“known_hosts”條目的不同部分是什麼意思?
下面是一個
known_hosts
條目。開頭ssh-rsa
和結尾的部分是公鑰。其他部分(前面的字元ssh-rsa
)是什麼?| 1 | KnbIIJIPrL / 1p7ofUV74sK + J /立方厘米= | wrjOFnPgoF0afgH0PeRtRqSdgvc = SSH-RSA AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa + PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31 / YMF + Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB + weqqUUmpaaasXVal72J + UX2B + 2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi / w4yCE6gbODqnTWlg7 + wC604ydGXA8VJiS5ap43JXiUFFAaQ ==
是
|1|
HASH_MAGIC,表明它是一個散列的 known_hosts 條目。接下來的兩個 base-64 編碼欄位(由 分隔
|
)是隨機生成的鹽和主機的 SHA-1 雜湊。如果您使用的是舊版本的 OpenSSH,或者您已
HashKnownHosts No
在/etc/ssh/ssh_config
或 ~/.ssh/config 中設置,則條目不會經過雜湊處理,看起來更像這樣:remotehostname,192.168.1.100 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdn...etc...
從
sshd(8)
手冊頁的SSH_KNOWN_HOSTS FILE FORMAT部分:Each line in these files contains the following fields: markers (optional), hostnames, bits, exponent, modulus, comment. The fields are separated by spaces.
…
Alternately, hostnames may be stored in a hashed form which hides host names and addresses should the file’s contents be disclosed. Hashed hostnames start with a ‘|’ character. Only one hashed hostname may appear on a single line and none of the above negation or wildcard opera- tors may be applied.