OSX: SSH密钥使用日记(2)

准备钥匙和锁(密钥对):

 

$ pwd
/Users/test
$ ssh-keygen -t dsa -C "$(whoami)@$(hostname),$(date '+%F %T')" -f ./ssh/my_dsa_sshkey

参数:

 

-t: 支持的格式是rsa1, rsa, dsa和ecdsa. OSX 10.8之前的不支持ecdsa.

-f : 用于设定密钥的加密方式,合法的有rsa, dsa和ecdsa

-b: 设定密钥长度, rsa是768到2048之间的数值; dsa只能是1024;ecdsa只能是256, 384 or 521中的一个。

-N: 这就是设置密语暗号(passphrass),这个的用途是,一旦你的那把钥匙丢了,别人没有你的暗语,也无法使用。

-q: 如果不想看它的提示信息,就加上这个静默选项。

-f: 保存的文件名。

-C: 可以设置一个注释.


 

$ ssh-keygen -A

如果求简单,就是用这一句,自动为每一个加密方式(rsa1, rsa, dsa and ecdsa),在默认位置(.ssh/)生成默认密钥对文件(identity, id_rsa, id_dsa, id_ecdsa)

 


查看生成的ssh密钥对:

 

# display public key-钥匙
$ ssh-keygen -e -f .ssh/my_dsa_sshkey
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "1024-bit DSA, converted by toliu@W430-275.local from OpenSSH"
AAAAB3NzaC1kc3MAAACBAP448yfy/RPzS4vJmVUdAgbhTT7+wAcPVgQM9phZRlVET6S+iy
6IK7w9gVZUYmNsWKCII=
---- END SSH2 PUBLIC KEY ----
#display private key-锁
$ ssh-keygen -y -f .ssh/my_dsa_sshkey
sh-dss AAAAB3NzaC1kc3MAAACBAP448yfy/RPzS4vJmVUdAgbhTT7+wAcPVgQM9phZRlVET6S+iy6IK7w9gVZUYmNsWKCIIVp3Tp35WBdBWzwBlBIKad73oDmskHXzKdhpqBqlTOBXnb5bEShR1GXv41isiDg/uhWjr3yPQQBqQuZtqeGnIgyDsaDCElbH9RzQXQLdAAAAFQCd8b6azLV+cIBHUlhx96s0THzxJwAAAIAXkuFTxQ6Weax8nQA6UGbPUOV1yVpLa6Js/wBZdTzgWJpvtMoVSE/F+5dkzHWYdPh9x1HKCw310GVsvIdmZeh=

 


其实直接用cat来看私有和共有密钥:

 

# it will not show a passphrased private key itself. 有暗号的钥匙不会显示钥匙原貌
# if private key without passphras, it will show the private key itself.
$ cat .ssh/my_dsa_sshkey
----BEGIN DSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,5549710C5D9791C4020C7A0FFAA00306

HpvJCObP/tsGpmlBphXc1Kw6DzkZc6KDcEbrvQeB9Q5vsuz9DQvIPaWwKOBomWWN
eDZHfVS9CVFkrRW+2mvXaw7uHgMMjQNdKnAdnV5voi5ePjwFF9OMpvS7u9+0zoWO
9fJYX/QB2LS9ijpXf5g4nVN5/6ZrEZ5Z/xeVVAzqn4irH6U7x3qd+RFb8nLf+pRU
4wIoa05eqYLE7BHP7uqe9==
-----END DSA PRIVATE KEY-----
# show the public key itself-锁
$ cat .ssh/my_dsa_sshkey.pub
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "1024-bit DSA, converted by toliu@W430-275.local from OpenSSH"
AAAAB3NzaC1kc3MAAACBAP448yfy/RPzS4vJmVUdAgbhTT7+wAcPVgQM9phZRlVET6S+iy
6IK7w9gVZUYmNsWKCII=
---- END SSH2 PUBLIC KEY ----

 

 

10.8系统的变更-Ref (1)

 

$ cat /etc/sshd_config | grep "authorized_keys"
# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile	.ssh/authorized_keys

 

 

在10.6上面现实的是

#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile	.ssh/authorized_keys












 


   



    


   




Ref:


(1): Error: “Permission denied > (publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive)”
 on Mountain Lion Mountain Lion (10.8)


(2): SSH Keys (简体中文) -En


(3): man ssh; man ssh-keygen


(4): LBackup Network Backup Information


(5): 
Keychain



    


   






        

            posted on 
2013-08-26 19:13 
新一 
阅读(492) 
评论(0编辑 
收藏 
举报

        

    











    
    

    
    

    

        

    

        

            
                
                
            
        

    

    

    

    





	






	
		
		

导航