2. 科技
    3. Git 多SSH密钥简易配置教程

    Git 多SSH密钥简易配置教程

    科技2025-10-19  15

    前言

    当我们想要在一台电脑中,给不同的域名配置不同的ssh密钥,也就是说一台电脑中存在多个密钥,可以通过ssh config来配置。

    这里仅仅介绍Unix系列的文档,Windows不在此列。

    准备知识

    默认配置

    在电脑中,会有一份默认的配置,我们可以先从默认配置来学习。

    先查看下文件的内容:cat /etc/ssh/ssh_config,文件内容如下:

    ➜ .ssh cat /etc/ssh/ssh_config # $OpenBSD: ssh_config,v 1.34 2019/02/04 02:39:42 dtucker Exp $ # This is the ssh client system-wide configuration file. See # ssh_config(5) for more information. This file provides defaults for # users, and the values can be changed in per-user configuration files # or on the command line. # Configuration data is parsed as follows: # 1. command line options # 2. user-specific file # 3. system-wide file # Any configuration value is only changed the first time it is set. # Thus, host-specific definitions should be at the beginning of the # configuration file, and defaults at the end. # Site-wide defaults for some commonly used options. For a comprehensive # list of available options, their meanings and defaults, please see the # ssh_config(5) man page. # Host * # ForwardAgent no # ForwardX11 no # PasswordAuthentication yes # HostbasedAuthentication no # GSSAPIAuthentication no # GSSAPIDelegateCredentials no # BatchMode no # CheckHostIP yes # AddressFamily any # ConnectTimeout 0 # StrictHostKeyChecking ask # IdentityFile ~/.ssh/id_rsa # IdentityFile ~/.ssh/id_dsa # IdentityFile ~/.ssh/id_ecdsa # IdentityFile ~/.ssh/id_ed25519 # Port 22 # Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc # MACs hmac-md5,hmac-sha1,umac-64@openssh.com # EscapeChar ~ # Tunnel no # TunnelDevice any:any # PermitLocalCommand no # VisualHostKey no # ProxyCommand ssh -q -W %h:%p gateway.example.com # RekeyLimit 1G 1h Host * SendEnv LANG LC_*

    参数说明

    在上述文件中,想必大家也注意到了部分参数(%h、%p),这里简单介绍下。

    参数说明%d本地用户目录%u本地用户%l本地主机名%h远程主机名%r远程用户名

    其他配置

    配置Value说明Host域名User用户名IdentityFileSSH Key路径IdentitiesOnlyyes / no只使用这里设置的key, 防止使用默认的ServerAliveInterval60连接保持时间ControlMasterauto不用重新登录

    常见SSH命令

    生成类命令

    命令说明ssh-keygen -t rsa -C “your_email@example.com”生成密钥, 默认文件名为id_rsassh-keygen -t rsa -C “your_email@example.com” -f ~/.ssh/second多个key的情况,second为文件名称

    添加密钥类命令

    命令说明ssh-add -K ~/.ssh/id_rsa_github保存密钥ssh-add -l当前已添加的密钥ssh-add -D删除所有密钥ssh-add ~/.ssh/id_rsa_github添加密钥

    测试验证类命令

    命令说明ssh -T git@github.com连接测试

    Git配置命令

    命令说明git config --global user.name "User name"git config --global user.email user@example.com配置全局用户名和全局邮箱git config --local user.name "User name"git config --local user.email user@example.com问git仓库单独配置局部用户名和局部邮箱

    配置流程

    详细配置流程

    创建config文件

    cd ~/.sshtouch configvim config

    填充配置文件

    这里先给大家看下我的配置:

    # gitlab Host gitlab HostName gitlab.*.com User Serendipity # 密钥 IdentityFile "~/.ssh/id_rsa" # 仅使用该密钥 IdentitiesOnly yes PasswordAuthentication yes KexAlgorithms +diffie-hellman-group1-sha1 # github Host github.com # HostName ssh.github.com # Port 443 HostName github.com # 用户名 User Notzuonotdied # 密钥 IdentityFile "~/.ssh/id_rsa_github" # 仅使用该密钥 IdentitiesOnly yes AddKeysToAgent yes # UseKeychain yes ServerAliveInterval 20 PasswordAuthentication yes PreferredAuthentications publickey

    在我的cofig文件中,主要配置了两个密钥。一个是gitlab,一个是github的。

    这么配置的原因有几个:

    用户名不一致密钥不一致部分规则不一致

    至于其他用途,O(∩_∩)O,你自己想~

    Host说明

    Host可以配置通配符*,该规则写在最后,用来匹配前面没有匹配上的别名。 * 代表0~n个非空白字符? 代表一个非空白字符! 表示例外通配。

    测试验证

    ssh -vT git@github.comssh -vT git@gitlab.com

    贴下验证结果:

    ➜ .ssh ssh -vT git@github.com OpenSSH_8.1p1, LibreSSL 2.7.3 debug1: Reading configuration data /Users/xxx/.ssh/config debug1: /Users/xxx/.ssh/config line 40: Applying options for github.com debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 47: Applying options for * debug1: Connecting to github.com port 22. debug1: Connection established. debug1: identity file /Users/xxx/.ssh/id_rsa_github type 0 debug1: identity file /Users/xxx/.ssh/id_rsa_github-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_8.1 debug1: Remote protocol version 2.0, remote software version babeld-1e9083a5 debug1: no match: babeld-1e9083a5 debug1: Authenticating to github.com:22 as 'git' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: curve25519-sha256 debug1: kex: host key algorithm: rsa-sha2-512 debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ssh-rsa SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8 debug1: Host 'github.com' is known and matches the RSA host key. debug1: Found key in /Users/xxx/.ssh/known_hosts:6 debug1: rekey out after 134217728 blocks debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: rekey in after 134217728 blocks debug1: Will attempt key: /Users/xxx/.ssh/id_rsa_github RSA SHA256:...... explicit agent debug1: SSH2_MSG_EXT_INFO received debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,ssh-ed25519,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ssh-dss> debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey debug1: Next authentication method: publickey debug1: Offering public key: /Users/xxx/.ssh/id_rsa_github RSA SHA256:...... explicit agent debug1: Server accepts key: /Users/xxx/.ssh/id_rsa_github RSA SHA256:...... explicit agent debug1: Authentication succeeded (publickey). Authenticated to github.com ([xx.xx.xxx.xxx]:22). debug1: channel 0: new [client-session] debug1: Entering interactive session. debug1: pledge: network debug1: Sending environment. debug1: Sending env LC_TERMINAL_VERSION = 3.3.12 debug1: Sending env LC_CTYPE = UTF-8 debug1: Sending env LC_TERMINAL = iTerm2 debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 Hi xxx! You've successfully authenticated, but GitHub does not provide shell access. debug1: channel 0: free: client-session, nchannels 1 Transferred: sent 2788, received 2476 bytes, in 1.0 seconds Bytes per second: sent 2832.1, received 2515.2 debug1: Exit status 1

    常见问题修复

    这里将遇到的一些问题记录在这里,有需要可以看看。

    Connection timed out

    Solution for ‘ssh: connect to host github.com port 22: Connection timed out’ error

    $ git clone git@github.com:xxxxx/xxxx.git my-awesome-proj Cloning into 'my-awesome-proj'... ssh: connect to host github.com port 22: Connection timed out fatal: Could not read from remote repository. $ # This should also timeout $ ssh -T git@github.com ssh: connect to host github.com port 22: Connection timed out $ # but this might work $ ssh -T -p 443 git@ssh.github.com Hi xxxx! You've successfully authenticated, but GitHub does not provide shell access. $ # Override SSH settings $ vim ~/.ssh/config ​``` # Add section below to it Host github.com Hostname ssh.github.com Port 443 ​``` $ ssh -T git@github.com Hi xxxxx! You've successfully authenticated, but GitHub does not provide shell access. $ git clone git@github.com:xxxxxx/xxxxx.git my-awesome-proj Cloning into 'my-awesome-proj'... remote: Enumerating objects: 15, done. remote: Counting objects: 100% (15/15), done. remote: Compressing objects: 100% (14/14), done. remote: Total 15 (delta 0), reused 15 (delta 0), pack-reused 0 Receiving objects: 100% (15/15), 22.90 KiB | 4.58 MiB/s, done.

    附录

    多域名 ssh git 配置

    Multiple SSH Keys settings for different github account

    这篇Gist可以参考看看,写得蛮好的,有很多的讨论。

    Solution for ‘ssh: connect to host github.com port 22: Connection timed out’ error

    本地使用多个SSH Key

    SSH的config配置之多账号简单管理

    Processed: 0.021, SQL: 8