하나의 클라이언트에서 여러 SSH 개인 키를 사용하는 가장 좋은 방법
여러 개인 키를 사용하여 다른 서버 또는 동일한 서버의 다른 부분에 연결하고 싶습니다 (내 용도는 서버의 시스템 관리, Git 관리 및 동일한 서버 내에서 일반적인 Git 사용입니다). 나는 단순히 id_rsa파일에 키를 쌓아 두려고 시도했다 .
이 작업을 수행하는 간단한 방법은 다음 명령을 사용하는 것입니다.
ssh -i <key location> login@server.example.com
꽤 번거 롭습니다.
이 작업을 좀 더 쉽게 수행하는 방법에 대한 제안이 있습니까?
내 .ssh/config:
Host myshortname realname.example.com
HostName realname.example.com
IdentityFile ~/.ssh/realname_rsa # private key for realname
User remoteusername
Host myother realname2.example.org
HostName realname2.example.org
IdentityFile ~/.ssh/realname2_rsa # different private key for realname2
User remoteusername
등등.
연결할 때 여러 키를 연속해서 시도하도록 ssh에 지시 할 수 있습니다. 방법은 다음과 같습니다.
$ cat ~/.ssh/config
IdentityFile ~/.ssh/id_rsa
IdentityFile ~/.ssh/id_rsa_old
IdentityFile ~/.ssh/id_ed25519
# ... and so on
$ ssh server.example.com -v
....
debug1: Next authentication method: publickey
debug1: Trying private key: /home/example/.ssh/id_rsa
debug1: read PEM private key done: type RSA
debug1: Authentications that can continue: publickey
debug1: Trying private key: /home/example/.ssh/id_rsa_old
debug1: read PEM private key done: type RSA
....
[server ~]$
이렇게하면 어떤 키가 어떤 서버에서 작동하는지 지정할 필요가 없습니다. 첫 번째 작업 키를 사용합니다.
또한 주어진 서버가 키를 수락 할 경우에만 암호를 입력합니다. 위에서 볼 수 있듯이 ssh는 암호가 .ssh/id_rsa있어도 암호를 요청하지 않았습니다 .
확실히 다른 답변에서와 같이 서버 별 구성을 능가하지는 않지만 적어도 연결하는 모든 서버에 대한 구성을 추가 할 필요는 없습니다!
Randal Schwartz 의 대답은 거의 나를 도왔습니다. 서버에 다른 사용자 이름이 있으므로 파일에 User 키워드를 추가해야했습니다 .
Host friendly-name
HostName long.and.cumbersome.server.name
IdentityFile ~/.ssh/private_ssh_file
User username-on-remote-machine
이제 친숙한 이름을 사용하여 연결할 수 있습니다.
ssh friendly-name
OpenSSH 매뉴얼 페이지 에서 더 많은 키워드를 찾을 수 있습니다 . 참고 : 나열된 키워드 중 일부는 이미 / etc / ssh / ssh_config 파일에있을 수 있습니다.
foo:~$ssh-add ~/.ssh/xxx_id_rsa
Make sure you test it before adding with:
ssh -i ~/.ssh/xxx_id_rsa username@example.com
If you have any problems with errors sometimes changing the security of the file helps:
chmod 0600 ~/.ssh/xxx_id_rsa
The previous answers have properly explained the way to create a configuration file to manage multiple ssh keys. I think, the important thing that also needs to be explained is the replacement of a host name with an alias name while cloning the repository.
Suppose, your company's GitHub account's username is abc1234. And suppose your personal GitHub account's username is jack1234
And, suppose you have created two RSA keys, namely id_rsa_company and id_rsa_personal. So, your configuration file will look like below:
# Company account
Host company
HostName github.com
PreferredAuthentications publickey
IdentityFile ~/.ssh/id_rsa_company
# Personal account
Host personal
HostName github.com
PreferredAuthentications publickey
IdentityFile ~/.ssh/id_rsa_personal
Now, when you are cloning the repository (named demo) from the company's GitHub account, the repository URL will be something like:
Repo URL: git@github.com:abc1234/demo.git
Now, while doing git clone, you should modify the above repository URL as:
git@company:abc1234/demo.git
Notice how github.com is now replaced with the alias "company" as we have defined in the configuration file.
Similary, you have to modify the clone URL of the repository in the personal account depending upon the alias provided in the configuration file.
Generate SSH key:
$ ssh-keygen -t rsa -C <email1@example.com>Generate
another SSH key:$ ssh-keygen -t rsa -f ~/.ssh/accountB -C <email2@example.com>Now, two public keys (id_rsa.pub, accountB.pub) should be exists in the
~/.ssh/directory.$ ls -l ~/.ssh # see the files of '~/.ssh/' directoryCreate config file
~/.ssh/configwith the following contents:$ nano ~/.ssh/config Host bitbucket.org User git Hostname bitbucket.org PreferredAuthentications publickey IdentityFile ~/.ssh/id_rsa Host bitbucket-accountB User git Hostname bitbucket.org PreferredAuthentications publickey IdentitiesOnly yes IdentityFile ~/.ssh/accountBClone from
defaultaccount.$ git clone git@bitbucket.org:username/project.gitClone from
accountBaccount.$ git clone git@bitbucket-accountB:username/project.git
I would agree with Tuomas about using ssh-agent. I also wanted to add a second private key for work and this tutorial worked like a charm for me.
Steps are as below:
$ ssh-agent bash$ ssh-add /path.to/private/keye.gssh-add ~/.ssh/id_rsa- Verify by
$ ssh-add -l - Test it with
$ssh -v <host url>e.gssh -v git@assembla.com
I had run into this issue a while back, when I had two Bitbucket accounts and wanted to had to store separate SSH keys for both. This is what worked for me.
I created two separate ssh configurations as follows.
Host personal.bitbucket.org
HostName bitbucket.org
User git
IdentityFile /Users/username/.ssh/personal
Host work.bitbucket.org
HostName bitbucket.org
User git
IdentityFile /Users/username/.ssh/work
Now when I had to clone a repository from my work account - the command was as follows.
git clone git@bitbucket.org:teamname/project.git
I had to modify this command to:
git clone git@**work**.bitbucket.org:teamname/project.git
Similarly the clone command from my personal account had to be modified to
git clone git@personal.bitbucket.org:name/personalproject.git
Refer this link for more information.
Use ssh-agent for your keys.
Now, with recent version of git, we can specify sshCommand in repository specific git config file.
[core]
repositoryformatversion = 0
filemode = true
bare = false
logallrefupdates = true
sshCommand = ssh -i ~/.ssh/id_rsa_user
[remote "origin"]
url = git@bitbucket.org:user/repo.git
fetch = +refs/heads/*:refs/remotes/origin/*
IMPORTANT: You must start ssh-agent
You must start ssh-agent (if it is not running already) before using ssh-add as follows:
eval `ssh-agent -s` # start the agent
ssh-add id_rsa_2 # where id_rsa_2 is your new private key file
Note that the eval command starts the agent on GIT bash on windows. Other environments may use a variant to start the SSH agent.
You can create a configuration file named config in your ~/.ssh folder. It can contain:
Host aws
HostName *yourip*
User *youruser*
IdentityFile *idFile*
This will allow you to connect to machines like this
ssh aws
On ubuntu 18.04 there is nothing to do.
After having created an 2nd ssh key succesfully the system will try to find an matching ssh key for each connection.
Just to be clear you can create a new key with these commands
# generate key make sure you give it a new name (id_rsa_server2)
ssh-keygen
# make sure ssh agent is running
eval `ssh-agent`
# add the new key
ssh-add ~/.ssh/id_rsa_server2
# get the public key to add it to a remote system for authentication
cat ~/.ssh/id_rsa_server2.pub
On Centos 6.5 running OpenSSH_5.3p1, OpenSSL 1.0.1e-fips, I solved the problem by renaming my key files so that none of them had the default name. My .ssh directory contains id_rsa_foo and id_rsa_bar but no id_rsa, etc.
As mentionend on atlassian blog page generate a config within .ssh including the following text:
#user1 account
Host bitbucket.org-user1
HostName bitbucket.org
User git
IdentityFile ~/.ssh/user1
IdentitiesOnly yes
#user2 account
Host bitbucket.org-user2
HostName bitbucket.org
User git
IdentityFile ~/.ssh/user2
IdentitiesOnly yes
Then you can simply checkout with the suffix domain and within the projects you can configure the Author names etc. locally.
참고URL : https://stackoverflow.com/questions/2419566/best-way-to-use-multiple-ssh-private-keys-on-one-client
'Programing' 카테고리의 다른 글
| Git에서 유효하지 않은 원격 분기 참조를 어떻게 제거합니까? (0) | 2020.09.30 |
|---|---|
| JavaScript 배열을 선언 할 때“Array ()”와“[]”의 차이점은 무엇입니까? (0) | 2020.09.29 |
| Java에서 InputStream을 바이트 배열로 변환 (0) | 2020.09.29 |
| substr과 substring의 차이점은 무엇입니까? (0) | 2020.09.29 |
| 문자열 내에서 문자열 (실제로 문자)의 발생 횟수를 어떻게 계산합니까? (0) | 2020.09.29 |