zoukankan      html  css  js  c++  java
  • SSH的那些keys

    Known Host Keys

    防止中间人攻击。

    https://www.ssh.com/ssh/host-key#known-host-keys

    SSH clients store host keys for hosts they have ever connected to. These stored host keys are called known host keys, and the collection is often called known hosts. In OpenSSH, the collection of known host keys is stored in /etc/ssh/known_hosts and in .ssh/known_hosts in each user's home directory.

    Each host (i.e., computer) should have a unique host key. Sharing host keys is strongly not recommended, and can result in vulnerability to man-in-the-middle attacks. However, in computing clusters sharing hosts keys may sometimes be acceptable and practical.

    https://www.cnblogs.com/fonxian/p/11228760.html

    known_hosts这个文件究竟有什么用?里面放的是什么内容?

    ssh会把你每个你访问过计算机的公钥(public key)都记录在known_hosts。当下次访问相同计算机时,OpenSSH会核对公钥。如果公钥不同,OpenSSH会发出警告, 避免你受到DNS Hijack之类的攻击。

    Authorized Key

    为SSH客户端提供免密登录。

    https://www.ssh.com/ssh/authorized-key

    An authorized key in SSH is a public key used for granting login access to users. The authentication mechanism is called public key authentication.

    Authorized keys are configured separately for each user - usually in the .ssh/authorized_keys file in the user's home directory. However, the location of the keys can be configured in SSH server configuration files, and is often changed to a root-owned location in more secure environments.

    Technically, an authorized key looks like this:

    ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBN

    keygen

    公私钥生成

    https://www.ssh.com/ssh/keygen/

    Ssh-keygen is a tool for creating new authentication key pairs for SSH. Such key pairs are used for automating logins, single sign-on, and for authenticating hosts.

    The simplest way to generate a key pair is to run ssh-keygen without arguments. In this case, it will prompt for the file in which to store keys. Here's an example:

    klar (11:39) ~>ssh-keygen
    Generating public/private rsa key pair.
    Enter file in which to save the key (/home/ylo/.ssh/id_rsa): 
    Enter passphrase (empty for no passphrase): 
    Enter same passphrase again: 
    Your identification has been saved in /home/ylo/.ssh/id_rsa.
    Your public key has been saved in /home/ylo/.ssh/id_rsa.pub.
    The key fingerprint is:
    SHA256:Up6KjbnEV4Hgfo75YM393QdQsK3Z0aTNBz0DoirrW+c ylo@klar
    The key's randomart image is:
    +---[RSA 2048]----+
    |    .      ..oo..|
    |   . . .  . .o.X.|
    |    . . o.  ..+ B|
    |   .   o.o  .+ ..|
    |    ..o.S   o..  |
    |   . %o=      .  |
    |    @.B...     . |
    |   o.=. o. . .  .|
    |    .oo  E. . .. |
    +----[SHA256]-----+
    klar (11:40) ~>

    ssh-copy-id

    拷贝本地公钥到远程主机上的authorized_key文件中,提供免密登录。

    https://www.ssh.com/ssh/copy-id

    ssh-copy-id installs an SSH key on a server as an authorized key. Its purpose is to provision access without requiring a password for each login. This facilitates automated, passwordless logins and single sign-on using the SSH protocol.

  • 相关阅读:
    wzplayer for android V1.5 整合硬解码(仍然支持加密音视频)
    mac osx 快捷键
    从零开始学AS3游戏开发【七】永无终结,不断完善的游戏
    flash flex as3 类库 资料大全
    php include一个有全局变量的应注意
    MySQL事件调度器 CREATE EVENT
    The Miner – 专业Flash AS3性能分析器(profiler)入门教程
    as3加密入门1使用alchemy进行代码混淆
    从零开始学AS3游戏开发【五】 告别方块,添加碰撞
    PHP实现的Mysql读写分离
  • 原文地址:https://www.cnblogs.com/lightsong/p/12670018.html
Copyright © 2011-2022 走看看