将 git 远程 url 从 https 更改为 ssh 安全吗?
我一直在为我的 bitbucket 项目使用 HTTPS 方法,但由于 bitbucket 在 2022 年 3 月 1 日需要应用程序密码,我为我的项目添加了应用程序密码,但现在每次我使用 git 执行某些操作时,都会被要求输入用户名和密码(例如 git拉).. atlassian 文档 说如果我将 url 更改为 SSH,就不会再要求我输入密码。
git remote set-url origin [email protected]:tutorials/tutorials.git
但是当我尝试将其更改为SSH时,出现了这样的警告:
The authenticity of host 'bitbucket.org (ip address)' can't be established.
RSA key fingerprint is SHA256:xxxxxxxxxxxxxxxxxx.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])?
当我在网上阅读了一些文章后,它说这是git提供的安全功能,我们不应该乱搞它。这样做仍然不安全吗?这种方法不是会询问帐户持有人只能看到一次的应用程序密码吗?
I have been using the HTTPS method for my bitbucket project, but since bitbucket requires app password on march 1 2022, I added the app password for my project but now I keep getting asked for username and password everytime I do something with git (e.g. git pull).. the atlassian documentation says that if I change the url into SSH, I won't be asked for password anymore.
git remote set-url origin [email protected]:tutorials/tutorials.git
but when I tried to change it into SSH, there was a warning like this:
The authenticity of host 'bitbucket.org (ip address)' can't be established.
RSA key fingerprint is SHA256:xxxxxxxxxxxxxxxxxx.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])?
after I read some articles on the internet, it says that that was a safety feature provided by git and we shouldn't mess with it. is it still unsafe to do this? isn't this method going to ask the app password which can only be seen once by the account holder?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
此警告来自您的 SSH 客户端,严格来说与 Git 和 BitBucket 无关。 Git 仅使用 SSH 作为传输协议,并将身份验证委托给 SSH 客户端和服务器。
每当您第一次尝试与 SSH 服务器建立连接时,您的 SSH 客户端将始终向您显示此消息。在这种情况下,您的 BitBucket 主机运行 SSH 服务器。这只是意味着您的客户端还不知道服务器,因此它要求您验证服务器的密钥指纹以确保您正在连接到合法服务器。这样做的原因是为了防止所谓的中间人攻击,即有人可以拦截连接并冒充您真正想要连接的服务器。
所以这不是什么值得担心的事情。只需比较指纹即可继续。如果您使用 Atlassian 的 BitBucket 服务,您可以 在他们的文档中找到指纹。
This warning comes from your SSH client and is strictly speaking unrelated to Git and BitBucket. Git just uses SSH as a transport protocol and delegates authentication to the SSH client and server.
Your SSH client will always present you this message whenever you try to establish a connection to a SSH server for the first time. In this case your BitBucket host runs the SSH server. It just means, that your client doesn't know the server yet, so it asks you to verify the server's key fingerprint to make sure that you are connecting to the legit server. The reason for this is to prevent so called man in the middle attacks where someone could intercept the connection and pretend to be the server you actually want to connect to.
So it's not something to worry about. Just compare the fingerprints and continue. If you use the BitBucket service by Atlassian, you can find the fingerprint in their docs.