document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2024-12-26 21:30:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

TSL

Browse Source
This commit is contained in:
Xingyu Wang 2020-02-24 20:59:57 +08:00
parent d8709fbfe1
commit cc00466d8d
2 changed files with 104 additions and 110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

110
sources/tech/20200220 Tools for SSH key management.md
View File

@ -1,110 +0,0 @@
[#]: collector: (lujun9972)
[#]: translator: (wxy)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Tools for SSH key management)
[#]: via: (https://opensource.com/article/20/2/ssh-tools)
[#]: author: (Ben Nuttall https://opensource.com/users/bennuttall)
Tools for SSH key management
======
Time-saving shortcuts for a commonly used open source tool.
![collection of hardware on blue backround][1]
I use SSH constantly. Every day I find myself logged in to multiple servers and Pis (both in the same room as me and over the internet). I have many devices I need access to, and different requirements for gaining access, so in addition to using various SSH/SCP command options, I have to maintain a config file with all the connection details.
Over time Ive come up with a few time-saving tips and tools that you might find useful, too.
### SSH keys
SSH keys are a way to authenticate SSH connections without using a password, either to speed up your access or as a security measure, if you turn password access off and ensure only authorized keys are permitted. To create an SSH key, run the command:
```
`$ ssh-keygen`
```
This will create a key-pair (a public and private key) in **~/.ssh/**. Keep the private key (id_rsa) on the PC and never share it. You can share the public key (id_rsa.pub) with others or place it on other servers.
### ssh-copy-id
If Im working on a Pi at home or work, I tend to leave SSH settings at their default, as Im not concerned with security on an internal trusted network, and I usually copy my SSH key to the Pi to avoid having to authenticate with a password every time. To do this, I use the **ssh-copy-id** command to copy it to the Pi. This automatically adds your key to the Pi:
```
`$ ssh-copy-id pi@192.168.1.20`
```
On production servers, I tend to turn off password authentication and only allow authorized SSH keys.
### ssh-import-id
Another similar tool is ssh-import-id. You can use this to give yourself (or others) access to a computer or server by importing their keys from GitHub. For example, I have registered my various SSH keys with my GitHub account, so I can push to GitHub without a password. These public keys are made available, so ssh-import-id can use them to authorize me from any of my computers:
```
`$ ssh-import-id gh:bennuttall`
```
I can also use this to give someone else access to a server without asking them for their keys:
```
`$ ssh-import-id gh:waveform80`
```
### storm
I also use a tool called Storm, which helps you add SSH connections to your SSH config, so you dont have to remember them all. You can install it with pip:
```
`$ sudo pip3 install stormssh`
```
Then you can add an SSH connection to your config with the following command:
```
`$ storm add pi3 pi@192.168.1.20`
```
Then you can just use **ssh pi3** to gain access. Similarly, **scp file.txt pi3:** or **sshfs pi pi3:**
You can also use more SSH options, such as the port number:
```
$ storm add pi3 pi@192.168.1.20:2000
```
You can list, search, and edit saved connections easily using Storms [documentation][2]. All Storm actually does is manage items in your ssh config file at **~/.ssh/config**. Once you see how these are stored, you might choose to edit them manually. An example connection in config looks like this:
```
Host pi3
   user pi
   hostname 192.168.1.20
   port 22
```
### Conclusion
SSH is an important tool for system administration, from Raspberry Pi to the largest cloud infrastructures. Familiarizing yourself with key management will forever be handy. Do you have other SSH tricks to add? I would love to have you share them in the comments.
--------------------------------------------------------------------------------
via: https://opensource.com/article/20/2/ssh-tools
作者:[Ben Nuttall][a]
选题:[lujun9972][b]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/bennuttall
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/osdc_BUS_Apple_520.png?itok=ZJu-hBV1 (collection of hardware on blue backround)
[2]: https://stormssh.readthedocs.io/en/stable/usage.html

104
translated/tech/20200220 Tools for SSH key management.md Normal file
View File

@ -0,0 +1,104 @@
[#]: collector: (lujun9972)
[#]: translator: (wxy)
[#]: reviewer: ( )
[#]: publisher: ( )
[#]: url: ( )
[#]: subject: (Tools for SSH key management)
[#]: via: (https://opensource.com/article/20/2/ssh-tools)
[#]: author: (Ben Nuttall https://opensource.com/users/bennuttall)
SSH 密钥管理工具
======
> 常用开源工具的省时快捷方式。
![collection of hardware on blue backround][1]
我经常使用 SSH。我发现自己每天都要登录多个服务器和树莓派与我位于同一房间并接入互联网。我有许多设备需要访问并且获得访问权限的要求也不同因此除了使用各种 `ssh` / `scp` 命令选项之外,我还必须维护一个包含所有连接详细信息的配置文件。
随着时间的推移,我发现了一些省时的技巧和工具,你可能也会发现它们有用。
### SSH 密钥
SSH 密钥是一种在不使用密码的情况下认证 SSH 连接的方法,可以用来加快访问速度或作为一种安全措施(如果你关闭了密码访问权限并确保仅允许授权的密钥)。要创建 SSH 密钥,请运行以下命令:
```
$ ssh-keygen
```
这将在 `~/.ssh/` 中创建一个密钥对(公钥和私钥)。将私钥(`id_rsa`)保留在 PC 上,切勿共享。你可以与其他人共享公钥(`id_rsa.pub`)或将其放置在其他服务器上。
### ssh-copy-id
如果我在家中或公司工作时使用树莓派,则倾向于将 SSH 设置保留为默认设置,因为我不担心内部信任网络上的安全性,并且通常将 SSH 密钥(公钥)复制到树莓派上,以避免每次都使用密码进行身份验证。为此,我使用 `ssh-copy-id` 命令将其复制到树莓派。这会自动将你的密钥(公钥)添加到树莓派:
```
$ ssh-copy-id pi@192.168.1.20
```
在生产服务器上,我倾向于关闭密码身份验证,仅允许授权的 SSH 密钥登录。
### ssh-import-id
另一个类似的工具是 `ssh-import-id`。你可以使用此方法通过从 GitHub 导入密钥来授予你自己(或其他人)对计算机或服务器的访问权限。例如,我已经在我的 GitHub 帐户中注册了各个 SSH 密钥,因此无需密码即可推送到 GitHub。这些公钥是有效的因此 `ssh-import-id` 可以使用它们在我的任何计算机上授权我:
```
$ ssh-import-id gh:bennuttall
```
我还可以使用它来授予其他人访问服务器的权限,而无需询问他们的密钥:
```
$ ssh-import-id gh:waveform80
```
### storm
我还使用了名为 Storm 的工具,该工具可帮助你将 SSH 连接添加到 SSH 配置中,因此你不必记住这些连接细节信息。你可以使用 `pip` 安装它:
```
$ sudo pip3 install stormssh
```
然后,你可以使用以下命令将 SSH 连接添加到配置中:
```
$ storm add pi3 pi@192.168.1.20
```
然后,你可以只使用 `ssh pi3` 来获得访问权限。类似的还有 `scp file.txt pi3:``sshfs pi pi3:`
你还可以使用更多的 SSH 选项,例如端口号:
```
$ storm add pi3 pi@192.168.1.20:2000
```
你可以参考 Storm 的[文档][2]轻松列出、搜索和编辑已保存的连接。Storm 实际所做的只是管理 SSH 配置文件 `~/.ssh/config` 中的项目。一旦了解了它们是如何存储的,你就可以选择手动编辑它们。配置中的示例连接如下所示:
```
Host pi3
   user pi
   hostname 192.168.1.20
   port 22
```
### 结论
从树莓派到大型的云基础设施SSH 是系统管理的重要工具。熟悉密钥管理会很方便。你还有其他 SSH 技巧要添加吗?我希望你在评论中分享他们。
--------------------------------------------------------------------------------
via: https://opensource.com/article/20/2/ssh-tools
作者:[Ben Nuttall][a]
选题:[lujun9972][b]
译者:[wxy](https://github.com/wxy)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]: https://opensource.com/users/bennuttall
[b]: https://github.com/lujun9972
[1]: https://opensource.com/sites/default/files/styles/image-full-size/public/lead-images/osdc_BUS_Apple_520.png?itok=ZJu-hBV1 (collection of hardware on blue backround)
[2]: https://stormssh.readthedocs.io/en/stable/usage.html