在不同组中使用 ssh 密钥对的最佳实践? [英] Best practice for using ssh key pair with different groups?
问题描述
我在学校以外的一家公司做一些工作,他们需要我的公共 ssh 密钥.
I'm doing some work with a company outside of my school, and they need my public ssh key.
我已经生成了用于 github 的公共 ssh 密钥.我前段时间设置了这个,如果我打开 id_rsa.pub 文件,我会看到里面嵌入了我的学校电子邮件地址.
I already have my public ssh key generated for use with github. I set this up some time ago, and if I open the id_rsa.pub file, I see it has my school email address embedded inside.
现在我想知道是不是在与您合作的每家公司都重复使用这个密钥是典型的,还是为每个公司都生成一个新的密钥.我想我有几个考虑:
Now I'm wondering if it's typical to reuse this one key with every company you work with, or do you generate a new one for every company. I guess I have a few considerations:
- 如果我对每家公司使用相同的公钥,而我的私钥被泄露,我需要为每家公司提供一个新的公钥.
- 我的学校电子邮件地址出现在我当前的公钥中.我不确定为什么会这样,但我认为您的电子邮件与密钥无关(或者是否与密钥有关?).
- 如果我确实为与我合作的每家公司生成了不同的密钥对,我不确定在与不同公司合作时(例如通过 github)我实际上如何在它们之间切换.
我的理解在这里有点薄弱,任何澄清都会非常有帮助.
My understanding is a bit weak here, any clarifications would be really helpful.
谢谢
推荐答案
您的问题已在 security.stackexchange.com 上提出(并且得到了很好的回答!):https://security.stackexchange.com/questions/10203/reusing-private-public-keys
Your question has been asked (and well-answered!) on security.stackexchange.com: https://security.stackexchange.com/questions/10203/reusing-private-public-keys
总而言之,是的,您可以将您的公钥重复用于多个帐户,但您首先要考虑的是有点不足;如果您的私钥被盗用,您的所有帐户都将被盗用.如果各个帐户对安全性的期望不同,您可能需要考虑使用不同的密钥对.
The long and short of it is that yes, you may re-use your public key for multiple accounts, but your first consideration is a little underweight; if your private key were compromised, all of your accounts would be compromised. If the various accounts have different expectations of security, you might want to consider using different key pairs.
与您的密钥相关联的电子邮件地址用于识别目的.它与密钥有关,因为它在密钥中,但不影响密钥的功能.
Your email address associated with your key is for identification purposes. It has to do with the key in that it is IN the key, but it does not impact the functionality of the key.
如果您确实生成了不同的密钥对,您可以通过 ~/.ssh/config 将不同的密钥绑定到不同的主机.操作说明应该很容易找到.
If you did generate a different key pair, you can tie different keys to different hosts via ~/.ssh/config. Instructions to do should be pretty easy to find.
这篇关于在不同组中使用 ssh 密钥对的最佳实践?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
