Linux 配置 SSH 密钥

最新推荐文章于 2025-02-20 15:15:52 发布

s_fox_

最新推荐文章于 2025-02-20 15:15:52 发布

阅读量1.2k

点赞数 9

文章标签： linux ssh

本文链接：https://blog.youkuaiyun.com/as34233/article/details/144051096

版权

Linux 配置 SSH 密钥

一、SSH 密钥生成

我们gitlab、gitee、github 上拉取代码是需要凭证的，比如用户名密码或SSH密钥验证。这边采用的密钥验证方式，所以需要配置密钥的凭证才能去gitlab、gitee、github上拉取对应代码

生成 ssh 密钥对

ssh 密钥对目录一般位于 /root/.ssh 路径下，xxx.pub 是公钥，另一个就是私钥

[root@linux-1 ~]# ssh-keygen -t rsa -C "fox@qq.com"

# 不设置密码直接回车即可,默认生成在 /root/.ssh 目录下
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in cd.
Your public key has been saved in cd.pub.
The key fingerprint is:
SHA256:Yl+q1s11klGCqln/8hJaFYMMhmNuTf3YgKvuGaH9IMw fox@qq.com
The key's randomart image is:
+---[RSA 2048]----+
|       .o= o     |
|      +.o * + .  |
|     o + o = =   |
|      o = . =    |
|     .+=S... o   |
|   o +++ o+ + .  |
|    E.+.o= + o   |
|     .o*o = .    |
|     o+ .  +.    |
+----[SHA256]-----+

# 查看生成的ssh密钥对
[root@linux-1 ~]# cd /root/.ssh
[root@linux-1 .ssh]# ls
authorized_keys  id_rsa  id_rsa.pub


# id_rsa 是ssh 私钥
# id_rsa.pub 是ssh 公钥

# 其他命令参数
====================================================

#1. -t xxx 指定生成的密钥类型

# 生成不同类型的密钥，如 DSA、ECDSA 或 Ed25519。
[root@linux-1 ~]# ssh-keygen -t dsa 
[root@linux-1 ~]# ssh-keygen -t ecdsa
[root@linux-1 ~]# ssh-keygen -t ed25519

#2. -b 4096 指定密钥的位数为4096位, 比默认的2048位更安全 
[root@linux-1 ~]# ssh-keygen -t rsa -b 4096


#3. -f /root/keys/my_rsa 指定密码的生成路径
[root@linux-1 ~]# ssh-keygen -t rsa -f /root/keys/my_rsa
[root@linux-1 keys]# pwd
/root/keys
[root@linux-1 keys]# ls
my_rsa  my_rsa.pub


#4. -C 添加注释, 会在ssh公钥中添加注释
[root@linux-1 keys]# ssh-keygen -t rsa -f test_rsa -C "test-rsa"
[root@linux-1 keys]# ls
test_rsa  test_rsa.pub
[root@linux-1 keys]# cat test_rsa.pub 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCr4/iDcOTzqhiFfvc7D9NW4bPL7QTig57CIxBj1gQhBAAeLMR918H4llXnCeuEjrHMsTxYcwVRb52oBQTUo9j8Rn9NwlU+aHwv6QWvykMiZsvIp653m2oPCzZs/cfNpDljzgiW3Yp3aiFA4J2DjfS2HoNVyV9nOsGIm5LZYXQ9eQtpKvm5Ve6MnfKzP25tZfvUxjINcXJOBSHAdqf/ZyxIEpfTx7PDdsw6B5Zhpj+3idxMuWhtfhx6cZHVWiiYpWk4+L+wAl/hCAVp52Xl682XeQbDFUe/IaFlLIz0fQWgcdq1qHq50L5PLv0ZrCJadSdpfZucxJWvdS11zno6zBwZ test-rsa


#5. -lvf 查询密钥长度、类型
[root@iZbp1dfulgjy4kd3ev4y7bZ .ssh]# ssh-keygen -lvf git_rsa
4096 SHA256:bpFpNtCUwiHUl4/rUNq8H50lHzgxXHvIR2bksqwhTZQ fox@qq.com (RSA)
+---[RSA 4096]----+
|   .oo...o  ....=|
|     .+o+  oEo B |
|      .o.o  = = +|
|       .oo.o = = |
|       =S.. * =  |
|      o++o o O . |
|       oo.. + .  |
|       .o  .     |
|         ..      |
+----[SHA256]-----+

二、SSH 异常问题

1.拉取git失败

配置生成ssh密钥之后，并将 pub 公钥添加到，gitHub、gitLab 上

拉取git项目失败

[root@linux-1 .ssh]# git clone ssh://git@xx.xx.xx.72:51515/test/test-new-iov-auth.git
Cloning into 'test-new-iov-auth'...
warning: templates not found in /usr/local/git3/share/git-core/templates
The authenticity of host '[xx.xx.xx.72]:51515 ([xx.xx.xx.72]:51515)' can't be established.
ECDSA key fingerprint is SHA256:B25ARfsSfNcFaYkXE70UcM8ke4ePLmGLhuhbi5eXByY.
ECDSA key fingerprint is MD5:b2:07:8c:0e:91:17:01:43:c0:17:44:91:43:f9:5d:fe.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[xx.xx.xx.72]:51515' (ECDSA) to the list of known hosts.
git@xx.xx.xx.72's password: 
Permission denied, please try again.
git@xx.xx.xx.72's password: 
Permission denied, please try again.
git@xx.xx.xx.72's password: 
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.

解决办法

执行命令 ssh-add ~/.ssh/私钥

[root@linux-1 .ssh]# ssh-add ~/.ssh/git_id_rsa
Could not open a connection to your authentication agent.

执行 ssh-agent bash

[root@linux-1 .ssh]# ssh-agent bash
[root@linux-1 .ssh]# 
# 没有输出表示执行成功

重新执行 ssh-add ~/.ssh/私钥

[root@linux-1 .ssh]# ssh-add ~/.ssh/git_id_rsa
Identity added: /root/.ssh/git_id_rsa ('xxxx')
# 表示执行成功

2.ssh密钥权限问题

添加ssh 私钥时，出现权限问题

[root@linux-1 .ssh]# ssh-add ~/.ssh/git_id_rsa
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/root/.ssh/git_id_rsa' are too open.
It is required that your private key files are NOT accessible by others.
This private key will be ignored.

修改访问权限

[root@linux-1 .ssh]# chmod 600 /root/.ssh/git_id_rsa