Working with SSH key passphrases
来源:互联网 发布:网络言论自由的优点 编辑:程序博客网 时间:2024/06/05 10:26
This article will walk you through the process of securing your SSH keys and configuring an authentication agent so that you won't have to re-enter your passphrase every time you use your keys.
Why do I need a passphrase?
Passwords aren't very secure. If you use one that's easy to remember, it's also easier to guess or brute-force (try many options until one works). If you use one that's random, it's hard to remember, and thus you're more inclined to write it down. Both of these are Very Bad Things.
This is why you're using SSH keys. Of course, using a key without a passphrase is basically the same as writing down a random password: anyone who gains access to your computer has gained access to every system you use that key with. This is also a Very Bad Thing. The solution is to add a passphrase to the SSH key for an extra layer of security.
But I don't want to enter a long passphrase every time I use the key!
Neither do I! Thankfully, there's a nifty little tool called ssh-agent
that can securely save your passphrase, so you don't have to re-enter it. If you're on OS X Leopard or later your keys can be saved in the system's keychain to make your life even easier. Most Linux installations will automatically start ssh-agent
for you when you log in.
Adding or changing a passphrase
You can change the passphrase for an existing private key without regenerating the keypair. Just type the following command:
ssh-keygen -p# Start the SSH key creation processEnter file in which the key is (/Users/you/.ssh/id_rsa): [Hit enter]Key has comment '/Users/you/.ssh/id_rsa'Enter new passphrase (empty for no passphrase): [Type new passphrase]Enter same passphrase again: [One more time for luck]Your identification has been saved with the new passphrase.
If your key already has a passphrase, you will be prompted to enter it before you can change to a new passphrase.
Auto-launching ssh-agent on Git for Windows
ssh-agent
is a tool that provides a secure way of storing and using your SSH keys.
Tip: If you're using the Git Shell that's installed with GitHub Desktop, you don't need to follow these steps. GitHub Desktop automatically launches the ssh-agent for you.
You can run ssh-agent
automatically when you open bash or Git shell. Copy the following lines and paste them into your ~/.profile
or ~/.bashrc
file in Git shell:
env=~/.ssh/agent.envagent_load_env () { test -f "$env" && . "$env" >| /dev/null ; }agent_start () { (umask 077; ssh-agent >| "$env") . "$env" >| /dev/null ; }agent_load_env# agent_run_state: 0=agent running w/ key; 1=agent w/o key; 2= agent not runningagent_run_state=$(ssh-add -l >| /dev/null 2>&1; echo $?)if [ ! "$SSH_AUTH_SOCK" ] || [ $agent_run_state = 2 ]; then agent_start ssh-addelif [ "$SSH_AUTH_SOCK" ] && [ $agent_run_state = 1 ]; then ssh-addfiunset env
Tip: If your private keys are not stored in ~/.ssh/id_rsa or ~/.ssh/id_dsa, you must add their paths with the ssh-add
command so that your SSH authentication agent knows where to find them. For example:
ssh-add ~/.my_other_ssh/id_rsa
Now, when you first run Git Bash, you are prompted for your passphrase:
Initializing new SSH agent...succeededEnter passphrase for /c/Users/you/.ssh/id_rsa:Identity added: /c/Users/you/.ssh/id_rsa (/c/Users/you/.ssh/id_rsa)Welcome to Git (version 1.6.0.2-preview20080923)>Run 'git help git' to display the help index.Run 'git help ' to display help for specific commands.
The ssh-agent
process will continue to run until you log out, shut down your computer, or kill the process.
If you want ssh-agent
to forget your key after some time, you can configure it to do so by running ssh-add -t <seconds>
.
other problems about ssh : https://help.github.com/categories/ssh/;
- Working with SSH key passphrases
- Working with SSH key passphrases
- Working with non-default SSH key pair paths
- Spark Working with Key/Value Pairs
- git-push with specific SSH key
- OTPs: Using s/Key with SSH via OPIE
- Working with XML nodes
- Working With System Events
- Working with Snort Rules
- Working with XML nodes
- Working with Delegates
- Working with Windows Registry
- Working with EXIF data
- Working with Files
- WORKING WITH SQLite DATABASES
- Working with Kernel Cores
- Working with item renderers
- Working with Querystrings
- Xcode build版本号自动跟随时间变化脚本
- webview javascript 注入方法
- java基础整理-IO流
- 剑指offer第一题
- dp再回顾之思路分析,及小知识点总结
- Working with SSH key passphrases
- Sparse Autoencoder 稀疏自动编码
- 手把手教你我是如何用H5制作工具在微信上宣传我的店铺
- js的初步应用 注册
- php常用函数
- 怎样在Eclipse中使用debug调试程序
- 逗号在算术运算赋值时的应用
- iOS js oc相互调用(JavaScriptCore)(二)
- bootstrap的栅格系统的原理