SSH Key生成及配置

SSH

  SSH是一种网络协议,用于计算机之间的加密登录。

SSH Key生成

个人常用

ssh-keygen -t rsa -f filename -C "your@email.com"

eg: 
ssh-keygen -t rsa -f ~/.ssh/id_rsa.osc -C "awesome@buff.com"

参数说明:-ttype密钥类型(rsa、dsa...),-f生成文件名,-C备注

SSH Key管理配置

多个Key的管理
在.ssh目录下的config文件中进行配置

Host *.domain.com
    IdentityFile filename
    User username

eg:
Host git.oschina.net
    IdentityFile ~/.ssh/id_rsa.osc
    User buff

还有个文件know_hosts,里面会记录每个你访问过的机子的公钥,如果你使用SSH登录出行冲突警告,可手动编辑或删除该文件

附:

usage: ssh-keygen [options]
Options:
  -A          Generate non-existent host keys for all key types.
  -a trials   Number of trials for screening DH-GEX moduli.
  -B          Show bubblebabble digest of key file.
  -b bits     Number of bits in the key to create.
  -C comment  Provide new comment.
  -c          Change comment in private and public key files.
  -D pkcs11   Download public key from pkcs11 token.
  -e          Export OpenSSH to foreign format key file.
  -F hostname Find hostname in known hosts file.
  -f filename Filename of the key file.
  -G file     Generate candidates for DH-GEX moduli.
  -g          Use generic DNS resource record format.
  -H          Hash names in known_hosts file.
  -h          Generate host certificate instead of a user certificate.
  -I key_id   Key identifier to include in certificate.
  -i          Import foreign format to OpenSSH key file.
  -J number   Screen this number of moduli lines.
  -j number   Start screening moduli at specified line.
  -K checkpt  Write checkpoints to this file.
  -k          Generate a KRL file.
  -L          Print the contents of a certificate.
  -l          Show fingerprint of key file.
  -M memory   Amount of memory (MB) to use for generating DH-GEX moduli.
  -m key_fmt  Conversion format for -e/-i (PEM|PKCS8|RFC4716).
  -N phrase   Provide new passphrase.
  -n name,... User/host principal names to include in certificate
  -O option   Specify a certificate option.
  -P phrase   Provide old passphrase.
  -p          Change passphrase of private key file.
  -Q          Test whether key(s) are revoked in KRL.
  -q          Quiet.
  -R hostname Remove host from known_hosts file.
  -r hostname Print DNS resource record.
  -S start    Start point (hex) for generating DH-GEX moduli.
  -s ca_key   Certify keys with CA key.
  -T file     Screen candidates for DH-GEX moduli.
  -t type     Specify type of key to create.
  -u          Update KRL rather than creating a new one.
  -V from:to  Specify certificate validity interval.
  -v          Verbose.
  -W gen      Generator to use for generating DH-GEX moduli.
  -y          Read private key file and print public key.
  -z serial   Specify a serial number.
posted @ 2015-10-24 00:10  Buff  阅读(4343)  评论(0编辑  收藏  举报