SSH密钥对 - 生成
Ed25519 算法(256位):基于椭圆曲线密码学(ECC),计算精简,建立连时接验签的 CPU 消耗极低
---------------windows cmd终端---------------- cmd /v:on /c "set i=git.atibm.com-at-ed25519-max2mobax-%date:~0,4%%date:~5,2%%date:~8,2%&& ssh-keygen -t ed25519 -f "!i!" -N "" -q -C "!i!.pub"" ---------------windows PowerShell------------ $ts = Get-Date -Format "yyyyMMdd"; ssh-keygen -t ed25519 -f "D:\fileJob\1606atibm\2105oracle\instance-20210526-1342\sshkey\git.atibm.com-at-ed25519-max2mobax-$ts" -N "" -q -C "git.atibm.com-at-ed25519-max2mobax-${ts}.pub" ---------------mobax cmd 终端--------------- cmd /v:on /c "set i=git.atibm.com-at-ed25519-max2mobax-%date:~0,4%%date:~5,2%%date:~8,2%&& ssh-keygen -t ed25519 -f "D:\fileJob\1606atibm\2105oracle\instance-20210526-1342\sshkey\!i!" -N "" -q -C "!i!.pub"" ---------------mobax bash终端--------------- ssh-keygen -t ed25519 -f "git.atibm.com-at-ed25519-max2mobax-$(date +%Y%m%d)" -N "" -q -C "git.atibm.com-at-ed25519-max2mobax-$(date +%Y%m%d).pub"RSA 算法(4096位):基于大数因式分解,数字庞大,建立连时接验签的 CPU 消耗显著要高
---------------windows cmd终端---------------- ---- 环境变量 C:\Program Files\Git\usr\bin ---- cmd /v:on /c "set i=git.atibm.com-at-rsa4096-max2mobax-%date:~0,4%%date:~5,2%%date:~8,2%&& ssh-keygen -t rsa -b 4096 -f "!i!" -N "" -q -C "!i!.pub"" ---------------windows PowerShell------------ $ts = Get-Date -Format "yyyyMMdd"; ssh-keygen -t rsa -b 4096 -f "D:\fileJob\1606atibm\2105oracle\instance-20210526-1342\sshkey\git.atibm.com-at-rsa4096-max2mobax-$ts" -N "" -q -C "git.atibm.com-at-rsa4096-max2mobax-${ts}.pub" ---------------mobax cmd 终端--------------- cmd /v:on /c "set i=git.atibm.com-at-rsa4096-max2mobax-%date:~0,4%%date:~5,2%%date:~8,2%&& ssh-keygen -t rsa -b 4096 -f "D:\fileJob\1606atibm\2105oracle\instance-20210526-1342\sshkey\!i!" -N "" -q -C "!i!.pub"" ---------------mobax bash终端--------------- ssh-keygen -t rsa -b 4096 -f "git.atibm.com-at-rsa4096-max2mobax-$(date +%Y%m%d)" -N "" -q -C "git.atibm.com-at-rsa4096-max2mobax-$(date +%Y%m%d).pub"
SSH密钥对 - 使用
linux服务ssh登录
-------------- 服务端 --------------- .pub公钥文件的内容,追加到 ~/.ssh/authorized_keys 目录权限要求 chmod 700 ~/.ssh 文件权限要求 chmod 600 ~/.ssh/authorized_keys -------------- 客户端 --------------- 客户端:指定使用不带.pub的私钥文件 ssh命令行:指定使用不带.pub的私钥文件 ssh命令行:自动匹配~/.ssh/config 配置的ssh项本地ssh agent控制
eval "$(ssh-agent -s)" # 启动ssh代理,每次都要启动,嫌费事直接启动系统服务OpenSSH Authentication Agent,自动挂载config ssh-add -l # 私钥列表 ssh-add /D/GitRepo/sshkey/github.com-ATcn-ed25519-max2git-20260518 # 挂载私钥 ssh-add -D # 卸载全部私钥git服务ssh登录
-------------- 服务端 --------------- 在git用户后台添加.pub公钥文件的内容 -------------- 客户端 --------------- git命令:git clone git@ghost.atibm.com:2222/admin/projectA.git # 自动匹配~/.ssh/config里同域名第一个配置项 git命令:git clone git@forgejo-admin:admin/projectA.git # 自动匹配~/.ssh/config 别名对应的配置项 -------------- 验证 --------------- ssh -F /dev/null -i git.atibm.com-at-ed25519-max2hermes-20260518 -o IdentitiesOnly=yes -p 62222 git@git.atibm.com ssh -vT atibmgitat~/.ssh/config
Host gitee.com HostName gitee.com User git IdentityFile D:/GitRepo/sshkey/oracle-ghost-rsa4096-max2-20250215 Host github.com HostName github.com User git IdentityFile D:/GitRepo/sshkey/github.com-ATcn-ed25519-max2git-20260518 # hf.co配置 Host hf.co HostName hf.co IdentityFile D:/GitRepo/sshkey/hf-ed25519-20250202 Host git.atibm.com HostName git.atibm.com User git Port 62222 IdentityFile D:/GitRepo/sshkey/git.atibm.com-at-ed25519-max2mobax-20260518 Host atdemo.git.atibm.com HostName git.atibm.com User git Port 62222 IdentityFile D:/GitRepo/sshkey/git.atibm.com-atdemo-ed25519-max2mobax-20260518
SSL证书生成
nginx 本地生成证书
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /www/nginx/data/localssl/max2.com.key -out /www/nginx/data/localssl/max2.com.crt -subj "/C=CN/CN=max2.com" -addext "subjectAltName = DNS:*.max2.com,DNS:max2.com" 服务端 nginx conf 指向.key 客户端 下载安装根证书 选择.crtcertbot 公共服务生成证书
certbot机制 服务端 nginx conf 指向.key 客户端 浏览器自动认可