堆栈内存溢出
  简体   繁体   English

在具有共享用户的公共服务器上使用git私钥的最佳实践

[英]Best practice for using git private key on a public server with a shared user

 原文  2014-12-17 00:40:56       git/ ssh/ private-key/ assembla

问题描述

I Currently use some servers to do some benchmarks. 我目前使用一些服务器来做一些基准测试。 I need to log into multiple servers and git clone ... from assembla. 我需要从assembla登录到多个服务器和git clone...。

Currently I copy my private key to the server and then update the .ssh/config file. 当前,我将私钥复制到服务器,然后更新.ssh/config文件。 Although I share this user and server with other people to do their benchmarks. 尽管我与其他人共享此用户和服务器来进行基准测试。 What is the best practice for this(without creating a new user for everyone on the server). 最佳做法是什么(不为服务器上的每个人创建新用户)。 Is there anyway I can use ssh-add key then use git on the server and pull the repo without storing the key on the server? 无论如何,我可以使用ssh-add密钥,然后在服务器上使用git并拉回购而不将密钥存储在服务器上吗?

1 个解决方案

解决方案1
 1 已采纳  2014-12-17 10:57:59

Enable SSH agent forwarding 启用S​​SH代理转发

Since you're using key-based authentication, the best solution is to allow forwarding of the authentication agent connection over the secure channel . 由于您使用的是基于密钥的身份验证,因此最佳的解决方案是允许通过安全通道转发身份验证代理连接 If your public key is stored on the last server, there's no need to store your corresponding private key on the intermediate host. 如果您的公钥存储在最后一台服务器上,则无需在中间主机上存储相应的私钥。

Since the default client setting is not to forward the authentication agent to the remote host, you should enable agent forwarding in your client configuration. 由于默认的客户端设置不是将身份验证代理转发到远程主机,因此应在客户端配置中启用代理转发。 Add the following line to your ~/.ssh/config : ~/.ssh/config下行添加到~/.ssh/config 

Host intermediate.server.name
    ForwardAgent yes

On the server, the default is to enable Agent Forwarding but in case it has been disabled, you should ensure that the following line is uncommented in the server's SSHD configuration (usually /etc/sshd_config ). 在服务器上,默认设置是启用代理转发,但如果已禁用它,则应确保在服务器的SSHD配置(通常为/etc/sshd_config )中取消注释以下行。 

AllowAgentForwarding yes

GitHub have a good article on Using SSH agent forwarding which references Steve Friedl's comprehensive Guide to SSH Agent Forwarding . GitHub上有一篇有关使用SSH代理转发的好文章,其中引用了Steve Friedl的SSH代理转发综合指南

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在私有 git 服务器上使用公共 git 存储库 - Using public git repositories on private git server SSH使用git-私钥和公钥 - SSH using git - private and public key 使用公钥/私钥推送到TFS git - Pushing to TFS git using public/private key 在私有git服务器上分支公共git存储库 - Branch a public git repository, on a private git server 是否可以公开访问私有GIT服务器? - Is it possible to give public access to a private GIT server? git squash提交公共服务器,但保留私有服务器的详细提交 - git squash commits for public server, but keep detailed commits for private server git ssh推送到服务器,公钥错误 - git push with ssh to server , public key error 使用和合并外部Git存储库的最佳实践 - Best practice using and merging external Git repositories 在远程服务器上我自己的私人仓库的git clone上拒绝权限 - 即使我添加了一个新的公钥 - Permission denied on git clone of my own private repo on a remote server - even though I added a new public key and all 在存储库位于public_html下的情况下,设置git服务器(使用gitlab)的最佳方法是什么? - What is the best way to setup a git server[using gitlab] where the repository is under public_html?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM