一、生成公钥key
$ ssh-keygen -t rsa -C [email protected]
一路回车,直到生成 id_rsa, id_rsa.pub
二、http://git.oschina.net/profile/sshkeys添加公钥
三、安装connect-proxy,也可以使用linux自带nc命令
rpm文件下载
http://rpm.pbone.net/index.php3?stat=3&search=connect-proxy&srodzaj=3
$ sudo rpm -ivh connect-proxy-1.93-2.el6.i686.rpm
四、添加~/.ssh/config
$ vim ~/.ssh/config (没有则新建文件),添加
Host git.oschina.net *.oschina.net
ProxyCommand connect-proxy -H 192.168.60.34:18608 %h %p 或
#ProxyCommand /usr/bin/nc -X connect -x 192.168.60.34:18608 %h %p
IdentityFile ~/.ssh/id_rsa
User [email protected]
说明:ProxyCommand可以用linux自带/usr/bin/nc命令,参考man 5 ssh_config
ProxyCommand /usr/bin/nc -X connect -x 192.168.60.34:18608 %h %p # Redhat7.3不可行
$ chmod 600 /home/caiwang213/.ssh/config,不然会提示:
[caiwang213@caiwang213 ~]$ ssh -v -T [email protected]
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
Bad owner or permissions on /home/caiwang213/.ssh/config
五、验证
$ ssh -v -T [email protected] 提示:
[caiwang213@caiwang213 ~]$ ssh -v -T [email protected]
OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
debug1: Reading configuration data /home/caiwang213/.ssh/config
debug1: Applying options for git.oschina.net
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Executing proxy command: exec connect-proxy -H 192.168.60.34:18608 git.oschina.net 22
debug1: permanently_drop_suid: 500
debug1: identity file /home/caiwang213/.ssh/id_rsa type 1
debug1: identity file /home/caiwang213/.ssh/id_rsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2
debug1: match: OpenSSH_6.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'git.oschina.net' is known and matches the RSA host key.
debug1: Found key in /home/caiwang213/.ssh/known_hosts:4
debug1: ssh_rsa_verify: signature correct
bug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /home/caiwang213/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: channel 0: new [client-session]
debug1: Requesting [email protected]
debug1: Entering interactive session.
debug1: Remote: Forced command.
debug1: Remote: Port forwarding disabled.
debug1: Remote: X11 forwarding disabled.
debug1: Remote: Agent forwarding disabled.
debug1: Remote: Pty allocation disabled.
debug1: Remote: Forced command.
debug1: Remote: Port forwarding disabled.
debug1: Remote: X11 forwarding disabled.
debug1: Remote: Agent forwarding disabled.
debug1: Remote: Pty allocation disabled.
debug1: Sending environment.
debug1: Sending env LANG = en_US.UTF-8
Welcome to Git@OSC, caiwang213!
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: client_input_channel_req: channel 0 rtype [email protected] reply 0
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 2440, received 3584 bytes, in 0.5 seconds
Bytes per second: sent 4894.0, received 7188.6
debug1: Exit status 0