简体繁体 English

可以使用一个SSH密钥推送到不同的Git遥控器吗？

[英]Can one single SSH key be used to push to different Git remotes?

原文 2013-09-02 13:56:17 7 3 git/ ssh/ ssh-keys

Usually，I generate different SSH keys for pushing to multiple Git servers. 通常，我生成不同的SSH密钥以推送到多个Git服务器。

Today，my colleague showed me that he uses the same id_rsa.pub file for pushing to both GitHub and our LAN GitLab server. 今天，我的同事告诉我，他使用相同的id_rsa.pub文件推送到GitHub和我们的LAN GitLab服务器。

Can one single SSH key be used to push to different Git remotes? 可以使用一个SSH密钥推送到不同的Git遥控器吗？

What is the reason that we have to generate multiple SSH keys for different remote servers? 我们必须为不同的远程服务器生成多个SSH密钥的原因是什么？

3 个解决方案

To address both of your questions: 要解决您的两个问题：

Q1. Q1。 Can one single SSH key be used to push to different Git remotes? 可以使用一个SSH密钥推送到不同的Git遥控器吗？

Yes, assuming you are using the one id_rsa.pub or otherwise named public key, together with your private key on all of your development workstations, then simply uploading that one public key to multiple Git hosts will allow you the same access as you currently get from the multiple keys. 是的，假设您在所有开发工作站上使用了一个id_rsa.pub或其他名称的公钥以及您的私钥，那么只需将一个公钥上传到多个Git主机就可以获得与当前获得的相同的访问权限从多个键。

This will also make your production life a bit easier, without having to manage multiple keys and ensuring you connect with the right one each time you communicate with the server. 这也将使您的生产生活更轻松，无需管理多个密钥，并确保每次与服务器通信时都与正确的密钥连接。

If you use multiple workstations (ie, home and office), you may also choose to use the same public/private key-pair on each of your local workstations. 如果您使用多个工作站（即家庭和办公室），您也可以选择在每个本地工作站上使用相同的公钥/私钥对。 This further reduces the number of different keys you need to keep track of. 这进一步减少了您需要跟踪的不同键的数量。

Q2. Q2。 What is the purpose that we have to generate multiple SSH keys for different remote server? 我们为不同的远程服务器生成多个SSH密钥的目的是什么？

There is no reason that you have to generate multiple keys for multiple remote Git repository servers, as indicated by the answer to your first question. 您没有必要为多个远程Git存储库服务器生成多个密钥，如第一个问题的答案所示。

As Jan Hudec has mentioned though, the reason one might choose to use different keys for different Git repositories, would be for an additional layer of security or management control. 正如Jan Hudec所提到的那样，人们可能会选择为不同的Git存储库使用不同的密钥，这将是一个额外的安全或管理控制层。

Further reading on using SSH with Git is available at Bitbucket and GitHub 有关在Git上使用SSH的更多信息，请访问Bitbucket和GitHub

是的，只要每个服务器都有一个公钥副本，就可以为多个服务器使用相同的公共/私有ssh密钥对。

In ssh, the private key is the one on the client and you push the public key to the servers you want to log in to. 在ssh中，私钥是客户端上的私钥，您将公钥推送到要登录的服务器。

Normally you generate separate key for each passphrase-less key used in some script to minimize the damage if the key gets stolen. 通常，您会为某些脚本中使用的每个无密码短语生成单独的密钥，以便在密钥被盗时将损坏降至最低。

But I don't see any good reason to generate multiple identities for manual use. 但我认为没有任何充分理由为手动使用生成多个身份。 Everything that involves manual use by me always uses the same passphrase-protected id_rsa , usually unlocked in ssh-agent. 涉及我手动使用的所有内容始终使用相同的密码短语保护的id_rsa ，通常在ssh-agent中解锁。

You can also use separate keys for similar reason, but unless you protect each with different passphrase, there is no point as all the private keys live in the same directory on the same disk. 您也可以出于类似的原因使用单独的密钥，但除非您使用不同的密码保护每个密钥，否则没有必要，因为所有私钥都存在于同一磁盘上的同一目录中。

Of course on different workstation you should definitely have different private key, but it will again be used for everything done from that machine. 当然，在不同的工作站上，你肯定应该拥有不同的私钥，但它将再次用于从该机器完成的所有工作。