运维咖啡吧

追求技术的道路上,我从不曾停下脚步

服务器SSH密钥管理规范

服务器SSH密钥管理规范

密钥使用说明

  1. ssh用户名默认为邮箱前缀
  2. 使用RSA类型SSH密钥对,长度不小于2048
  3. 生成的key必须要配置passphrase
  4. 密钥对生成后请自行妥善保管,任何情况下都不得将私钥提供给他人
  5. 建议为私钥保留备份(压缩为Zip并添加密码),避免密钥丢失

建议生成方法

推荐使用Linux系统命令ssh-keygen -t rsa -b 2048生成密钥对

ops-coffee@onlinegame:~$ ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ops-coffee/.ssh/id_rsa): 
Created directory '/home/ops-coffee/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/ops-coffee/.ssh/id_rsa.
Your public key has been saved in /home/ops-coffee/.ssh/id_rsa.pub.
The key fingerprint is:
21:d2:db:70:05:44:7d:c0:4a:1e:94:bd:8e:19:cd:09 ops-coffee@onlinegame.ops-coffee.cn
The key's randomart image is:
+--[ RSA 2048]----+
|       +=*o.     |
|     .  E.+ .    |
|    . +oo* +     |
|     . *+.=      |
|      . S=       |
|        o .      |
|                 |
|                 |
|                 |
+-----------------+

生成的公钥格式如下:

ops-coffee@onlinegame:~$ cat ~/.ssh/id_rsa.pub 
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCrxA9WuM/cTLiQ06Fj/DnygPeBz3Mka3dt/tmxIK5T1hmHceurD6eZ6x0K/hOhsJVZb3AXdAQyeLYLXtKF9r5xoo1idmSoxrLa+YWedFcCy2rjnrKPeSwhlIJoHhJNqUzm3+JLyZLzK5cTqbXibHWKjPU/s4hgZ2LItbb+zbqB9jgzWf70QQ03jRf9T82TFjjZLrptghwmINpC7LfYfkKQy9Gi9KyIm0OhqkIwq5epoXEOU87Vw5ZXXMqNwdk3yO/e0mil8gXHxOt+YoQCLjNC2Ydc+uPdX86GEINlUXaHT7NRZGJN5J79fh83qi7pSYstqGNWOmQjw0VWjPtKL2Gr ops-coffee@onlinegame.ops-coffee.cn

密钥使用场景

  1. 服务器系统登陆
  2. gitlab拉取提交代码