timqian
commented
7 years ago Usage example: codeship
When you add a project and connect it to GitHub. Codeship assigns a Linux instance for this project. Create a key pair, send the public key to the GitHub repo. So this Linux is able to connect to the GitHub repo.
If you want the codeship Linux instance to be able to connect to other repos, You will have to place the public key on your account, so codeship project can act on behalf of you.
A safer way for orgnization is to add a new member into the org and invite him into the projects codeship project want to access, and then put the codeship project's public key on this account.
防止了 中间人攻击
Usage
原理
服务器用储存在其上的用户的公钥加密 challenge,发给客户端,客户端用私钥解密之后再发回给服务端。服务端验证通过,说明用户确实是那个用户。于是允许登陆
aws instance 的不同之处
aws 生成一个钥匙给用户,用户通过这个钥匙登陆 instance。怎么做到的?