ssh login
SSH is a network protocol used to encrypt the log between computers. SSH is mainly used for remote login. Suppose you wanted user name user, login to remote host host, as long as a simple command on it. SSH has been able to ensure security, because it uses a public key encryption. When the public key of the remote host is accepted locally, it will be stored in the local file $ HOME / .ssh / known_hosts. Next time you connect the host, the system will recognize its public key has been saved locally, and thus skip the warning in part, directly prompted for a password.
ssh login password: the whole process is as follows: (1) the remote host receiving the login request of the user, his own public key to the user. (2) the user to use the public key to encrypt the login password, send it back. (3) a remote host with their own private key to decrypt password, if the password is correct, agreed to user login.
Each user has their own SSH known_hosts file, in addition to the system have such a file, usually / etc / ssh / ssh_known_hosts, keep some for all users trusted remote host's public key.
ssh public key login : password logon, you must enter the password every time, very troublesome. Fortunately, SSH also provides public login, password step may be omitted. The so-called "public key logon", the principle is very simple, that user will own public key stored in ~ / .ssh / authorized_keys file on the remote host. Login time, remote host sends a random string to the user after the user with their own private key encryption, and then sent back. Remote host using previously stored public key (~ / .ssh / authorized_keys file) is decrypted, if successful, to prove that the user is authentic, it allows direct login shell, no longer require a password. This method requires users to provide their own public key. If not readily available, it can be directly used to generate a ssh-keygen: $ ssh-keygen.
Free public key cipher process operation of landing :
1, Log A machine
2, ssh-keygen -t [rsa | dsa], will generate a public key and a private key file id_rsa, id_rsa.pub or id_dsa, id_dsa.pub
. 3, the copy the file to the .ssh directory .pub B machine, and id_dsa.pub >> ~ CAT / .ssh / authorized_keys
4, log on machine B from a goal machine account password is no longer required.
5, set the file and directory permissions: To ensure the .ssh authorized_keys and have only you have write access. Otherwise verification invalid.
Set permissions authorized_keys
$ chmod 600 authorized_keys
set .ssh directory permissions
$ chmod 700 -R .ssh
5, and to ensure that .ssh authorized_keys are only you have write access. Otherwise verification invalid.
the known_hosts : position ~ / .ssh / known_hosts, the recording linked to each other to the other host's public key. Checks each link to the other side of the current public key is the same as your host key records, a simple verification. You will each ssh public key (public key) you visited are recorded in the computer's ~ / .ssh / known_hosts. The next time access to the same computer, OpenSSH will verify the public key. If the key is different, OpenSSH will warn you to avoid being attacked DNS Hijack like.
If the other party to reinstall the server, you need to enter your computer's ~ / .ssh / known_hosts delete the original server's public key. The other information is also correct public key to delete the next link should all re-certified. (Remote to local vscode devcloud, and reinstall the system after devcloud need to remove the local known_hosts, or remote ssh failed)
known_hosts file contents: (host) server ip: (key) public key
[91.134.12.3]:36000 esdsa-sha2-nis-------
vscode avoid dense Login Devcloud:
1, the unit generates a key under cmd: {where the install directory window git.exe}> SSH-RSA keygen -t
2, upload id_rsa.pub (file should be in C: \ Users at \ username .ssh) to devcloud
. 3, copied to the next devcloud id_rsa.pub the /root/.ssh, performing the authorized_keys >> id_rsa.pub CAT
. 4, the authorized_keys the chmod 600, the chmod 700 ~ / .ssh
. 5, confirm the / etc / ssh / sshd_config configuration RSAAuthentication yes, yes PubkeyAuthentication
6, restart the service sshd restart
git(ssh/http)免密push pull
-
Free https dense
. 1, $ ~ Touch / Credentials .git-
2, $ Vim ~ / .git-Credentials
add content
https: // {username}: {} @ github.com the passwd
. 3, adding configure git
$ git config - Store credential.helper Global
. 4, see ~ / .gitconfig file change
[Credential]
Helper = Store -
Free ssh secret
public key is uploaded to the machine ssh key git warehouse.
