Linux
正確使用 RSA 密鑰對
我最近開始使用 RSA 密鑰對登錄到我管理的各種伺服器,並希望在最近遇到一些問題時對最佳實踐有所了解。
最好的做法是在本地只保留一個 RSA 密鑰並在要登錄的每台伺服器上註冊相同的密鑰?我最近嘗試為我需要訪問的新伺服器添加一個額外的密鑰,但它無法正常工作。
先感謝您。
我不確定它是否“標準”,但如果您要使用多個密鑰,則需要在命令行上指定要使用的密鑰或在 ~/.ssh/ 中指定每個主機配置文件。從 OpenSSH 手冊頁:
-i identity_file Selects a file from which the identity (private key) for public key authentication is read. The default is ~/.ssh/identity for protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and ~/.ssh/id_rsa for protocol version 2. Identity files may also be specified on a per-host basis in the configuration file. It is pos‐ sible to have multiple -i options (and multiple identities specified in configuration files). ssh will also try to load certificate information from the filename obtained by appending -cert.pub to identity filenames.範例配置條目:
host remote.host.example.com IdentityFile ~/tmp/example_rsa