![首頁 Logo Keith ]p !!](/themes/mytheme/logo.png){kind=logo}
最後更新: 2022-09-02
目錄
- 建立 SSH Pri & Pub Keys
- 由私匙找回公匙
- 移除己知 server 的 fingerprint
- 在 known_hosts file 找回 Server 的公匙
- 找出 Server 公匙的 fingerprint
- 更改私匙的 password
- OpenSSH format key -> RSA format key
- Re-generating SSH Server Host Keys
建立 SSH Pri & Pub Keys
ssh-keygen # Default 建立 /root/.ssh/id_rsa 及 /root/.ssh/id_rsa.pub
用 key 認證
grep AuthorizedKeysFile /etc/ssh/sshd_config
AuthorizedKeysFile %h/.ssh/authorized_keys
mv /root/.ssh/id_rsa.pub /root/.ssh/authorized_keys
Other Opts
-C comment
-O option # This option may be specified multiple times
clear Clear all enabled permissions. This is useful for clearing the default set of permissions
no-agent-forwarding, no-port-forwarding, no-x11-forwarding, no-user-rc ...
-N new_passphrase
Tips
# 不問任何野直接建立 key file
ssh-keygen -f /root/.ssh/id_rsa -N ''
建立 Private & Public Key
# 建立在 ~/.ssh
ssh-keygen
# 建立在指定地方
# 會建立 anotherServer (private key) 及 anotherServer.pub (public key)
ssh-keygen -f anotherServer
由私匙找回公匙
ssh-keygen -y -f .ssh/id_rsa
-y # read a private OpenSSH format file and print an OpenSSH public key to stdout
-f filename
移除己知 server 的 fingerprint
# -R Removes all keys belonging to hostname from a known_hosts file
ssh-keygen -R datahunter.org
Original contents retained as /home/lwy/.ssh/known_hosts.old
在 known_hosts file 找回 Server 的公匙
# -F Search for the specified hostname in a known_hosts file
ssh-keygen -F datahunter.org
|1|fa9xbxellA2dzk8lFJ2xWMnNTBk=|dBR/mGq/IgH6D8FuODQYN0/WWxI= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAqmJyHruxq4R+Qnwas7XKKbTUfhtDKnQJeasQ eNkKfPfGpYEnW8bymKLkW4RNDQIryBYe7t1v9UWXRC9xgWmjJ0Z0MyXLaDJ4NxO Ey3WOtCJhQzTn9AJA16CjOitZwWDROUSdrvUQgZQibzvR+jcYW6eqt63jOfVnyj0dS d1II8ubCQVjSJlldxRuy6b4QU3vbS6eyHIFUKSAqvVamsZFwNt8UM2i52N/ym6T4wld 6Pzob+zH8DoVW7XMwWl8wVAvzBGonEk3Y0Vptp/rBMHG7YYGXPZib5Oc5TaGqKY 0pUaM+64UWb9FDVK2bCfOfiP6ZV9h9N6c2kXIh/UivvIUeQ==
找出 Server 公匙的 fingerprint
ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
-l Show fingerprint of specified public key file.
2048 07:6b:43:b4:f2:db:90:2b:f0:6f:f8:04:fd:6a:b1:28 /etc/ssh/ssh_host_rsa_key.pub (RSA)
一次過看所有 public key 的 fingerprint
ls /etc/ssh/*key.pub | xargs -n 1 ssh-keygen -l -f
更改私匙的 password
# -p Requests changing the passphrase of a private key file
# -N new_passphrase 配會 "-p" 使用
ssh-keygen -p
加密了的 Private Key:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,E6F770E02C2655A6
.............................................
.............................................
-----END RSA PRIVATE KEY-----
OpenSSH format key -> RSA format key
# OPENSSH Format (new format)
-----BEGIN OPENSSH PRIVATE KEY----- ... -----END OPENSSH PRIVATE KEY-----
To
# RSA Format (old format)
-----BEGIN RSA PRIVATE KEY-----
-m key_format # Specify a key format for the -i (import) or -e (export) conversion options.
# format: rfc4716, pkcs8, pem
# 原地把 key 轉 format (記得 backup 原本的 Key !!)
# -p -N "" 不加此參數時會問 new password
# -p Requests changing the passphrase of a private key file instead of creating a new private key.
# -N "" -N new_passphrase
ssh-keygen -p -N "" -m pem -f /path/to/key
* ssh-keygen only allows the private key file to be change 'in-situ'
# Public Key
# -e This option will read a private or public OpenSSH key file and public key print to stdout
The key out one of the formats specified by the -m option.
ssh-keygen -e -m pem -f id_rsa > key.pem
# -y read a private OpenSSH format file and print an OpenSSH public key to stdout.
ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/authorized_keys
Re-generating SSH Server Host Keys
grep HostKey /etc/ssh/sshd_config
HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_ecdsa_key HostKey /etc/ssh/ssh_host_ed25519_key
rm /etc/ssh/ssh_host_* -f
ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa
ssh-keygen -f /etc/ssh/ssh_host_ecdsa_key -N '' -t ecdsa
ssh-keygen -f /etc/ssh/ssh_host_ed25519_key -N '' -t ed25519
Remark
-N new_passphrase # Provides the new passphrase
一次過建立所有 key rsa, ecdsa, ed25519)
-A # 在 default key file path 建立 rsa1, rsa, dsa and ecdsa host key
