![]() Your local machine answers the question and sends the response (which does not include your private key) to the server, which forwards it back to Github. Usually the server would consult its own id_rsa files to answer, but instead it will forward the question to your local machine. It works like this: you ask your remote server to pull some code from Github, and Github says "who are you?" to the server. This doesn't send your private keys over the internet, not even while they're encrypted it just lets a remote server access your local SSH agent and verify your identity. To solve this problem, you can open your local SSH agent to the remote server, allowing it to act as you while you're connected. You want to use SSH authentication for Github, but you don't want your private keys on that remote server, only on your machine. For example, imagine you're connecting to a remote server, and you want to git pull SSH agent forwarding is like going another layer deeper. You'll want to make sure your SSH server is locked down, of course. This means you'll only need to unlock it once, and it will persist until you restart, letting you log into your servers securely without a passphrase prompt. To manage this, most SSH implementations will use an agent, which keeps your decrypted key in memory. However, this means you'll have to enter your passphrase every time you need to use your private key, which will get annoying.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |