可以在全球范围内添加ssh-add [英] can ssh-add be added globally
问题描述
我可以针对永久保留的 identifyFile 执行 ssh-add ,目前仅适用于当前活动的 ssh会话(即identityFile添加使用ssh-add会丢失,当一个新的SSH会话与服务器可以通过运行ssh-add -L找到)
问题是,我们的亚马逊服务器有在github休息回购的各种项目。
现在,每个回购站点都有基于用户的访问权限
表示用户A仅拥有访问权限项目A 和 B仅对项目B具有访问权限
现在,每个用户可以执行git操作(比如git fetch,git push等)只能到相应的项目(这就是我们想要的)
现在所有我希望当用户在那里执行相应项目的git操作时,我希望 ssh-agent 获取帐户中的所有ssh密钥并查找与特定用户匹配的项目。
每个ssh-key都有一个短语(独特的秘密知道每个用户都有自己的)与它关联,提示输入时执行git函数。
实现这个我们做的
p> ssh-add /root/.ssh/A
或
ssh-add / root /。 ssh / B
但是,如前所述,这仅适用于活动ssh会话< >,退出或与服务器进行新的 ssh会话,则ssh-add信息将丢失 。可以通过运行 ssh-add -L 找到 我也尝试在.ssh / config中定义IdentityFile,就像这个问题 像这样 这仅适用于一位用户(有时适用于'A',有时不适用,同样是'B') 是否可以实现这种隔离,或者我听起来有点过分雄心勃勃 Thanks 您对IdentityFile的编辑非常接近。但是,您需要在IdentityFile中列出唯一的主机名。因为您曾两次使用github.com作为主机名,当您尝试连接到github.com时,它不知道要使用哪一个。 我们有类似的建立。我们有5个用户,他们都登录到一个帐户。但是,Github需要使用他们自己的ssh-key来查看它们,所以我们有5个密钥。解决这个问题的诀窍是让你的文件看起来像这样 每当 UserB 想要做一些与git相关的事情时,他们将运行... 或类似的东西。这将表现得好像他们进入了......
主机github.com
主机名github.com
用户git
IdentityFile /root/.ssh/A
主机github.com
主机名github.com
用户git
IdentityFile / root /。 ssh / B
Host UserA_github
Hostname github.com
用户git
IdentityFile /root/.ssh/A
主机UserB_github
主机名github.com
用户git
IdentityFile /root/.ssh / b
git clone UserB_github:UserB / MyRepo
git clone github.com:UserB/MyRepo
除了它将使用适当的IdentityFile /私钥。
据我所知,我的解决方案不使用持久的 ssh-add ,但我认为这会给你与你想要的相同的性能。不幸的是,您的用户每次执行交易时都需要输入密码。
Can I do ssh-add against the identifyFile that stay forever, currently it prevail only for the current active ssh session (i.e identityFile added using ssh-add get lost when a new ssh session is made with the server can be found by running ssh-add -L )
The problem is that our amazon server has various projects with repo resting in github.
Now each one of the repo has access right based on the users say user A has access right only for project A and B has an access right on project B only
With that access right set(in github) now each user can perform git operation(like git fetch, git push etc) only to there respective project (which is what we want)
Now all I want is when a user perform a git operation on there respective project I want ssh-agent to take all ssh-keys in accounts and look for the one that match to that specific users
Note
that each ssh-key has a phrases(a unique secret know to each user there own) associated with it, prompted to enter when perform git function.
to achieve this we do
ssh-add /root/.ssh/A
or
ssh-add /root/.ssh/B
But as mention earlier this only stay for the active ssh-session ,exit or make a new ssh session with the server the ssh-add info is lost. can be found by running ssh-add -L
I have also tried defining IdentityFile in .ssh/config like this describe in this question
something like this
Host github.com
Hostname github.com
User git
IdentityFile /root/.ssh/A
Host github.com
Hostname github.com
User git
IdentityFile /root/.ssh/B
This only work for one user (sometime it work for 'A' and sometime it doesnt ,same is with 'B' too)
Can this segregation be achieved or am I sounding a bit over ambitious
Thanks
You're very close with your edit of the IdentityFile. However, you need to have unique hostnames listed in the IdentityFile. Because you used github.com as the hostname both times, when you try to connect to github.com, it has no idea which one to use.
We have a similar setup. We have 5 users, all of whom log in to a single account. However, Github needs to see them each using their own ssh-key, so we have 5 keys. The trick to get around this is to make your file look like this
Host UserA_github
Hostname github.com
User git
IdentityFile /root/.ssh/A
Host UserB_github
Hostname github.com
User git
IdentityFile /root/.ssh/B
Whenever UserB wants to do something git related, (e.g. clone one of their repositories) they will run...
git clone UserB_github:UserB/MyRepo
or something similar. This will behave as if they had entered...
git clone github.com:UserB/MyRepo
except that it will use the appropriate IdentityFile/private key.
I understand that my solution doesn't use a persistent ssh-add but I think this will give you the same performance that you want. Unfortunately, your users will need to enter their passphrase each time they perform a transaction.
这篇关于可以在全球范围内添加ssh-add的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
