nop*_*ole 5 git github ssh-keys ssh-agent
我总是只是生成 ssh 密钥,然后将其添加到 GitHub 就完成了:我可以克隆或推送到 GitHub 并执行所有任务。
但现在我看到“将你的 SSH 密钥添加到 ssh-agent ”,我可以跳过整个部分,一切似乎仍然有效。为什么需要这样做?如果不执行此步骤会发生什么?
您不必使用SSH 代理。
\n\nThere are often some good reasons to use an agent. Much of this depends on how much you trust each computer in the chain of computers you use, as you go from whichever system you\'re running your interactive shell command session on, to the one you run git fetch or whatever other command on.
See the answer phd linked, or the full question and answer over on https://unix.stackexchange.com/q/72552/162084, for a description of what the agent does for you.
\n\nThe one constant here is that you must trust at least one machine to hold your private key (of the private/public key-pair) for you. You can encrypt the private key as well, so that you don\'t have to trust that machine 100%\xe2\x80\x94you need only trust it enough to get the encrypted key installed in the first place.
\n\nIf you have encrypted the key, you must enter the password/passphrase to decrypt it every time you need it. Using the agent, you can decrypt the key once into the agent, then let the agent deal with it.
\n\nIf you use a chain of computers, you can use ssh <machine> and let agent forwarding send various key-oriented requests back to the original machine (on which you\'ve decrypted a key into an agent). These requests themselves don\'t actually send the key, so that the private key remains secret, now known only to you and the agent. (Well, you, the agent, and any spies that have corrupted you and/or the agent and/or inserted a covert channel at any point at which it\'s possible to capture the secret key.)
如果您尚未加密私钥并将其直接存储在向 GitHub 发出 Git 操作的计算机上,则不需要代理。如果您正在为计算机用户使用部署密钥,您可能只想以未加密的方式存储此私钥:此类密钥的目的是允许计算机上的进程访问它,而无需任何额外的跳跃。但这种密钥的安全级别相对较低,这就是为什么它是仅由该系统使用的机器用户和部署密钥的原因:如果它被泄露,您只需将其丢弃并生成新的部署密钥即可。只有机器使用它,因此机器会自动使用新的。
\n| 归档时间: |
|
| 查看次数: |
979 次 |
| 最近记录: |