As you are root, you can try it sudo -u apache ssh-keygen -t rsa

因为你是root，所以你可以试试 sudo -u apache ssh-keygen -t rsa

You may have to copy the root generated keys in the .ssh directory of your apache user.

您可能需要将根生成的密钥复制到 apache 用户的 .ssh 目录中。

Assuming the homedir of apache is /var/www(check /etc/passwd) and the named key is id_rsa-git:

假设 apache 的 homedir 是/var/www（检查 /etc/passwd）并且命名键是id_rsa-git：

mkdir -p /var/www/.ssh/
cp /root/.ssh/id_rsa-git /var/www/.ssh/id_rsa

No need to copy the public key.

无需复制公钥。

Note : by default the key used are id_rsaor id_dsa. You may change the name of the copied key to match this.

注意：默认情况下使用的密钥是id_rsa或id_dsa。您可以更改复制的密钥的名称以匹配此名称。

You may also change ownership of the id_rsakey and .sshdirectory:

您还可以更改id_rsa密钥和.ssh目录的所有权：

chown -R apache:apache /var/www/.ssh
chmod 0700 /var/www/.ssh
chmod 0600 /var/www/.ssh/id_rsa

Just posting the comment of @KitCarrau, under yvan's answer, that worked for me

只是在 yvan 的回答下发布 @KitCarrau 的评论，这对我有用

sudo -u apache ssh-keygen -t rsa

sudo -u apache ssh-keygen -t rsa

for debian

对于 Debian

sudo -u www-data ssh-keygen -t rsa

sudo -u www-data ssh-keygen -t rsa

after this click Enter twice, to skip passphrase

在此之后单击 Enter 两次，跳过密码

also, it suggests to create the public/private keys in /var/www/.sshdirectory, even if I had my www direcotry in /home/my_user/www, that is fine.

此外，它建议在/var/www/.ssh目录中创建公钥/私钥，即使我的 www 目录在/home/my_user/www.

The existing answers are either incomplete or insecure. If you put your .sshdirectory into the home directory of the apache user (/var/www) then this will also most likely serve the contents of that directory and thus expose your ssh private key to the public web. To prevent this you'd have to configure apache notto serve the .sshdirectory but none of the existing answers explains how to do this.

现有的答案要么不完整，要么不安全。如果您将您的.ssh目录放入 apache 用户 ( /var/www)的主目录，那么这也很可能会提供该目录的内容，从而将您的 ssh 私钥暴露给公共网络。为了防止这种情况，您必须将 apache 配置为不为.ssh目录提供服务，但现有答案都没有解释如何执行此操作。

I'd also argue that it is still dangerous to have your .sshdirectory be a subdirectory of your publicly served www-root because even if you add a rule to your apache config, upgrading the server or doing unrelated other configurations might override this rule without you noticing.

我还认为，让您的.ssh目录成为公开服务的 www-root 的子目录仍然很危险，因为即使您向 apache 配置添加规则，升级服务器或执行不相关的其他配置也可能会在没有您的情况下覆盖此规则注意到。

So here is an answer that puts the key elsewhere, where it is not served by apache by default. There is not even the need to ever become the www-datauser as others are struggling with.

所以这是一个将密钥放在其他地方的答案，默认情况下它不由 apache 提供服务。甚至不需要www-data像其他人一样成为用户。

First, find out the home directory of our apache user, for example by looking into /etc/passwdand looking for the www-datauser or however the apache user of your distribution is called. The home directory is likely /var/www.

首先，找出我们的 apache 用户的主目录，例如通过查看/etc/passwd和查找www-data用户或您的发行版的 apache 用户被调用。主目录很可能/var/www。

Then run (replacing /var/wwwwith the home directory of the apache user on your setup):

然后运行（替换/var/www为您设置中 apache 用户的主目录）：

$ mkdir "$HOME/www-data.ssh"
$ ssh-keygen -q -t rsa -f "$HOME/www-data.ssh/id_rsa" -N ""
$ chown -R www-data:www-data "$HOME/www-data.ssh"
$ mkdir /var/www/.ssh
$ cat << END > /var/www/.ssh/config
> Host *
>     IdentityFile $HOME/www-data.ssh/id_rsa
> END
$ chown -R www-data:www-data /var/www/.ssh

Now your www-datauser will use the ssh key in $HOME/www-data.ssh/id_rsafor all its ssh connections and since your $HOMEis probably different from /var/www, that directory will not be served. So even without adding any custom rules to apache, users will be able to see your .ssh/configbut they will not be able to access the private key it points to. Nevertheless, your www-datauser will know how to do it.

现在，您的www-data用户将在$HOME/www-data.ssh/id_rsa其所有 ssh 连接中使用 ssh 密钥，并且由于您$HOME可能与 不同/var/www，因此将不会提供该目录。因此，即使没有向 apache 添加任何自定义规则，用户也可以看到您的，.ssh/config但他们将无法访问它指向的私钥。尽管如此，您的www-data用户将知道如何去做。

I ran into a similar issue and there is one extra snag. In order to ssh using the apache user you also need to edit the /etc/passwdfile so that the directive for apache has a shell defined.

我遇到了类似的问题，还有一个额外的障碍。为了使用 apache 用户 ssh，您还需要编辑该/etc/passwd文件，以便为 apache 指令定义一个 shell。

In my case I needed to change

就我而言，我需要改变

apache:x:48:48:Apache:/var/www:/sbin/nologin

to

到

apache:x:48:48:Apache:/var/www:/bin/bash

To add to @Vincent, if you have SELinux enabled, you'll have to set the context for the new .ssh folder.

要添加到@Vincent，如果您启用了 SELinux，则必须为新的 .ssh 文件夹设置上下文。

On RHEL, add the following to this file: /etc/selinux/targeted/contexts/files/file_contexts.homedirs

在 RHEL 上，将以下内容添加到此文件中：/etc/selinux/targeted/contexts/files/file_contexts.homedirs

/var/www/[^/]*/.+       system_u:object_r:user_home_t:s0
/var/www/[^/]*/\.ssh(/.*)?      system_u:object_r:ssh_home_t:s0

And then run the command

然后运行命令

# restorcon -Rv /var/www/

I don't know if this will work on redhat (I assume that is what you're running) however, I was able to su to www-data (the apache user for debian) by executing the following:

我不知道这是否适用于 redhat（我假设这就是您正在运行的），但是，我可以通过执行以下命令来 su 到 www-data（debian 的 apache 用户）：

sudo su www-data

it actually worked shrugsgo figure

它实际上起作用了耸肩去图