openssh与ssh2 key的转换

ssh -V,OpenSSH--ssh1,SSH Secure Shell--ssh2
ssh1 --》ssh2 转换使用下面的命令:

ssh-keygen -e -f id_rsa.pub > id_rsa_gbisd1_ssh2.pub

机器A安装了ssh1,
机器B安装了ssh2,

在A上执行keygen,转换后cp到B上,那么在B上ssh A时不需要口令

§6.4 使用Public Key (OpenSSH) 不用密码登陆.


步骤如下:

l 创建key

$ mkdir -p ~/.ssh
 
$ chmod 700 ~/.ssh
 
$ cd ~/.ssh
 
$ ssh-keygen -b 1024 -t dsa

l 拷贝key到服务器端

$ scp -p id_dsa.pub remoteuser@remotehost:
 
Password: ********

l 登陆到服务器端安装公钥

$ ssh -l remoteuser remotehost
 
Password: ********
 
remotehost$ mkdir -p ~/.ssh If it doesn't already exist
 
remotehost$ chmod 700 ~/.ssh
 
remotehost$ cat id_dsa.pub >> ~/.ssh/authorized_keys (Appending)
 
remotehost$ chmod 600 ~/.ssh/authorized_keys
 
remotehost$ mv id_dsa.pub ~/.ssh 可选步骤,该文件甚至可以删除掉
 
remotehost$ logout

l 用public-key登陆

$ ssh -l remoteuser remotehost
 
Enter passphrase for key '/home/smith/.ssh/id_dsa': ********

公钥一般存放在~/.ssh/authorized_keys, 老的OpenSSH版本可能存放在~/.ssh/authorized_keys2.

Public-key 认证机制比密码要安全, 因为密码不在网络上传输. 而且可以是用加密的方式存储的,如果没有别人没有passphrase,拿到密钥也没有用.为此一定要设置passphrase

如果以上不步骤不能实现不输密码登陆,请检查:

/etc/ssh/sshd_config:
 
PubkeyAuthentication yes

可以用ssh –v来显示详细的登陆过程.

SSH-2 key文件格式:

SSH的两种主要实现方式: OpenSSH and SSH Secure Shell ("SSH2")

OpenSSH 的如下:

ssh-dss A9AAB3NzaC1iGMqHpSCEliaouBun8FF9t8p...

or:

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA3DIqRox...

SSH Secure Shell的如下:

---- BEGIN SSH2 PUBLIC KEY ----

AAAAB3NzaC1kc3MAAACBAM4a2KKBE6zhPBgRx4q6Dbjxo5hXNKNWYIGkX/W/k5PqcCH0J6 ...

---- END SSH2 PUBLIC KEY ----

SSH Secure Shell的安装方式也不同,目录在~/.ssh2 要在, ~/.ssh2/authorization中用如下方式提及: Keypublic_key_filename. 私钥也需要在~/.ssh2/identification用如下方式引用:

IdKey
§6.5 (OpenSSH) 客户端登陆SSH2 server (OpenSSH Key)
 
Export your OpenSSH key to create an SSH2-format public key. If your OpenSSH private key is ~/.ssh/id_dsa:
 
$ cd ~/.ssh
 
$ ssh-keygen -e -f id_dsa > mykey-ssh2.pub
 
Copy the public key to the SSH2 server:
 
$ scp mykey-ssh2.pub remoteuser@remotehost:
 
Log into the SSH2 server and install the public key, then log out:
 
$ ssh -l remoteuser remotehost
 
Password: ********
 
remotehost$ mkdir -p ~/.ssh2 If it doesn't already exist
 
remotehost$ chmod 700 ~/.ssh2
 
remotehost$ mv mykey-ssh2.pub ~/.ssh2/
 
remotehost$ cd ~/.ssh2
 
remotehost$ echo "Key mykey-ssh2.pub" >> authorization (Appending)
 
remotehost$ chmod 600 mykey-ssh2.pub authorization
 
remotehost$ logout
 
Now log in via public-key authentication:
 
$ ssh -l remoteuser remotehost
 
Enter passphrase for key '/home/smith/.ssh/id_dsa': *******

ssh-keygen能把OpenSSH格式的密钥转换成SSH2格式, 即可.

§6.6 (OpenSSH) 客户端登陆SSH2 server (SSH2 Key)

使用已经存在的SSH2格式的密钥.

ssh-keygen能把SSH2格式的密钥转换成OpenSSH格式, 即可. 但是只能针对没有加密的.

上面是转换key的方式,但是在有passphrase的情况下不能实现,以下方法给它先解密

Suppose your SSH2 private key is id_dsa_1024_a.
 
Make a copy of the SSH2 private key:
 
$ cd ~/.ssh2
 
$ cp -p id_dsa_1024_a newkey
 
Set its passphrase to the empty string, creating an unencrypted key:
 
$ ssh-keygen2 -e newkey
 
...
 
Do you want to edit passphrase (yes or no)? yes
 
New passphrase :
 
Again :
 
Import the SSH2 private key to convert it into an OpenSSH private key, imported-ssh2-key:
 
$ mkdir -p ~/.ssh If it doesn't already exist
 
$ chmod 700 ~/.ssh
 
$ cd ~/.ssh
 
$ mv ~/.ssh2/newkey .
 
$ ssh-keygen -i -f newkey > imported-ssh2-key
 
$ rm newkey
 
$ chmod 600 imported-ssh2-key
 
Change the passphrase of the imported key:
 
$ ssh-keygen -p imported-ssh2-key
 
Use your new key:
 
$ ssh -l remoteuser -i ~/.ssh/imported-ssh2-key remotehost
 
To generate the OpenSSH public key from the OpenSSH private key imported-ssh2-key, run:
 
$ ssh-keygen -y -f imported-ssh2-key > imported-ssh2-key.pub
 
Enter passphrase: ********
§6.7 (SSH2) 客户端登陆OpenSSH server
 
Create an SSH2 private key on the client machine, if one doesn't already exist, and install it by appending a line to ~/.ssh2/identification:
 
$ mkdir -p ~/.ssh2 If it doesn't already exist
 
$ chmod 700 ~/.ssh2
 
$ cd ~/.ssh2
 
$ ssh-keygen2 Creates id_dsa_1024_a
 
$ echo "IdKey id_dsa_1024_a" >> identification (Appending)
 
Copy its public key to the OpenSSH server machine:
 
$ scp2 id_dsa_1024_a.pub remoteuser@remotehost:.ssh/
 
Log into the OpenSSH server host and use OpenSSH's ssh-keygen to import the public key, creating an OpenSSH format key: [Recipe 6.6]
 
$ ssh2 -l remoteuser remotehost
 
Password: ********
 
remotehost$ cd ~/.ssh
 
remotehost$ ssh-keygen -i > imported-ssh2-key.pub
 
Enter file in which the key is (/home/smith/.ssh/id_rsa): id_dsa_1024_a.pub
 
Install the new public key by appending a line to ~/.ssh/authorized_keys:
 
remotehost$ cat imported-ssh2-key.pub >> authorized_keys (Appending)
 
Log out and log back in using the new key:
 
remotehost$ exit
 
$ ssh2 -l remoteuser remotehost

ssh1使用密钥登录配置
1、在本地主机生成密钥对
ssh-keygen -t rsa
本地主机 ~/.ssh/id_rsa权限不能太开放,不允许被他人读取
如果文件权限存在文件请执行:
chmod 600 ~/.ssh/id_rsa
chmod 700 ~/.ssh/
2、远程服务器端
将本地公钥~/.ssh/id_rsa.pub上传到远程服务器
如没有.ssh目录,先创建它
mkdir -p ~/.ssh
chmod 700 ~/.ssh
cat id_rsa.pub >> ~/.ssh/authorized_keys
3、远程端SSH2服务器
需将公钥转换成为SSH2所兼容的模式,执行如下命令:
cd ~/.ssh/
ssh-keygen -e -f id_rsa.pub > id_rsa_2.pub #名称自己定义
将本地公钥~/.ssh/id_rsa_2.pub上传到远程服务器.ssh2目录下
cd ~/.ssh2/
vi authorization
输入如下行:
Key id_rsa_2.pub

还没有评论,快来抢沙发!

发表评论

  • 😉
  • 😐
  • 😡
  • 😈
  • 🙂
  • 😯
  • 🙁
  • 🙄
  • 😛
  • 😳
  • 😮
  • emoji-mrgree
  • 😆
  • 💡
  • 😀
  • 👿
  • 😥
  • 😎
  • ➡
  • 😕
  • ❓
  • ❗
  • 65 queries in 0.417 seconds