接上文 Linux服务器采用密钥认证登录
多用户,多(种\个)密钥,SSH 密钥登录linux服务器
多用户,多种密钥算法(rsa\dsa),SSH 私钥登录linux(Red Hat \ CentOS \ Fedora \ Debian \ Ubuntu) 服务器
multi-user, multi-key (rsa \ dsa), private key ssh login linux server (Red Hat \ CentOS \ Fedora \ Debian \ Ubuntu)
使用密钥验证登录
基于密钥的安全验证必须为用户自己创建一对密钥,但是一台服务器上不可能只有一个用户,算法和强度也不会只有一种。
1:用户,假如一台服务器上有有两个用户root和demo
root //提前生成了两对rsa算法密钥
#ssh-keygen -t rsa -b 2048
#ssh-keygen -t rsa -b 16384 //rsa 最大位数16384
demo //demo 先使用dsa算法密钥,然后在使用rsa算法密钥,然后放到一起authorized_keys
$ssh-keygen -t dsa -b 1024 //dsa 位数必须是1024
2:dsa算法密钥SSH登录
ssh-keygen -t dsa -b 1024 //DSA keys must be 1024 bits
Generating public/private dsa key pair.
Enter file in which to save the key (/home/demo/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/demo/.ssh/id_dsa.
Your public key has been saved in /home/demo/.ssh/id_dsa.pub.
The key fingerprint is:
demo
$cat ~/.ssh/id_dsa.pub>>~/.ssh/authorized_keys
#chmod 700 .ssh
#chmod 600 ~/.ssh/authorized_keys //不然Xshell 会提示 所选的用户密钥未在远程主机上注册。请再试一次。
//or willnotice The selected user key is not registered in the remote host.Try again.
3:rsa算法密钥SSH登录
$ssh-keygen -t rsa -b 2048 //最大值16384
Generating public/private rsa key pair.
Enter file in which to save the key (/home/demo/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/demo/.ssh/id_rsa.
Your public key has been saved in /home/demo/.ssh/id_rsa.pub.
demo
$cat ~/.ssh/id_rsa.pub>>~/.ssh/authorized_keys
#chmod 700 .ssh
#chmod 600 ~/.ssh/authorized_keys //不然Xshell 会提示 所选的用户密钥未在远程主机上注册。请再试一次。
//or willnotice The selected user key is not registered in the remote host.Try again.
4:多个密钥,多种密钥SSH登录
多密钥,只需要把公钥追加到authorized_keys
cat ~/.ssh/id_rsa.pub>>~/.ssh/authorized_keys
其他相关信息
ecdsa Xshell PUTTY还不支持,密钥认证是针对每个用户的。
-t type
Specifies the type of key to create. The possible values are
“rsa1” for protocol version 1 and “dsa”, “ecdsa”, “ed25519”, or
“rsa” for protocol version 2.
-b bits
Specifies the number of bits in the key tocreate. For RSA keys, the minimum size is 768 bits and
the default is 2048 bits. Generally,2048 bits is considered sufficient. DSA keys must be exactly
1024 bits as specified by FIPS 186-2. ForECDSA keys, the -b flag determines the key length by
selecting from one of three elliptic curvesizes: 256, 384 or 521 bits. Attempting to use bit lengths
other than these three values for ECDSA keyswill fail. ED25519 keys have a fixedlength and the
-b flag will be ignored.
ssh-keygen -t rsa -b 2048 //ssh-keygen -t rsa -b 65536,key bits exceeds maximum 16384
Bits has bad value 65536 (too large)
ssh-keygen -t rsa -b 16384
id_rsa
id_rsa.pub
ssh-keygen -t dsa -b 1024 //DSA keys must be 1024 bits
id_dsa
id_dsa.pub
ssh-keygen -t ecdsa -b 521
id_ecdsa
id_ecdsa.pub
ECDSA(椭圆曲线签名算法)
RSA公钥加密算法
DSA
结束