macos删除ssh密钥
Do not upgrade to macOS Sierra if you have a cloud server (AWS, Digital Ocean, etc.) Read this post first. It will walk you through safely updating to Sierra and updating your SSH keys.
如果您具有云服务器(AWS,Digital Ocean等),请不要升级到macOS Sierra。 它将引导您安全地更新到Sierra并更新SSH密钥。
Like many developers, I got a notice from Apple bugging me to install its new macOS Sierra. I clicked “remind me tomorrow” a few days in a row. Then I finally caved one night before going to bed.
像许多开发人员一样,我从苹果公司那里收到一条通知,要求我安装新的macOS Sierra。 我连续几天单击“提醒我明天”。 然后我终于睡了一个晚上才睡。
When I woke up, I was no longer able to access Free Code Camp’s servers. It took me a while to realize what had happened. Luckily BerkeleyTrue hadn’t upgraded yet, and was able to add my new SSH keys.
醒来后,我不再能够访问Free Code Camp的服务器。 我花了一段时间才意识到发生了什么事。 幸运的是BerkeleyTrue尚未升级,并且能够添加我的新SSH密钥。
It turns out Apple decided to quietly force 2048-bit RSA keys on everyone, which has been a mild inconvenience for some, and a confused panic for others.
事实证明,苹果公司决定对所有人默默使用2048位RSA密钥,这给某些人带来了不便,给其他人带来了混乱的恐慌。
If you’re wondering why RSA keys are more secure than the old DSA keys, they aren’t inherently so. But DSA keys can usually only be 1024 bits, while RSA keys can be longer, which is the case with Sierra’s default 2048-bit RSA keys. Those extra bits make these new keys substantially harder to crack.
如果您想知道为什么RSA密钥比旧的DSA密钥更安全, 那么它们并不是天生的 。 但是DSA密钥通常只能是1024位,而RSA密钥可以更长,Sierra的默认2048位RSA密钥就是这种情况。 这些额外的比特使这些新密钥很难破解。
Let’s set up your new 2048-bit RSA SSH key.
让我们设置新的2048位RSA SSH密钥。
步骤1:删除旧密钥并创建一个新密钥 (Step 1: delete your old key and create a new one)
First, let’s check and make sure you indeed need a new key.
首先,让我们检查并确保您确实需要一个新密钥。
Open up your terminal and type:
打开您的终端并输入:
ssh-keygen -l -f ~/.ssh/id_rsa.pubIf the prompt responds with a string that starts with “2048 SHA256” you’re done and don’t need to take any further action.
如果提示响应以“ 2048 SHA256”开头的字符串,则说明您已完成,无需采取任何其他措施。
Otherwise, create a new key by running:
否则,通过运行以下命令创建一个新密钥:
ssh-keygen -t rsaThe prompt should respond with:
提示应以以下方式响应:
Generating public/private rsa key pair.Enter file in which to save the key (/Users/freecodecamp/.ssh/id_rsa):You can just press enter to save it in the default place. Note that this will overwrite your old (broken) key.
您只需按Enter即可将其保存在默认位置。 请注意,这将覆盖您的旧(断开)密钥。
Enter passphrase (empty for no passphrase):You can leave this blank or add a password for a little extra security (and a lot more typing).
您可以将其保留为空白或添加密码,以提高安全性(并输入更多内容)。
Then you’ll get with a cool random “art” that always seems to be shaped like a Christmas tree:
然后,您会得到一个很酷的随机“艺术”,它看起来总是像圣诞树一样:
Now make sure your key has the right access permissions by running:
现在,通过运行以下命令来确保您的密钥具有正确的访问权限:
sudo chmod 600 ~/.ssh/id_rsaYou can check the contents of your public key by running:
您可以通过运行以下命令检查公钥的内容:
cat ~/.ssh/id_rsa.pubWhich should return something like:
哪个应该返回类似:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDijWK+s3ybgzEdaJ5LneNU11BsIyoNS51SV11Vi5auPJW9+Ji6OUSJ9OguZh4T019ULyFF/Qq66fhH9TvMzw80lTNoChgTRMpjs2+Qg75yTINKSde+Gv4TK6UvNw6EINORcTpb32Im9hgtdTj6WqJ/hCbSltv7IfFZU5ChV7SxTaoNZTa9M5H3N8YdQ/aGt3puh222Cq5DTjV8fRWaNVvjVQRe/huHAHEzEUr1T/eTlXtoFtGeC1z+pLfYllVzizoS7tyuUksfgqox1jJJMpaZ25V/R/p/MDUc936za/8zgB8OQFRBbrP6JvXXN99DLcvs9coz9vfb2GCVrhxi1aJ5 quincy@FreeCodeCampYou’ll need to put this key on your server. To ensure you copy all of it, I recommend you can copy it directly to your clipboard by running:
您需要将此密钥放在服务器上。 为了确保复制所有内容,建议您运行以下命令将其直接复制到剪贴板中:
pbcopy < ~/.ssh/id_rsa.pub步骤2:将新的公钥添加到服务器 (Step 2: add your new public key to your server)
If you can SSH into your server without your key, then try to gain access using a password if you have one.
如果可以在没有密钥的情况下SSH进入服务器,请尝试使用密码(如果有)来获得访问权限。
Otherwise you’ll need to ask someone else who has access to the server to do this for you.
否则,您将需要让有权访问服务器的其他人为您执行此操作。
If you’ve disabled password access to your server (which many experts would recommend for security reasons), you may be able to temporarily re-enable password access.
如果您已禁用服务器的密码访问权限(出于安全原因,很多专家会建议这样做),则可以暂时重新启用密码访问权限 。
Once you have root access to your server — assuming it’s a Linux server — you just need to run this command:
一旦拥有对服务器的root访问权(假设它是Linux服务器),您只需要运行以下命令:
nano ~/.ssh/authorized_keysThis will open up your authorized key file using the minimalist text editor “nano” that is included with most Linux distributions. Or you could use Vim.
这将使用大多数Linux发行版中包含的极简文本编辑器“ nano”打开您的授权密钥文件。 或者您可以使用Vim。
Then paste in your public SSH key from earlier. Hit control+o to save your changes, then control+x to quit nano.
然后粘贴之前的公共SSH密钥。 按Control + O保存您的更改,然后按Control + X退出Nano。
Disconnect from your server. Now you’re ready to try logging in using your new SSH key.
断开与服务器的连接。 现在,您可以尝试使用新的SSH密钥登录了。
步骤3:通过SSH进入您的服务器 (Step 3: SSH into your server)
Run this command to SSH in, replacing root@0.0.0.0 with your server’s login and IP address:
运行以下命令以SSH身份登录,将root@0.0.0.0替换为服务器的登录名和IP地址:
ssh -i ~/.ssh/id_rsa root@0.0.0.0You should gain normal SSH access to your to your server, without needing to enter a password.
您应该获得对服务器的普通SSH访问权限,而无需输入密码。
Congratulations! You’re back where you were yesterday, except now Apple will quit bugging you about upgrading your operating system. ?
恭喜你! 您现在回到了昨天的位置,但现在Apple不会再烦您升级操作系统了。 ?
I only write about programming and technology. If you follow me on Twitter I won’t waste your time. ?
我只写关于编程和技术的文章。 如果您在Twitter上关注我,我不会浪费您的时间。 ?
macos删除ssh密钥