Working with SSH key passphrases
2016-12-06 13:14
281 查看
[https://help.github.com/articles/working-with-ssh-key-passphrases/]
MAC
WINDOWS
This article will walk you through the process of securing your SSH keys and configuring an authentication agent so that you won't have to re-enter your passphrase every time you use your keys.
Passwords aren't very secure. If you use one that's easy to remember, it's also easier to guess or brute-force (try many options until one works). If you use one that's random, it's hard to remember, and thus you're more inclined to write it down. Both of these
are Very Bad Things.
This is why you're using SSH keys. Of course, using a key without a passphrase is basically the same as writing down a random password: anyone who gains access to your computer has gained access to every system you use that key with. This is also a Very Bad
Thing. The solution is to add a passphrase to the SSH key for an extra layer of security.
Neither do I! Thankfully, there's a nifty little tool called
your life even easier. Most Linux installations will automatically start
You can change the passphrase for an existing private key without regenerating the keypair. Just type the following command:
If your key already has a passphrase, you will be prompted to enter it before you can change to a new passphrase.
If you are on OS X Leopard or later,
your input from being copied or spied upon by universal access or low-level keyboard routines.
The default private key files (
Tip: Make sure you're using the default OS X
and not one installed by macports, homebrew,
or some other external source.
When you first try to use the key, you are prompted to enter your passphrase:
![](https://help.github.com/assets/images/help/setup/ssh_prompt.jpg)
If you choose to save the passphrase with your keychain, you won't have to enter it again. Instead you'll simply need to unlock your keychain.
This section was written with help from this
guide. If you would like to use more paranoid keychain settings like locking after sleep, check out this
guide.
Working with SSH key passphrases
MACWINDOWS
This article will walk you through the process of securing your SSH keys and configuring an authentication agent so that you won't have to re-enter your passphrase every time you use your keys.
Why
do I need a passphrase?
Passwords aren't very secure. If you use one that's easy to remember, it's also easier to guess or brute-force (try many options until one works). If you use one that's random, it's hard to remember, and thus you're more inclined to write it down. Both of theseare Very Bad Things.
This is why you're using SSH keys. Of course, using a key without a passphrase is basically the same as writing down a random password: anyone who gains access to your computer has gained access to every system you use that key with. This is also a Very Bad
Thing. The solution is to add a passphrase to the SSH key for an extra layer of security.
But
I don't want to enter a long passphrase every time I use the key!
Neither do I! Thankfully, there's a nifty little tool called ssh-agentthat can securely save your passphrase, so you don't have to re-enter it. If you're on OS X Leopard or later your keys can be saved in the system's keychain to make
your life even easier. Most Linux installations will automatically start
ssh-agentfor you when you log in.
Adding
or changing a passphrase
You can change the passphrase for an existing private key without regenerating the keypair. Just type the following command:ssh-keygen -p # Start the SSH key creation process Enter file in which the key is (/Users/you/.ssh/id_rsa): [Hit enter] Key has comment '/Users/you/.ssh/id_rsa' Enter new passphrase (empty for no passphrase): [Type new passphrase] Enter same passphrase again: [One more time for luck] Your identification has been saved with the new passphrase.
If your key already has a passphrase, you will be prompted to enter it before you can change to a new passphrase.
OS
X Keychain
If you are on OS X Leopard or later, ssh-agentruns automatically for you. It will also integrate with the keychain, so you can unlock your keys with it. This has some major advantages over a command-line based setup: for example, it protects
your input from being copied or spied upon by universal access or low-level keyboard routines.
The default private key files (
.ssh/id_rsa,
.ssh/id_dsa, and
.ssh/identity) should be handled automatically. If you have a private key with a different name, you can add it by typing
ssh-add -k path/to/my_key.
Tip: Make sure you're using the default OS X
ssh-addcommand,
and not one installed by macports, homebrew,
or some other external source.
When you first try to use the key, you are prompted to enter your passphrase:
![](https://help.github.com/assets/images/help/setup/ssh_prompt.jpg)
If you choose to save the passphrase with your keychain, you won't have to enter it again. Instead you'll simply need to unlock your keychain.
This section was written with help from this
guide. If you would like to use more paranoid keychain settings like locking after sleep, check out this
guide.
相关文章推荐
- Working with SSH key passphrases
- git 遇到Enter passphrase for key '/Users/renpeng/.ssh/id_rsa':
- SSH-A web application created a ThreadLocal with key of type [null]
- 【用户】create_user_with_sshkey.sh
- 解决 Agent admitted failure to sign using the key 问题 with ssh & repo
- How to generate ssh key only for github and not conflict with original key
- SSH connection problem with “Host key verification failed…” error
- MAC OS SSH with key
- mac配置完ssh依然提示"Enter passphrase for key"解决方法
- How To Use Putty with an SSH Private Key Generated by OpenSSH
- Spark Working with Key/Value Pairs
- mac配置完ssh依然提示"Enter passphrase for key"解决方法
- Working with non-default SSH key pair paths
- Jenkins slave节点配置(SSH with private key)
- Git error: Unable to negotiate with X.X.X.X : no matching host key type found . their offer: ssh-dss
- Unable to negotiate with XX.XX.XX.XX: no matching host key type found. Their offer: ssh-dss
- git-push with specific SSH key
- OTPs: Using s/Key with SSH via OPIE
- Mac下配置多个SSH-Key
- AddWithKey 相关技术