问题描述
当我为Git安装计算机时,我生成了一个私有和公共SSH密钥。然后我让GitHub知道我的公钥是什么。我的理解是公钥可以加密消息,私钥可以加密消息。所以我可以理解github如何通过SSH向我发送加密邮件。 然而,我的问题是,当我推送到GitHub时,它是如何知道我是谁在进行推送?难道其他人无法使用我的名字和电子邮件创建自己的SSH密钥,然后推送到我的GitHub存储库?
我怀疑是这种情况,那么对此采取的安全措施是什么?感谢!
GitHub拥有您的公钥副本,其中包含的信息不仅仅是您的姓名和电子邮件地址。它有一个独特的指纹,不能通过生成伪造的公钥来重现(至少不是没有大规模的暴力攻击或一些意料之外的数学突破)。
ssh协议起作用,GitHub会看到一个ssh连接,它会根据您的公钥进行身份验证。这样的连接只能由拥有您的私钥副本的人创建。
GitHub没有私人副本关键,但它可以验证你的确。 (这就是的全部内容。)
When I setup my computer for Git, I generate a private and public SSH key. I then let GitHub know what my public key is. My understanding is that public keys can encrypt messages, and the private key de-crypts it. So I can understand how github can send me encrypted messages via SSH.
However, my question is that when I push to GitHub, how does it know that it is me who is doing the push? Couldn't someone else create a their own SSH key with with my name and email, and then push to my GitHub Repository?
I doubt this is the case, so what are the security measures that are in place for this? Thanks!
GitHub has a copy of your public key, which has more information than just your name and e-mail address. It has a unique fingerprint that cannot be reproduced by generating a forged public key (at least not without a massive brute-force attack or some unanticipated mathematical breakthrough).
The way the ssh protocol works, GitHub sees an ssh connection that it authenticates against your public key. Such a connection can only be created by someone who has a copy of your private key.
GitHub doesn't have a copy of your private key, but it can verify that you do. (That's what public key cryptography is all about.)
这篇关于GitHub如何处理推送安全性?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!