深究 ssh 之 ssh-keygen

最後更新: 2015-07-16

目錄

  • 由私匙找回公匙
  • 移除己知 server 的 fingerprint
  • 在 known_hosts file 找回 Server 的公匙
  • 找出 Server 公匙的 fingerprint
  • 更改私匙的 password
  • OpenSSH format key -> PEM format key
  • Re-generating SSH Server Host Keys

 


建立 Private & Public Key

 

# 建立在 ~/.ssh

ssh-keygen

# 建立在指定地方

mkdir anotherServer

ssh-keygen -f anotherServer

 


由私匙找回公匙

 

ssh-keygen -y -f .ssh/id_rsa

-y             # read a private OpenSSH format file and print an OpenSSH public key to stdout

-f filename

 


移除己知 server 的 fingerprint

 

# -R   Removes all keys belonging to hostname from a known_hosts file

ssh-keygen -R datahunter.org

Original contents retained as /home/lwy/.ssh/known_hosts.old

 


在 known_hosts file 找回 Server 的公匙

 

# -F   Search for the specified hostname in a known_hosts file

ssh-keygen -F datahunter.org

|1|fa9xbxellA2dzk8lFJ2xWMnNTBk=|dBR/mGq/IgH6D8FuODQYN0/WWxI= ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAqmJyHruxq4R+Qnwas7XKKbTUfhtDKnQJeasQ
eNkKfPfGpYEnW8bymKLkW4RNDQIryBYe7t1v9UWXRC9xgWmjJ0Z0MyXLaDJ4NxO
Ey3WOtCJhQzTn9AJA16CjOitZwWDROUSdrvUQgZQibzvR+jcYW6eqt63jOfVnyj0dS
d1II8ubCQVjSJlldxRuy6b4QU3vbS6eyHIFUKSAqvVamsZFwNt8UM2i52N/ym6T4wld
6Pzob+zH8DoVW7XMwWl8wVAvzBGonEk3Y0Vptp/rBMHG7YYGXPZib5Oc5TaGqKY
0pUaM+64UWb9FDVK2bCfOfiP6ZV9h9N6c2kXIh/UivvIUeQ==

 


找出 Server 公匙的 fingerprint

 

ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub

-l      Show fingerprint of specified public key file.

2048 07:6b:43:b4:f2:db:90:2b:f0:6f:f8:04:fd:6a:b1:28 /etc/ssh/ssh_host_rsa_key.pub (RSA)

 


更改私匙的 password

 

# -p                              Requests changing the passphrase of a private key file

# -N new_passphrase     配會 "-p" 使用

ssh-keygen -p

加密了的 Private Key:

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,E6F770E02C2655A6

.............................................
.............................................
-----END RSA PRIVATE KEY-----

 


OpenSSH format key -> PEM format key

 

-----BEGIN OPENSSH PRIVATE KEY-----

TO

-----BEGIN RSA PRIVATE KEY-----

# -m key_format          Specify a key format for the -i (import) or -e (export) conversion options.

#  “RFC4716” (RFC 4716/SSH2 public or private key), “PKCS8” (PEM PKCS8 public key)  or “PEM” (PEM public key).

# 沒有 backup 地把 key 轉了 format

ssh-keygen -p -N "" -m pem -f /path/to/key

 


Re-generating SSH Server Host Keys

 

For the SSH2 protocol you need two keys, for rsa and dsa:

ssh-keygen -f /etc/proftpd/sftp/host_rsa_key -N '' -t rsa

ssh-keygen -f /etc/proftpd/sftp/host_dsa_key -N '' -t dsa

-N new_passphrase            # Provides the new passphrase

 

# 簡易

-A       # 在 default key file path 建立 rsa1, rsa, dsa and ecdsa host key