Working with SSH key passphrases
来源:互联网 发布:公知带路党上台。 编辑:程序博客网 时间:2024/05/16 01:06
[https://help.github.com/articles/working-with-ssh-key-passphrases/]
Working with SSH key passphrases
This article will walk you through the process of securing your SSH keys and configuring an authentication agent so that you won't have to re-enter your passphrase every time you use your keys.
Why do I need a passphrase?
Passwords aren't very secure. If you use one that's easy to remember, it's also easier to guess or brute-force (try many options until one works). If you use one that's random, it's hard to remember, and thus you're more inclined to write it down. Both of these are Very Bad Things.
This is why you're using SSH keys. Of course, using a key without a passphrase is basically the same as writing down a random password: anyone who gains access to your computer has gained access to every system you use that key with. This is also a Very Bad Thing. The solution is to add a passphrase to the SSH key for an extra layer of security.
But I don't want to enter a long passphrase every time I use the key!
Neither do I! Thankfully, there's a nifty little tool called ssh-agent
that can securely save your passphrase, so you don't have to re-enter it. If you're on OS X Leopard or later your keys can be saved in the system's keychain to make your life even easier. Most Linux installations will automatically start ssh-agent
for you when you log in.
Adding or changing a passphrase
You can change the passphrase for an existing private key without regenerating the keypair. Just type the following command:
ssh-keygen -p# Start the SSH key creation processEnter file in which the key is (/Users/you/.ssh/id_rsa): [Hit enter]Key has comment '/Users/you/.ssh/id_rsa'Enter new passphrase (empty for no passphrase): [Type new passphrase]Enter same passphrase again: [One more time for luck]Your identification has been saved with the new passphrase.
If your key already has a passphrase, you will be prompted to enter it before you can change to a new passphrase.
OS X Keychain
If you are on OS X Leopard or later, ssh-agent
runs automatically for you. It will also integrate with the keychain, so you can unlock your keys with it. This has some major advantages over a command-line based setup: for example, it protects your input from being copied or spied upon by universal access or low-level keyboard routines.
The default private key files (.ssh/id_rsa
, .ssh/id_dsa
, and .ssh/identity
) should be handled automatically. If you have a private key with a different name, you can add it by typing ssh-add -k path/to/my_key
.
Tip: Make sure you're using the default OS X ssh-add
command, and not one installed by macports, homebrew, or some other external source.
When you first try to use the key, you are prompted to enter your passphrase:
If you choose to save the passphrase with your keychain, you won't have to enter it again. Instead you'll simply need to unlock your keychain.
This section was written with help from this guide. If you would like to use more paranoid keychain settings like locking after sleep, check out this guide.
- Working with SSH key passphrases
- Working with SSH key passphrases
- Working with non-default SSH key pair paths
- Spark Working with Key/Value Pairs
- git-push with specific SSH key
- OTPs: Using s/Key with SSH via OPIE
- Working with XML nodes
- Working With System Events
- Working with Snort Rules
- Working with XML nodes
- Working with Delegates
- Working with Windows Registry
- Working with EXIF data
- Working with Files
- WORKING WITH SQLite DATABASES
- Working with Kernel Cores
- Working with item renderers
- Working with Querystrings
- 在Windows下用C扩展PHP(打包成dll)的方法
- 图侦在公安破案中起到什么样的作用
- JQUERY TIPS
- jsp图片上传到数据库里面之后,不能直接在页面上显示,而是提示下载
- jieba.NET是jieba中文分词的.NET版本(C#实现)。
- Working with SSH key passphrases
- delete from smon_scn_time where……语句消耗资源超大
- 图文_MyEclipse配置log4j开源日志记录工具
- O(1)时间删除链表结点
- 经典单人操作问题
- 通用进销存系统开发摘记
- java的数据类型和运算符
- 推断性统计部分(四)---简单方差分析
- ffmpeg 音频编码器