GitHub身份验证如何工作? [英] How does the GitHub authentification work?
问题描述
如果您遵循GitHub HowTo"生成SSH密钥",则您在您的〜/.ssh 目录中获得三个文件: known_hosts , id_rsa 和 id_rsa.pub .
文件 known_hosts 用于服务器身份验证, id_rsa 用于客户端身份验证(解决方案
这只是普通的旧SSH身份验证;没什么是特定于GitHub的.
id_rsa 和 id_rsa.pub 是密钥的两半:私钥和公钥.实际上,公钥是私钥的锁.您将锁(公钥)放在要轻松访问的任何服务器上,不必太担心别人会看到它,因为它只是一个锁.您将(专用)密钥保留在您的计算机上,并用它登录到那些服务器;他们看到您有一把适合锁的钥匙,然后让您进去.
(并不是说您应该将公钥放置在完全不可信的机器上;有些恶意技巧可以利用诸如 ssh -A 之类的快捷方式.)
known_hosts 实际上与此无关.它只是 ssh 存储已连接的所有服务器的指纹的地方,因此,如果指纹发生更改,它可能会发出一个可怕的警告.(那将意味着它不是同一台机器:服务器端发生了根本性的变化,或者您的连接被劫持了.)
因此,无论如何,Git本身了解的协议之一就是SSH.当您使用 git@github.com:... 作为存储库URL时,Git只是通过SSH连接.当然,GitHub不想让您在他们的机器上乱糟糟,所以他们只让您做Git事情,而不是获得完整的Shell.
和往常一样, Arch Wiki 上还有很多其他词./p>
If you follow the GitHub HowTo "Generating SSH Keys", you get three files in your ~/.ssh directory: known_hosts, id_rsa, and id_rsa.pub.
The file known_hosts is used for the server authentication, id_rsa is used for the client authentification (here is an article, that explains the difference).
Why should I create / why GitHub does need both -- a host and a user authentification files? How does the GitHub authentification work?
Thx
This is just plain old SSH authentication; nothing about it is specific to GitHub.
id_rsa and id_rsa.pub are the two halves of your key: the private key and the public key. Effectively, the public key is the lock for the private key. You put the lock (public key) on whatever servers you want easy access to, without too much worry that someone else will see it, because it's just a lock. You keep the (private) key on your machine, and use it to log into those servers; they see you have a key fitting the lock, and let you in.
(Not to say that you should put your public key on completely untrustworthy machines; there are malicious tricks that can take advantage of shortcuts like ssh -A.)
known_hosts doesn't actually have much to do with this; it's just where ssh stores the fingerprints of all the servers you've connected to, so it can throw up a big scary warning if the fingerprint changes. (That would mean it's not the same machine: either something has changed radically on the server side, or your connection has been hijacked.)
So, anyway, one of the protocols Git itself understands is SSH. When you use git@github.com:... as a repository URL, Git is just connecting over SSH. Of course, GitHub doesn't want you mucking around on their machines, so they only let you do Git things, not get a full shell.
As usual, the Arch wiki has a whole lot more words on this.
这篇关于GitHub身份验证如何工作?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
