Git 多SSH密钥简易配置教程
梁浩涆
前言
当我们想要在一台电脑中,给不同的域名配置不同的ssh密钥,也就是说一台电脑中存在多个密钥,可以通过ssh config来配置。
- 这里仅仅介绍Unix系列的文档,Windows不在此列。
准备知识
默认配置
在电脑中,会有一份默认的配置,我们可以先从默认配置来学习。
先查看下文件的内容:cat /etc/ssh/ssh_config,文件内容如下:
➜ .ssh cat /etc/ssh/ssh_config
# $OpenBSD: ssh_config,v 1.34 2019/02/04 02:39:42 dtucker Exp $
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for some commonly used options. For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
# Host *
# ForwardAgent no
# ForwardX11 no
# PasswordAuthentication yes
# HostbasedAuthentication no
# GSSAPIAuthentication no
# GSSAPIDelegateCredentials no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# IdentityFile ~/.ssh/id_ecdsa
# IdentityFile ~/.ssh/id_ed25519
# Port 22
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
# VisualHostKey no
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
Host *
SendEnv LANG LC_*
参数说明
在上述文件中,想必大家也注意到了部分参数(%h、%p),这里简单介绍下。
| 参数 | 说明 |
|---|---|
| %d | 本地用户目录 |
| %u | 本地用户 |
| %l | 本地主机名 |
| %h | 远程主机名 |
| %r | 远程用户名 |
其他配置
| 配置 | Value | 说明 |
|---|---|---|
| Host | 域名 | |
| User | 用户名 | |
| IdentityFile | SSH Key路径 | |
| IdentitiesOnly | yes / no | 只使用这里设置的key, 防止使用默认的 |
| ServerAliveInterval | 60 | 连接保持时间 |
| ControlMaster | auto | 不用重新登录 |
常见SSH命令
生成类命令
| 命令 | 说明 |
|---|---|
| ssh-keygen -t rsa -C “your_email@example.com” | 生成密钥, 默认文件名为id_rsa |
| ssh-keygen -t rsa -C “your_email@example.com” -f ~/.ssh/second | 多个key的情况,second为文件名称 |
添加密钥类命令
| 命令 | 说明 |
|---|---|
| ssh-add -K ~/.ssh/id_rsa_github | 保存密钥 |
| ssh-add -l | 当前已添加的密钥 |
| ssh-add -D | 删除所有密钥 |
| ssh-add ~/.ssh/id_rsa_github | 添加密钥 |
测试验证类命令
| 命令 | 说明 |
|---|---|
| ssh -T git@github.com | 连接测试 |
Git配置命令
| 命令 | 说明 |
|---|---|
| git config --global user.name "User name" git config --global user.email user@example.com | 配置全局用户名和全局邮箱 |
| git config --local user.name "User name" git config --local user.email user@example.com | 问git仓库单独配置局部用户名和局部邮箱 |
配置流程
详细配置流程
创建config文件
cd ~/.sshtouch configvim config
填充配置文件
这里先给大家看下我的配置:
# gitlab
Host gitlab
HostName gitlab.*.com
User Serendipity
# 密钥
IdentityFile "~/.ssh/id_rsa"
# 仅使用该密钥
IdentitiesOnly yes
PasswordAuthentication yes
KexAlgorithms +diffie-hellman-group1-sha1
# github
Host github.com
# HostName ssh.github.com
# Port 443
HostName github.com
# 用户名
User Notzuonotdied
# 密钥
IdentityFile "~/.ssh/id_rsa_github"
# 仅使用该密钥
IdentitiesOnly yes
AddKeysToAgent yes
# UseKeychain yes
ServerAliveInterval 20
PasswordAuthentication yes
PreferredAuthentications publickey
在我的cofig文件中,主要配置了两个密钥。一个是gitlab,一个是github的。
这么配置的原因有几个:
- 用户名不一致
- 密钥不一致
- 部分规则不一致
至于其他用途,O(∩_∩)O,你自己想~
Host说明
- Host可以配置通配符*,该规则写在最后,用来匹配前面没有匹配上的别名。
*代表0~n个非空白字符?代表一个非空白字符!表示例外通配。
测试验证
ssh -vT git@github.comssh -vT git@gitlab.com
贴下验证结果:
➜ .ssh ssh -vT git@github.com
OpenSSH_8.1p1, LibreSSL 2.7.3
debug1: Reading configuration data /Users/xxx/.ssh/config
debug1: /Users/xxx/.ssh/config line 40: Applying options for github.com
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 47: Applying options for *
debug1: Connecting to github.com port 22.
debug1: Connection established.
debug1: identity file /Users/xxx/.ssh/id_rsa_github type 0
debug1: identity file /Users/xxx/.ssh/id_rsa_github-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.1
debug1: Remote protocol version 2.0, remote software version babeld-1e9083a5
debug1: no match: babeld-1e9083a5
debug1: Authenticating to github.com:22 as 'git'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: rsa-sha2-512
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ssh-rsa SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8
debug1: Host 'github.com' is known and matches the RSA host key.
debug1: Found key in /Users/xxx/.ssh/known_hosts:6
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /Users/xxx/.ssh/id_rsa_github RSA SHA256:...... explicit agent
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /Users/xxx/.ssh/id_rsa_github RSA SHA256:...... explicit agent
debug1: Server accepts key: /Users/xxx/.ssh/id_rsa_github RSA SHA256:...... explicit agent
debug1: Authentication succeeded (publickey).
Authenticated to github.com ([xx.xx.xxx.xxx]:22).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: network
debug1: Sending environment.
debug1: Sending env LC_TERMINAL_VERSION = 3.3.12
debug1: Sending env LC_CTYPE = UTF-8
debug1: Sending env LC_TERMINAL = iTerm2
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
Hi xxx! You've successfully authenticated, but GitHub does not provide shell access.
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 2788, received 2476 bytes, in 1.0 seconds
Bytes per second: sent 2832.1, received 2515.2
debug1: Exit status 1
常见问题修复
这里将遇到的一些问题记录在这里,有需要可以看看。
Connection timed out
Solution for ‘ssh: connect to host github.com port 22: Connection timed out’ error
$ git clone git@github.com:xxxxx/xxxx.git my-awesome-proj
Cloning into 'my-awesome-proj'...
ssh: connect to host github.com port 22: Connection timed out
fatal: Could not read from remote repository.
$ # This should also timeout
$ ssh -T git@github.com
ssh: connect to host github.com port 22: Connection timed out
$ # but this might work
$ ssh -T -p 443 git@ssh.github.com
Hi xxxx! You've successfully authenticated, but GitHub does not provide shell access.
$ # Override SSH settings
$ vim ~/.ssh/config
```
# Add section below to it
Host github.com
Hostname ssh.github.com
Port 443
```
$ ssh -T git@github.com
Hi xxxxx! You've successfully authenticated, but GitHub does not
provide shell access.
$ git clone git@github.com:xxxxxx/xxxxx.git my-awesome-proj
Cloning into 'my-awesome-proj'...
remote: Enumerating objects: 15, done.
remote: Counting objects: 100% (15/15), done.
remote: Compressing objects: 100% (14/14), done.
remote: Total 15 (delta 0), reused 15 (delta 0), pack-reused 0
Receiving objects: 100% (15/15), 22.90 KiB | 4.58 MiB/s, done.
附录
类似资料: