-
Check if SSH keys already exist
ls -al ~/.sshIf it already exists, the result will list the directory file list, then go to step 3;
. .. id_rsa id_rsa.pubIf not present, go to step 2
# ls: /Users/hony/.ssh: No such file or directory -
Generate SSH Keys
Enter the following command in the terminal and fill in your email
$ ssh-keygen -t rsa -b 4096 -C "*[email protected]*" # Generating public/private rsa key pair.In the next steps, press Enter:
Enter file in which to save the key (/Users/hony/.ssh/id_rsa):If you do not want to set a password, continue to press Enter:
Enter passphrase (empty for no passphrase): Enter same passphrase again:When you see the graphic below, it's ok
The key's randomart image is: +---[RSA 4096]----+ | . . . Eoo| | o = *.++| | + B +*o| | + o B += o| | o S O o. +.| | . = . .o*| | . =O| | oO| | .B| +----[SHA256]-----+ -
Add SSH Key to ssh-agent
-
Make sure ssh-agent is available
$ eval "$(ssh-agent -s)" # Agent pid 2806 -
Add SSH Key to ssh-agent
# id_rsa是SSH key对应的文件的名字,如果要使用一个已经存在的key添加到ssh-agent的话,替换id_rsa名字即可 $ ssh-add ~/.ssh/id_rsa # Identity added: ...
-
-
Add the SSH Key to the account of the remote warehouse
-
copy
SSH Keyto clipboard$ pbcopy < ~/.ssh/id_rsa.pub -
Log in to remote warehouses such as github or bitbucket to add an SSH key.
-
Different SSH key types and sizes
The ssh-keygen command allows key types and sizes for different algorithms. Here is a list of common SSH key types and an explanation of the characteristics of each type:
- RSA : A widely supported algorithm, RSA is the best choice in many situations. A key of 2048 or 4096 bits needs to be created, the former is sufficient, the latter is ideal.
- ECDSA: A relatively new algorithm, ECDSA provides a similar level of security to RSA, but with shorter keys, which improves performance. Supported key sizes are 256, 384 and 521 bits.
- Ed25519: An emerging algorithm, Ed25519 improves upon the security and performance of previous key types. Apple itself uses this method of authentication in certain circumstances, including during communications between certain devices. The secret key is only 256 bits, while still providing a high level of security.
ssh-keygen commonly used commands
- -t : Use this command to enter the algorithm you wish to use. RSA, ECDSA, and Ed25519 are common and viable choices.
- -b: Specify the length of the key by entering the number of bits used. Before entering the -b command, check the requirements of the selected algorithm because different algorithms support different number of bits.
- -p: You can use the -p command to change the passphrase of the key. Just include -p in ssh-keygen and the terminal will ask for the file location, enter the path to the relevant key and create a new passphrase when prompted.
- -f: Use the -f command to direct ssh-keygen to a specific file location.
- The -C: command adds a comment to the key, which is a useful way to label it.