to OpenSSH key file.
-J number   Screen this number of moduli lines.
-j number   Start screening moduli at specified line.
-K checkpt  Write checkpoints to this file.
-k          Generate a KRL file.
-L          Print the contents of a certificate.
-l          Show fingerprint of key file.
-M memory   Amount of memory (MB) to use for generating DH-GEX moduli.
-m key_fmt  Conversion format for -e/-i (PEM|PKCS8|RFC4716).
-N phrase   Provide new passphrase.
-n name,... User/host principal names to include in certificate
-O option   Specify a certificate option.
-o          Enforce new private key format.
-P phrase   Provide old passphrase.
-p          Change passphrase of private key file.
-Q          Test whether key(s) are revoked in KRL.
-q          Quiet.
-R hostname Remove host from known_hosts file.
-r hostname Print DNS resource record.
-S start    Start point (hex) for generating DH-GEX moduli.
-s ca_key   Certify keys with CA key.
-T file     Screen candidates for DH-GEX moduli.
-t type     Specify type of key to create.
-u          Update KRL rather than creating a new one.
-V from:to  Specify certificate validity interval.
-v          Verbose.
-W gen      Generator to use for generating DH-GEX moduli.
-y          Read private key file and print public key.
-Z cipher   Specify a cipher for new private key format.
-z serial   Specify a serial number.

二、放秘钥到服务器上

1.GitHub服务器

路径：settings——SSH and GPS keys里面new一个ssh key

把对应的公钥（sample.pub）放上去（把文件里的字符复制进去）。



这时，你已经可以用ssh获取别人的项目代码了

获取源码：

$ git clone git@github.com:username/gitproj.git

2.配置git服务器

其实就是放了一个远程仓在服务器上。

ubuntu上安装git

sudo apt-get install git

centos上安装git

yum install -y git

创建用户git

adduser git

我这里用的是centos

进入git用户

su git

创建秘钥

ssh-keygen -t rsa -f ~/.ssh/aliyun

私钥自行保存。

创建authorized_keys文件保存公钥

mkdir .ssh
chmod 700 ~/.ssh
touch ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
cat ~/.ssh/aliyun.pub >> ~/.ssh/authorized_keys

出于安全考虑，创建的git用户不允许登录shell，这可以通过编辑/etc/passwd文件完成。找到类似下面的一行：

git:x:1000:1000::/home/git:/bin/bash

改为

git:x:1000:1000::/home/git:/usr/bin/git-shell

测试

mkdir ~/gitrepo
cd ~/gitrepo
git init --bare sample.git
##把仓库所属用户改为git
chown -R git:git sample.git

pc端上

配置pc端的私钥，放在~/.ssh文件夹下面，如有需要可以再配置一个config文件同样放在~/.ssh文件夹下面，config文件配置见下文。

客户端验证

git clone git@aliyun-git:gitrepo/sample.git
cd sample
touch a.txt
git add a.txt
git commit -m "init commit"
git push origin master

这里aliyun-get是域名，更多详细请看下面的config配置。执行到这一步基本ok了。

3.多服务器ssh

如果有多台服务器上怎么分别对应不同秘钥呢？你需要配置一个config文件在~/.ssh里面

里面写有各个服务器的配置清单。

~/.ssh/config

Host github.com
HostName        github.com
User            git
IdentityFile    ~/.ssh/id_rsa_github

host aliyun-git
port 22
compression yes
hostname 192.168.1.120
user git
identityfile ~/.ssh/aliyun