SSH密钥对 - ssh-keygen
# ed25519 密钥(推荐)
关于 ed25519 与 rsa 的区别,参考:Enhance Security of your SSH Keys with ed25519 Algorithm (opens new window)
ssh-keygen -m PEM -t ed25519 -C "[email protected]"
参数:
-C(comment):为密钥添加注释,通常用于标识密钥的用途或所有者。可以使用邮箱地址、用户名等信息。-f(file) :指定密钥文件的存储路径及名称。默认名称为id_{密钥类型},如id_ed25519、id_ed25519.pub;-f ~/.ssh/my_custom_key
文件位置:
~/.ssh/id_ed25519:私钥~/.ssh/id_ed25519.pub:公钥
# RSA 密钥(弃用)
# 扩展
# GitHub 设置 SSH
默认认为,已经上传公钥等操作
ssh -T [email protected]
# 拉取[email protected]:xxxxx
# ssh -T [email protected]
# git clone [email protected]:xxxxx 注意不是 https://github.com/NipGeihou/xxxx.git
# 指定密钥连接 SSH
方法一:
ssh -i /root/.ssh/id_rsa -T [email protected]
方法二:
vim /root/.ssh/config
Host gitee gitee.com
HostName gitee.com
IdentityFile /root/.ssh/id_rsa2
User root
配置模板:
点击查看
Host myshortname realname.example.com
HostName realname.example.com
IdentityFile ~/.ssh/realname_rsa # private key for realname 这个注释要去掉,否则会报错
User remoteusername
Host myother realname2.example.org
HostName realname2.example.org
IdentityFile ~/.ssh/realname2_rsa # different private key for realname2
User remoteusername
# 复制公钥到服务器
一些服务器默认使用密码登录,对于暴露在公网的这些服务器存在被别人撞库的可能,关闭密码,使用密钥登录显然是更好的选择。
# 本地机器(本机)执行(Windows、macOS)
# 复制公钥的服务器
ssh-copy-id -i ~/.ssh/id_rsa.pub username@your_server_ip
ssh-copy-id -i ~/.ssh/id_ed25519.pub username@your_server_ip
# 测试密钥连接
ssh username@your_server_ip
# 服务器执行(Linux)
# 方法1:编辑修改
sudo nano /etc/ssh/sshd_config
# ---------------
# 禁用密码登录
PasswordAuthentication no
# 开启公钥登录
PubkeyAuthentication yes
# ---------------
# 方法2:替换修改
# 禁用密码登录
sudo sed -i 's/^#PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
# 开启公钥登录
sudo sed -i 's/^#PubkeyAuthentication yes/PubkeyAuthentication yes/' /etc/ssh/sshd_config
# ----------------
# 重启ssh服务
sudo systemctl restart ssh
# or
sudo systemctl restart sshd
# 检查SSH登录记录
less /var/log/secure | grep 'Accepted'
grep "sshd" /var/log/auth.log
上次更新: 2024/11/27, 12:04:53