0


ssh免密登陆与git详解

ssh免密登陆

参考文章:http://blog.itpub.net/70017844/viewspace-2909916/
linux系统CentOS Linux release 7.9.2009 (Core)
zabbix-server 192.168.220.128
zabbix-proxy 192.168.220.108

利用root账号密码登录ssh服务端

1.zabbix-server开启ssh服务
[root@zabbix-server ~]# rpm -qf `which ssh`
openssh-clients-7.4p1-21.el7.x86_64
[root@zabbix-server ~]# rpm -qf `which sshd`
openssh-server-7.4p1-21.el7.x86_64
[root@zabbix-server ~]# systemctl status sshd
● sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2023-04-20 22:35:42 EDT; 4h 27min ago
     Docs: man:sshd(8)
           man:sshd_config(5)
 Main PID: 2563 (sshd)
   CGroup: /system.slice/sshd.service
           └─2563 /usr/sbin/sshd -D
........

2.zabbix-proxy账号密码登录zabbix-server
[root@zabbix-proxy ~]# ssh [email protected]
The authenticity of host '192.168.220.128 (192.168.220.128)' can't be established.
ECDSA key fingerprint is SHA256:WWjD+PCmlUmq2jJJF32DbaHWE32uVKO/h66k32jf9Ns.
ECDSA key fingerprint is MD5:92:ea:a5:d4:a6:ad:10:de:97:a5:bd:4f:67:ce:87:d6.
Are you sure you want to continue connecting (yes/no)? yes    ####输入yes后会添加一条192.168.220.128的信息到客户端~/.ssh下的known_hosts文件
Warning: Permanently added '192.168.220.128' (ECDSA) to the list of known hosts.
[email protected]'s password: 
Last login: Thu Apr 20 23:34:23 2023 from 192.168.220.1
[root@zabbix-server ~]# 

客户端
[root@zabbix-proxy ~]# cat known_hosts 
192.168.220.125 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBE7++JhhOslmX5T1/B2knqMR84TycWTSLUyQ2HYpoKMnKtVm2oqDhQuGksf19KjFHYxB7jFT4wpkAHGBwst8RtY=
192.168.220.128 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBE7++JhhOslmX5T1/B2knqMR84TycWTSLUyQ2HYpoKMnKtVm2oqDhQuGksf19KjFHYxB7jFT4wpkAHGBwst8RtY=

利用root账号免密登录ssh服务端

###手动复制客户端公钥到服务端authorized_keys文件内实现免密登录的方式有时候不好用,强烈建议使用ssh-copy-id命令
[root@zabbix-proxy ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Hb3aqAwQvPhc4nL1Tf8beXzvL4coAMrtMn7Q4dgVPbc root@zabbix-proxy
The key's randomart image is:
+---[RSA 2048]----+
|         .       |
|   .    . o..    |
|    o    ..o..   |
|   . oo .. .E.   |
|  ..+Bo+S o .    |
|   +===..o =   o |
|  . =o. ..+ o.o.+|
|   oo oo .. ..oo+|
|   ..+  o  .  o==|
+----[SHA256]-----+
将/root/.ssh/id_rsa.pub的内容复制到服务端zabbix-server下的/root/.ssh/authorized_keys文件内        ###将ssh客户端公钥复制到服务端
[root@zabbix-proxy .ssh]# ssh [email protected]       ###客户端实现免密登录
Last login: Fri Apr 21 03:05:43 2023 from 192.168.220.108
[root@zabbix-server ~]# 

或者通过公钥拷贝指令# ssh-copy-id username@ip
###ssh-copy-id命令会在username用户家目录下创建.ssh/authorized_keys文件,文件内容为免密登录客户机的公钥信息
[root@zabbix-proxy ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Hb3aqAwQvPhc4nL1Tf8beXzvL4coAMrtMn7Q4dgVPbc root@zabbix-proxy
The key's randomart image is:
+---[RSA 2048]----+
|         .       |
|   .    . o..    |
|    o    ..o..   |
|   . oo .. .E.   |
|  ..+Bo+S o .    |
|   +===..o =   o |
|  . =o. ..+ o.o.+|
|   oo oo .. ..oo+|
|   ..+  o  .  o==|
+----[SHA256]-----+
[root@zabbix-proxy .ssh]# ssh-copy-id [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:         #此处输入密码登录服务端

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.

[root@zabbix-proxy .ssh]# ssh '[email protected]'
Last login: Fri Apr 21 03:20:32 2023 from 192.168.220.108
[root@zabbix-server ~]# 
[root@zabbix-server ~]# 

利用非root账号免密登录ssh服务端

ssh服务端
[root@zabbix-server .ssh]# useradd -m git
[root@zabbix-server .ssh]# passwd git
Changing password for user git.
New password: 
Retype new password: 
passwd: all authentication tokens updated successfully.
[root@zabbix-server .ssh]# mkdir -p /home/git/.ssh/
[root@zabbix-server .ssh]# vi /home/git/.ssh/authorized_keys    ###将ssh客户端公钥添加到服务端/home/git/.ssh/authorized_keys文件内
[root@zabbix-server .ssh]# chown -R git. /home/git/.ssh/        #重点在修改文件的属性和权限,否则ssh [email protected],任然会提示输入git用户密码
[root@zabbix-server .ssh]# chmod -R 700 /home/git/.ssh/
ssh客户端通过非root用户连接服务端
[root@zabbix-proxy .ssh]# ssh [email protected]
[email protected]'s password: 
[git@zabbix-server ~]$ 
[git@zabbix-server ~]$ 
或者通过公钥拷贝指令ssh-copy-id
ssh服务端
[root@zabbix-server .ssh]# useradd -m git
[root@zabbix-server .ssh]# passwd git
Changing password for user git.
New password: 
Retype new password: 
passwd: all authentication tokens updated successfully.
[root@zabbix-server git]# ls -l /home/git/.ssh/authorized_keys    #git用户目录下没有此文件下面用ssh-copy-id命令生成
ls: cannot access /home/git/.ssh/authorized_keys: No such file or directory
ssh客户端通过非root用户连接服务端
[root@zabbix-proxy ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Hb3aqAwQvPhc4nL1Tf8beXzvL4coAMrtMn7Q4dgVPbc root@zabbix-proxy
The key's randomart image is:
+---[RSA 2048]----+
|         .       |
|   .    . o..    |
|    o    ..o..   |
|   . oo .. .E.   |
|  ..+Bo+S o .    |
|   +===..o =   o |
|  . =o. ..+ o.o.+|
|   oo oo .. ..oo+|
|   ..+  o  .  o==|
+----[SHA256]-----+
[root@zabbix-proxy ~]# ssh-copy-id [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:         #输入git密码

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.

[root@zabbix-proxy ~]# ssh [email protected]
Last login: Fri Apr 21 04:20:12 2023 from 192.168.220.108
[git@zabbix-server ~]$ 

ssh服务端
[root@zabbix-server ~]# ls -l /home/git/.ssh/authorized_keys        ##可以看到公钥被拷贝到authorized_keys文件内
-rw------- 1 git git 399 Apr 21 04:19 /home/git/.ssh/authorized_keys

处理git用户的shell为git-shell

在Git用作仓库的时候我们可以将默认ssh登录shell改为git-shell,这个git提供的shell程序,一旦登录会自动秒退  #为了安全考虑我们需要禁用ssh登录到我们的shell,防止别人登录到shell之后对我们的电脑做增删改
ssh服务器
[root@zabbix-server git]# chsh -s `which git-shell` git
Changing shell for git.
chsh: Warning: "/usr/bin/git-shell" is not listed in /etc/shells.
Shell changed.
ssh客户端
[root@zabbix-proxy ~]# ssh [email protected]
[email protected]'s password: 
Last login: Fri Apr 21 04:23:57 2023 from 192.168.220.108
fatal: Interactive git shell is not enabled.
hint: ~/git-shell-commands should exist and have read and execute access.
Connection to 192.168.220.128 closed.
[root@zabbix-proxy ~]# 

出现的问题

问题1:由于用户git在服务器端的 shell 为 git-shell,在使用 ssh-copy-id 的时候报错:
[root@zabbix-proxy test]# ssh-copy-id git@192.168.220.128
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
git@192.168.220.128's password:
fatal: unrecognized command 'exec sh -c 'cd ; umask 077 ; mkdir -p .ssh && cat >> .ssh/authorized_keys || exit 1 ; if type restorecon >/dev/null 2>&1 ; then restorecon -F .ssh .ssh/authorized_keys ; fi''
解决办法
[root@zabbix-proxy .ssh]# scp /root/.ssh/id_rsa.pub root@192.168.220.128:/home/git/.ssh/authorized_keys #确保ssh服务器/home/git/.ssh/目录存在,scp是ssh的文件复制命令
id_rsa.pub 100% 399 373.5KB/s 00:00
[root@zabbix-proxy .ssh]# ssh root@192.168.220.128
Last login: Fri Apr 21 04:12:25 2023 from 192.168.220.108
[root@zabbix-server ~]# cd /home/git/
[root@zabbix-server git]# chown -R git. .ssh
[root@zabbix-server git]# chmod -R 700 .ssh/
[root@zabbix-server git]# ll /home/git/.ssh/
total 4
-rwx------ 1 git git 399 Apr 21 05:35 authorized_keys

git详细教程

Git 分支管理 | 菜鸟教程
关于Git这一篇就够了_17岁boy想当攻城狮的博客-CSDN博客
Git简明指南:git 简明指南

搭建git本地服务器

参考文章:https://huaweicloud.csdn.net/63560ddfd3efff3090b5909f.html?spm=1001.2101.3001.6661.1&utm_medium=distribute.pc_relevant_t0.none-task-blog-2%7Edefault%7EBlogCommendFromBaidu%7Eactivity-1-124420970-blog-126617355.235%5Ev31%5Epc_relevant_increate_t0_download_v2&depth_1-utm_source=distribute.pc_relevant_t0.none-task-blog-2%7Edefault%7EBlogCommendFromBaidu%7Eactivity-1-124420970-blog-126617355.235%5Ev31%5Epc_relevant_increate_t0_download_v2&utm_relevant_index=1

环境
[root@zabbix-server ~]# cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
zabbix-server 192.168.220.128
zabbix-proxy 192.168.220.108
分别已安装软件 yum install git ssh -y;service ssh start

配置ssh远程访问

zabbix-server服务端
[root@zabbix-server ~]# useradd -m git
[root@zabbix-server ~]# passwd git       #给git用户设置密码
Changing password for user git.
New password: 
Retype new password: 
passwd: all authentication tokens updated successfully.
zabbix-proxy客户端
[root@zabbix-proxy ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:fmDBtjmOjnHxy/HOhtT4+PcvyZ91533TbelGyo8n5Sw root@zabbix-proxy
The key's randomart image is:
+---[RSA 2048]----+
|                 |
|       .         |
|        +        |
|       . +       |
|      . So       |
|       Boo.    o |
|    . o.=+. ..*.B|
|     = .o*o .E=O@|
|    . . o+=. oOOB|
+----[SHA256]-----+
[root@zabbix-proxy ~]# ssh-copy-id [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.

[root@zabbix-proxy ~]# ssh '[email protected]'                  #免密访问
Last failed login: Fri Apr 21 05:05:04 EDT 2023 from 192.168.220.108 on ssh:notty
There was 1 failed login attempt since the last successful login.
[git@zabbix-server ~]$ 
zabbix-server服务端
[root@zabbix-server .ssh]# chown -R git. /home/git/.ssh/
[root@zabbix-server .ssh]# chmod -R 700 /home/git/.ssh/
[root@zabbix-server .ssh]# chsh -s `which git-shell` git               #修改git用户的shell,防止客户机ssh通过git用户登录服务器修改文件
Changing shell for git.
chsh: Warning: "/usr/bin/git-shell" is not listed in /etc/shells.
Shell changed.

创建git本地仓库

zabbix-server服务端
创建仓库存放路径并设置所属用户为git,路径可任意起名,这里叫gitrepo。
[root@zabbix-server .ssh]# mkdir -p /home/git/gitrepo
初始化仓库并设置所属用户为git,这里建了一个叫test的仓库。
root@zabbix-server .ssh]# cd /home/git/gitrepo/
[root@zabbix-server gitrepo]# git init --bare test.git
Initialized empty Git repository in /home/git/gitrepo/test.git/
[root@zabbix-server gitrepo]# chown -R git. /home/git/gitrepo/          ##因为这里的gitrepo路径下有多个文件,所以加-R参数递归
到此,git服务器就算搭建完成,URL地址如下:
[email protected]:/home/git/gitrepo/test.git

测试1 --git clone
以下简单测试Clone和Push,如果你之前用过git,那么得到上边的仓库地址后应该就非常熟悉了。
clone--zabbix-proxy客户端
[root@zabbix-proxy ~]# mkdir -p $HOME/A
[root@zabbix-proxy ~]# cd A/
[root@zabbix-proxy A]# git clone [email protected]:/home/git/gitrepo/test.git   #这里并不需要输入上边创建git用户的密码,如果需要输入密码,说明公钥添加有误,请重新检查。
Cloning into 'test'...
warning: You appear to have cloned an empty repository.
[root@zabbix-proxy A]# ls
test
[root@zabbix-proxy A]# cd test
[root@zabbix-proxy test]# ls
[root@zabbix-proxy test]# touch 1
[root@zabbix-proxy test]# git add .
[root@zabbix-proxy test]# git commit -m "ceshi"
[master (root-commit) e3b8d5b] ceshi
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 1
[root@zabbix-proxy test]# git push origin master      #通过克隆来的远程仓库,默认有个别名叫origin,所以推送可以直接这样:
Counting objects: 3, done.
Writing objects: 100% (3/3), 193 bytes | 0 bytes/s, done.
Total 3 (delta 0), reused 0 (delta 0)
To [email protected]:/home/git/gitrepo/test.git
 * [new branch]      master -> master
[root@zabbix-proxy test]# mkdir -p $HOME/B             #再次克隆
[root@zabbix-proxy test]# cd $HOME/B
[root@zabbix-proxy B]# git clone [email protected]:/home/git/gitrepo/test.git
Cloning into 'test'...
remote: Counting objects: 3, done.
remote: Total 3 (delta 0), reused 0 (delta 0)
Receiving objects: 100% (3/3), done.
[root@zabbix-proxy B]# ls
test
[root@zabbix-proxy B]# cd test
[root@zabbix-proxy test]# ls               #可以看到这个就是刚才提交文件
1

测试2 --git remote   #需要有本地仓库
[root@zabbix-proxy ~]# mkdir -p $HOME/C
[root@zabbix-proxy ~]# cd $HOME/C        
[root@zabbix-proxy C]# git init        #初始化创建本地仓库
Initialized empty Git repository in /root/C/.git/
[root@zabbix-proxy C]# git remote add origin [email protected]:/home/git/gitrepo/test.git       #git远程添加源
[root@zabbix-proxy C]# git push -u origin master    #将本地的master分支推送到origin主机,同时指定origin为默认主机
error: src refspec master does not match any.
error: failed to push some refs to '[email protected]:/home/git/gitrepo/test.git'
[root@zabbix-proxy C]#  git pull [email protected]:/home/git/gitrepo/test.git    ##在上传你的代码之前因为产生冲突会报错,提交不上,通常要进行拉取代码。
remote: Counting objects: 26, done.
remote: Compressing objects: 100% (18/18), done.
remote: Total 26 (delta 4), reused 0 (delta 0)
Unpacking objects: 100% (26/26), done.
From 192.168.220.128:/home/git/gitrepo/test
 * branch            HEAD       -> FETCH_HEAD
[root@zabbix-proxy C]# ls
1  README  runoob.php  test.txt
[root@zabbix-proxy C]# git branch
* master
[root@zabbix-proxy C]# echo 1111111 >ceshi
[root@zabbix-proxy C]# git add .
[root@zabbix-proxy C]# git commit -m "add ceshi"
[master 6e0e239] add ceshi
 1 file changed, 1 insertion(+)
 create mode 100644 ceshi
[root@zabbix-proxy C]# git push -u origin master    ##将本地的master分支推送到origin主机,同时指定origin为默认主机
Counting objects: 4, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (3/3), 257 bytes | 0 bytes/s, done.
Total 3 (delta 1), reused 0 (delta 0)
To [email protected]:/home/git/gitrepo/test.git
   0e88423..6e0e239  master -> master
Branch master set up to track remote branch master from origin.
[root@zabbix-proxy C]# 

git clone与git pull的区别

git clone与git pull区别_git pull能用什么代替_zhou_xiaomiao的博客-CSDN博客
git上传_提交代码前先git pull吗_年少不知富婆好的博客-CSDN博客

git如何拉取指定分支的代码

问题背景:

  新项目还在开发阶段,没有正式对外发布,所以开发同事合并代码到develop上(或者其他名称分支上),而不是到master分支上

  通过git拉取代码的时候,默认拉取的是master分支,如下图:

拉取指定分支代码解决方案:

以拉取develop分支的代码为例, 要拉取其余分支代码类似操作

1.使用git命令拉取

命令:git clone -b develop XXX** **其中develop就是分支的名称

2.使用TortoiseGit工具拉取

git fetch与git merge

参考内容:Git 远程仓库(Github) | 菜鸟教程

  • 执行 git fetch origin master 时,它的意思是从名为 origin 的远程上拉取名为 master 的分支到本地分支 origin/master 中。既然是拉取代码,当然需要同时指定远程名与分支名,所以分开写。
  • 执行 git merge origin/master 时,它的意思是合并名为 origin/master 的分支到当前所在分支。既然是分支的合并,当然就与远程名没有直接的关系,所以没有出现远程名。需要指定的是被合并的分支。
  • 执行 git push origin master 时,它的意思是推送本地的 master 分支到远程 origin,涉及到远程以及分支,当然也得分开写了。
  • 还可以一次性拉取多个分支的代码:git fetch origin master stable oldstable
  • 也还可以一次性合并多个分支的代码:git merge origin/master hotfix-2275 hotfix-2276 hotfix-2290
服务器A
[root@dongm xuexi]# ls
11111  1.txt  ceshi.c  ceshi.ccccccc  ceshi.sh  test.c  test.txt  xinjian.txt
[root@dongm xuexi]# echo  555555 >11111111111.txt
[root@dongm xuexi]# git add .
[root@dongm xuexi]# git commit -m "add 1111111111.txt"
[master c3d767b] add 1111111111.txt
 1 file changed, 1 insertion(+)
 create mode 100644 11111111111.txt
[root@dongm xuexi]# git push origin master
Counting objects: 4, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (2/2), done.
Writing objects: 100% (3/3), 260 bytes | 0 bytes/s, done.
Total 3 (delta 1), reused 0 (delta 0)
remote: Resolving deltas: 100% (1/1), completed with 1 local object.
To [email protected]:dongmin6/test.git
   3f7513d..c3d767b  master -> master        ##增加文件11111111111.txt
[root@dongm xuexi]# ls
11111  11111111111.txt  1.txt  ceshi.c  ceshi.ccccccc  ceshi.sh  test.c  test.txt  xinjian.txt

服务器B
[root@dongm test]# git fetch origin
From github.com:dongmin6/test
   3f7513d..c3d767b  master     -> origin/master     ##与仓库新增文件11111111111.txt对应
[root@dongm test]# ls
11111  1.txt  ceshi.c  ceshi.ccccccc  ceshi.sh  README.md  test.c  test.txt  xinjian.txt
[root@dongm test]# git merge origin/master
Merge made by the 'recursive' strategy.
 11111111111.txt | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 11111111111.txt
[root@dongm test]# ls
11111  11111111111.txt  1.txt  ceshi.c  ceshi.ccccccc  ceshi.sh  README.md  test.c  test.txt  xinjian.txt
标签: ssh 服务器 linux

本文转载自: https://blog.csdn.net/weixin_47680367/article/details/130294791
版权归原作者 weixin_47680367 所有, 如有侵权,请联系我们删除。

“ssh免密登陆与git详解”的评论:

还没有评论