git ssh认证

一般新手用git时，使用HTTPS都需要输入用户名和密码，这是一个很低效的开发过程。（虽然有时可以让开发人员减少push的次数）。github提供了几种连接方式，其中以https:开头的代表https连接，以git开头代表ssh连接。所以用ssh连接时要确保

你客户端的版本库url设置的ssh的url，而不是https的url。如何查看客户端的连接设置，使用下面的命令:

$ git config --list

显示中有一个

remote.origin.url=xxxxxx

如果url不是git开头的，去项目网址复制下ssh地址，然后设置url为新的地址

$git config remote.origin.url 新地址

。

生成ssh的步骤官网有详细说明：https://help.github.com/articles/generating-ssh-keys

大概如下：

1.转到目录(如果没有.ssh，就创建一个,不能用普通创建文件夹方式创建以.开头的，用命令行)

$ cd ~/.ssh 这个在win7上无效，~代表用户目录，win7一般为:C:\Users\Administrator\.ssh (管理员身份登录) )

2. 生成key：

ssh-keygen -t rsa -C "your_email@example.com"
# Creates a new ssh key, using the provided email as a label
# Generating public/private rsa key pair.
# Enter file in which to save the key (/c/Users/you/.ssh/id_rsa): [Press enter]
ssh-add id_rsa     （输入文件的名字，一般输入id_rsa就可以了)

然后会提示输入2次密码，(这里我们直接输入回车，不然以后每次都要输入密码，麻烦）输入完成后就在.ssh文件夹下面生成了2个文件:id_rsa和id_rsa.pub
把id_ras.pub内容复制下。

3.去Account Settings 新增一个key，key名字随意，Key内容就粘贴下刚才复制的就可以了。

4.测试 

$ssh -T git@github.com （输入这个，千万注意，邮箱不要改)
# Attempts to ssh to github

You may see this warning:

# The authenticity of host 'github.com (207.97.227.239)' can't be established.
# RSA key fingerprint is 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48.
# Are you sure you want to continue connecting (yes/no)?

Don't worry, this is supposed to happen. Verify that the fingerprint matches the one here and type "yes".

# Hi username! You've successfully authenticated, but GitHub does not
# provide shell access.

If that username is correct, you've successfully set up your SSH key. Don't worry about the shell access thing, you don't want that anyway.

遇到了几个错误：

permission denied，一般都会遇到这种错误，看官网说明：

https://help.github.com/articles/error-permission-denied-publickey

错误:Could not open a connection to your authentication agent.

解决方法】需要ssh-agent启动bash，或者说把bash挂到ssh-agent下面。

【具体方法】

islue@localhost $ ssh-agent bash --login -i

islue@localhost $ ssh-add

(如果上面还是报错：

Could not open a connection to your authentication agent.则

http://funkaoshi.com/blog/could-not-open-a-connection-to-your-authentication-agent

 

 

SSH private-keys are usually stored encrypted on the computers they are stored on. A pass-phrase is used to decrypt them when they are to be used. Since most people use SSH public-private key-pairs to get around typing in passwords all the time, the ssh-agentdaemon exists to store decrypted private-keys you plan on using in a given session. The thing most people get tripped up on when using ssh-agent is that what the program outputs, some borne or csh shell commands, needs to be run. It may look like ssh-agent has set some variables for you, but it has in fact done no such thing. If you call ssh-add without processing ssh-agent’s output, it will complain it is unable to open a connection to your authentication agent. The most straightforward way to run ssh-agent on the command line is as follows: eval `ssh-agent`. After doing this, calls to ssh-add should succeed without error.

执行ssh-add ~/.ssh/rsa

报标题上的错误

先执行  eval `ssh-agent`  （是～键上的那个`） 再执行 ssh-add ~/.ssh/rsa成功

ssh-add -l 就有新加的rsa了

）

【ssh-agent介绍】

ssh-agent就是一个管理私钥的代理，受管理的私钥通过ssh-add来添加，所以ssh-agent的客户端都可以共享使用这些私钥。

好处1：不用重复输入密码。

用 ssh-add 添加私钥时，如果私钥有密码的话，照例会被要求输入一次密码，在这之后ssh-agent可直接使用该私钥，无需再次密码认证。

好处2：不用到处部署私钥

假设私钥分别可以登录同一内网的主机 A 和主机 B，出于一些原因，不能直接登录 B。可以通过在 A 上部署私钥或者设置 PortForwarding 登录 B，也可以转发认证代理连接在 A 上面使用ssh-agent私钥登录 B。

islue@localhost $ ssh -A HOST_A

islue@HOST_A $ ssh HOST_B
islue@HOST_B $

ssh-add完后，可以用ssh-add  -l来查看结果：

客户端第一次push会在.ssh生成一个known_hosts文件:

这样，以后就不用输入用户名和密码了。

如果出现:

git clone git@x.x.x.x:test.git

Permission denied (publickey,gssapi-with-mic).
fatal: The remote end hung up unexpectedly.

原因是没有起到ssh。

运行:

ssh-agent bash .

或者不从cmd运行，直接从git bash运行。