Linux

正確使用 RSA 密鑰對

  • November 1, 2011

我最近開始使用 RSA 密鑰對登錄到我管理的各種伺服器,並希望在最近遇到一些問題時對最佳實踐有所了解。

最好的做法是在本地只保留一個 RSA 密鑰並在要登錄的每台伺服器上註冊相同的密鑰?我最近嘗試為我需要訪問的新伺服器添加一個額外的密鑰,但它無法正常工作。

先感謝您。

我不確定它是否“標準”,但如果您要使用多個密鑰,則需要在命令行上指定要使用的密鑰或在 ~/.ssh/ 中指定每個主機配置文件。從 OpenSSH 手冊頁:

    -i identity_file
        Selects a file from which the identity (private key) for public key authentication is read.  The default is
        ~/.ssh/identity for protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and ~/.ssh/id_rsa for protocol
        version 2.  Identity files may also be specified on a per-host basis in the configuration file.  It is pos‐
        sible to have multiple -i options (and multiple identities specified in configuration files).  ssh will
        also try to load certificate information from the filename obtained by appending -cert.pub to identity
        filenames.

範例配置條目:

host remote.host.example.com
IdentityFile ~/tmp/example_rsa

引用自:https://serverfault.com/questions/326862