本章节,延续上一章节有关於SSH连线的介绍,继续介绍SSH之以金钥为基础的验证与设定介绍。
可以使用ssh-keygen指令来完成产生金钥,相关的执行指令方式与其结果如下:
[rockylinux@workstation ~]$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/rockylinux/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/rockylinux/.ssh/id_rsa.
Your public key has been saved in /home/rockylinux/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:9BzR1YvPR5sGGLvOIf4bt9zHKYDdvxXgaC8ZtpELjr8 rockylinux@workstation
The key's randomart image is:
+---[RSA 3072]----+
| .. ... |
| o. .|
| . . +.. .|
| . o ++o...|
| S.=Bo.+oo|
| oo+=B. *o|
| ...+*ooo.+|
| .. o=.oo+|
| Eoo.o.oo|
+----[SHA256]-----+
[rockylinux@workstation ~]$
从上从上述的执行指令来看,ssh-keygen指令可以以互动模式来询问,首先会先问私钥钥存放在哪,预设会存放到家目录底下的.ssh底下,档案名称为:id_rsa,接着再问私钥是否需要设定passphrase,当这个设定之後,每次做SSH远端连线的时候,都需要输入设定的密码,通常来说,这边都不会建议设定密码,原因是因为这样在SSH连线的时候都需要先输入密码,会显得较麻烦,所设定passphrase这边的步骤可以按下「enter」键跳过,接着再按一次之後,公私钥就分别建立起来了。
若要使用金钥交换之验证方式连线的话,则可以先使用ssh-copy-id之指令将本地端的公钥传到远端要进行SSH远端连线的server,相关的指令执行的方式与其输出如下:
[rockylinux@workstation ~]$ ssh-copy-id -i ~/.ssh/id_rsa.pub [email protected]
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/rockylinux/.ssh/id_rsa.pub"
The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
ECDSA key fingerprint is SHA256:jtNpnVUOQFBlVo5shPfHdnogsQq/LtxbFLmgaeJJDjI.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
[email protected]'s password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.
[rockylinux@workstation ~]$
从上从上述的执行指令来看,若第一次连线,则会先询问fingerprint之问题,接着再使用密码验证的方式确认对方SSH远端连线的资讯是否正确,之後就会成功的将公钥存放到远端的server上了,之後再连线的时候,就会优先使用将钥验证而不用输入密码的方式来验证了,相关的指令在汇入金钥执行之输出讯息如下:
[rockylinux@workstation ~]$ ssh [email protected]
Activate the web console with: systemctl enable --now cockpit.socket
Last login: Sat Oct 2 22:42:11 2021 from 192.168.0.9
而公钥则会存放在远端连线的使用者家目录之.ssh/authorized_keys中,可以使用cat指令将此输出:
[rockylinux@workstation ~]$ cat ~/.ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDK97Z4zU65OF81G3ew5R72zKbBq7SpvY3GXaDy0anpATCZvyewugoSOeAQ4nNriJSCdV5eBZsWTSzFb56Gmcvo+jdV/nZ+N/JQJUfoecVMG/BUTTiVAbNDkGnC4zkzKLKK0Npvjj1hOzUngevq8n3QVRImmEBgGxmw66++CwELOQX/Q82Rc3yLjYEBFstBGmCohigFTd3rjY2m3KnNGvH4vfxIQ5vxTJisOLxa0D9arRtfe6pBor8IyZ065+ofBaWlmtL8/1SM/CbsHA0PhMvW8XEKY0dplQy/T+1WgTiXBOeSDiavXLCDHjt66N0IcFbFAi/GGSjKcH+jL9Ej5ZE7hacp1Szv16HnajQg0oKh0iTVu0o8htPTYXTh9AVyw+B9Szn1gv+IpxgT/DQQ2suQ30PUa5lWXU68DqfTztXSwXSDfWK3CSYO+w8QSFp8ckcImJoUOeJBvfYdjpSS/pG4UqF7zcPMy0+2mBQ4Kx5CTu8g9Q7OSMQiFfudX7kCU0c= rockylinux@workstation
ssh-keygen指令除了使用互动式的方式之外,也可以使用非互动之方式将公私钥建立起来,请以非互动式方式将公私钥建立起来,可以使用man指令来查看此指令的用法。
<<: 30天零负担轻松学会制作APP介面及设计【DAY 22】
>>: Day16 AR装置的编年史(中) 带着AR 走出户外去探险!
绝对定位设计优惠价 https://codepen.io/pwbzvqja/pen/GRjodBK ...
本篇会有不少冷门范例。 其实我觉得很奇妙,就是我老是踩到一些超冷门连 Google 都找不太到的雷...
3D转换跟2D转换不同的是使用三维坐标系(多了Z轴座标) 1.三维坐标系是由三个轴共同组成的 X轴 ...
你学到了甚麽? 我们可以将学到的图表分为3类 Trends - 可以定义一种变换的模式 sns.li...
阿修的说文解字 何谓 CORS? MDN 大大表示: CORS(Cross-Origin Resou...