Considering the security and convenience, I believe that most students are used to the SSH key login method. Sometimes we need to use different keys for different hosts, or even use different keys for the same host, which can be achieved through the configuration file ~/.ssh/config.
By default, ssh will use ~/.ssh/id_rsa. Here, I use the ssh-keygen command to generate another key for git.imququ.com, my self-built gitlab service:
BASHcd ~/.ssh/
ssh-keygen -t rsa -C "[email protected]"
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/QuQu/.ssh/id_rsa): id_rsa_gitlab
...
Next, add the content of the public key file id_rsa_gitlab.pub to the background of gitlab (under Mac, you can use the pbcopy command to copy the content to the clipboard to avoid formatting problems).
pbcopy < id_rsa_gitlab.pub
Now let's try git clone the project:
BASHgit clone [email protected]:qgy18/ququblog2.git
Cloning into 'ququblog2'...
Permission denied (publickey).
fatal: Could not read from remote repository.
Apparently, the prompt doesn't have permission. Because the default ssh does not recognize the private key of id_rsa_gitlab I just generated. All we need to do is tell ssh to log in with a different key, open ~/.ssh/config (create a new one if you don't have one), and enter the following:
BASH#gitlab@ququ
Host git.ququ
HostName git.imququ.com
Port 22
User git
IdentityFile ~/.ssh/id_rsa_gitlab
The first line is a comment, and the second line specifies that if the Host matches git.ququ, use the configuration specified in the next few lines to log in to ssh. HostName, Port, User, and IdentityFile are the configuration of the specific host, port, user name and private key respectively. Note that Host can be the same as HostName and can be defined as anything you want, so usually I use a short, easy-to-remember name for Host.
Replace the previous "[email protected]" with "git.ququ" and try again:
BASHgit clone git.ququ:qgy18/ququblog2.git
Cloning into 'ququblog2'...
remote: Counting objects: 1360, done.
Well, that's fine. Likewise, it is easy to specify different key files for the same host:
BASHHost host1
HostName www.xxx.com
User xx
IdentityFile ~/.ssh/id_rsa_1
Host host2
HostName www.xxx.com
User xx
IdentityFile ~/.ssh/id_rsa_2
In this way, when you log in to ssh through host1 and host2 anywhere in the world, different key files will be automatically selected.
所以,通过 ssh 的 config 文件可以进一步简化登录过程。实际上我可以通过「ssh q」登录我的 VPS;配置 SFTP 等服务时,也只用在 host 那一栏填一个「q」,用户名、端口什么的都不用填。因为我有这样的配置:
BASHHost q
HostName www.imququ.com
Port 22
User jerry
IdentityFile ~/.ssh/id_rsa
由于参数是集中配置的,如果某天我要更换 ssh 服务的端口,只需要在这里改一次就可以了,十分方便。实际上,ssh config 的 Host 字段还支持通配符,有更高级的玩法,不过我暂时没这复杂的需求。这里有一份完整文档,以后有需要再研究。
本文链接:https://imququ.com/post/multiple-ssh-keys-with-different-hosts.html,参与评论。
--EOF--
转自:https://imququ.com/post/multiple-ssh-keys-with-different-hosts.html