主机密钥
主机密钥通常在安装 SSH 服务器时自动生成。它们可以随时再生。
$ ls -l /etc/ssh/
total 548
-rw-r--r-- 1 root root 505426 Feb 26 2022 moduli
-rw-r--r-- 1 root root 1650 Feb 26 2022 ssh_config
drwxr-xr-x 2 root root 4096 Feb 26 2022 ssh_config.d
-rw------- 1 root root 1381 Apr 7 12:31 ssh_host_dsa_key
-rw-r--r-- 1 root root 607 Apr 7 12:31 ssh_host_dsa_key.pub
-rw------- 1 root root 513 Apr 7 12:31 ssh_host_ecdsa_key
-rw-r--r-- 1 root root 179 Apr 7 12:31 ssh_host_ecdsa_key.pub
-rw------- 1 root root 411 Apr 7 12:31 ssh_host_ed25519_key
-rw-r--r-- 1 root root 99 Apr 7 12:31 ssh_host_ed25519_key.pub
-rw------- 1 root root 2602 Apr 7 12:31 ssh_host_rsa_key
-rw-r--r-- 1 root root 571 Apr 7 12:31 ssh_host_rsa_key.pub
-rw-r--r-- 1 root root 342 Dec 8 2020 ssh_import_id
-rw-r--r-- 1 root root 3343 Apr 7 12:43 sshd_config
drwxr-xr-x 2 root root 4096 Mar 16 17:31 sshd_config.d
选择算法
SSH 支持多种用于身份验证密钥的公钥算法。这些包括:
- dsa
- ecdsa
- ecdsa-sk
- ed25519
- ed25519-sk
- rsa
命令和选项
-b “Bits” 此选项指定密钥中的位数。管理 SSH 用例的法规可能要求使用特定的密钥长度。通常,2048 位被认为足以用于 RSA 密钥。
-e “Export” 此选项允许在 OpenSSH 密钥文件格式和RFC 4716 “SSH 公钥文件格式”中记录的格式之间重新格式化现有密钥。
-p [-P old_passphrase] “Change the passphrase” 此选项允许使用和,更改私钥文件的密码[-N new_passphrase]。[-f keyfile]
-t “Type” 此选项指定要创建的密钥的类型。常用的值是: - RSA密钥的rsa - DSA密钥的dsa -椭圆曲线 DSA密钥的ecdsa
-i "Input" 当需要ssh-keygen访问现有密钥时,此选项指定文件。
-f "File" 指定要在其中存储创建的密钥的文件的名称。
-N "New" 为密钥提供新的密码。
-P "Passphrase" 在读取密钥时提供(旧)密码。
-c "Comment" 更改密钥文件的注释。
-p 更改私钥文件的密码。
-q 沉默 ssh-keygen。
-v 详细模式。
-l "Fingerprint" 打印指定公钥的指纹。
-B "Bubble babble" 显示密钥文件的“bubble babble”(Tectia 格式)指纹。
-F 在 known_hosts 文件中搜索指定的主机名。
-R 从 known_hosts 文件中删除属于主机名的所有密钥。
-y 读取私有 OpenSSH 格式文件并将 OpenSSH 公钥打印到标准输出。
生成密钥
rsa
$ ssh-keygen -t rsa -f .ssh/wgs_rsa -b 4096 -C "[email protected]"
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in .ssh/wgs_rsa
Your public key has been saved in .ssh/wgs_rsa.pub
The key fingerprint is:
SHA256:iwJv0jlCU9n5axrtLbxTxQ7QwTJ0p6gv2wp2tklmkcg [email protected]
The key's randomart image is:
+---[RSA 4096]----+
| ..oo.. |
| o .+ooo |
| o o .+.. |
| o . + . o |
| + E + S + |
| . = . = o. . |
| o X X.*. |
| = X @+. |
| *.++. |
+----[SHA256]-----+
dsa
$ ssh-keygen -t dsa -f .ssh/wgs_dsa -C "[email protected]"
Generating public/private dsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in .ssh/wgs_dsa
Your public key has been saved in .ssh/wgs_dsa.pub
The key fingerprint is:
SHA256:EOyAr/VMJkrorZ7HWX1gnhOy4TU+8FLufSqh4eU/bcQ [email protected]
The key's randomart image is:
+---[DSA 1024]----+
| . .. |
| . . .. |
| . . o. |
|. . +++O |
|...+.*# S . |
| .o. *o% . E |
| o + B * o |
| ..+ o + o + |
|.o. oo= |
+----[SHA256]-----+
ecdsa
$ ssh-keygen -t ecdsa -f .ssh/wgs_ecdsa -b 521 -C "[email protected]"
Generating public/private ecdsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in .ssh/wgs_ecdsa
Your public key has been saved in .ssh/wgs_ecdsa.pub
The key fingerprint is:
SHA256:YZuu+9p1w0U09g3yvKW5o3ipnVtXO4iBba6hmUFdIx0 [email protected]
The key's randomart image is:
+---[ECDSA 521]---+
| E. = |
| . .* +.|
| o. + + +|
| ..+= .. = |
| .So + = .|
| .. o.o...o|
| ....o+o+o.|
| o=.o+o= o.|
| +Bo.oo=. |
+----[SHA256]-----+
ed25519
$ ssh-keygen -t ed25519 -f .ssh/wgs_ed25519 -C "[email protected]"
Generating public/private ed25519 key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in .ssh/wgs_ed25519
Your public key has been saved in .ssh/wgs_ed25519.pub
The key fingerprint is:
SHA256:BAB+mj3HLKUESR6blUhJFkxyMiqGvCIT/HS4ZviyLrM [email protected]
The key's randomart image is:
+--[ED25519 256]--+
|+*%*oo. |
|=O=*o . |
|=+=oo.. . |
|o.=*o= . |
|+oo== + S |
|o.+ + |
| . . |
|o o |
|E= |
+----[SHA256]-----+
配置文件
# cat ~/.ssh/config
Host github.com
Hostname github.com
User git
PreferredAuthentications publickey
IdentityFile ~/.ssh/wgs_dsa
Host gitlab.com
Hostname gitlab.com
User git
PreferredAuthentications publickey
IdentityFile ~/.ssh/wgs_ecdsa
Host gitee.com
Hostname gitee.com
User git
PreferredAuthentications publickey
IdentityFile ~/.ssh/wgs_ed25519
分发公钥
查看公钥
$ ls -l .ssh/
total 32
-rw------- 1 wgs wgs 0 Oct 12 18:11 authorized_keys
-rw------- 1 wgs wgs 1381 Apr 11 14:19 wgs_dsa
-rw-r--r-- 1 wgs wgs 607 Apr 11 14:19 wgs_dsa.pub
-rw------- 1 wgs wgs 736 Apr 11 14:22 wgs_ecdsa
-rw-r--r-- 1 wgs wgs 271 Apr 11 14:22 wgs_ecdsa.pub
-rw------- 1 wgs wgs 411 Apr 11 14:25 wgs_ed25519
-rw-r--r-- 1 wgs wgs 99 Apr 11 14:25 wgs_ed25519.pub
-rw------- 1 wgs wgs 3381 Apr 11 14:18 wgs_rsa
-rw-r--r-- 1 wgs wgs 743 Apr 11 14:18 wgs_rsa.pub
复制公钥
ssh-copy-id -i ~/.ssh/wgs_ed25519.pub user@host
参考文档
https://man.openbsd.org/ssh-keygen.1
标签:rw,wgs,--,keygen,ssh,key,root From: https://www.cnblogs.com/wangguishe/p/17306003.html