linux多用户密钥登陆,多用户，多(种\个)密钥，SSH 密钥登录linux服务器

接上文Linux服务器采用密钥认证登录

多用户，多(种\个)密钥，SSH 密钥登录linux服务器

多用户，多种密钥算法(rsa\dsa)，SSH 私钥登录linux(Red Hat \ CentOS \ Fedora \ Debian \ Ubuntu) 服务器

multi-user, multi-key (rsa \ dsa), private key ssh login linux server (Red Hat \ CentOS \ Fedora \ Debian \ Ubuntu)

使用密钥验证登录

基于密钥的安全验证必须为用户自己创建一对密钥，但是一台服务器上不可能只有一个用户，算法和强度也不会只有一种。

1：用户，假如一台服务器上有有两个用户root和demo

root //提前生成了两对rsa算法密钥

#ssh-keygen -t rsa -b 2048

#ssh-keygen -t rsa -b 16384 //rsa 最大位数16384

demo //demo 先使用dsa算法密钥，然后在使用rsa算法密钥，然后放到一起authorized_keys

$ssh-keygen -t dsa -b 1024 //dsa 位数必须是1024

2：dsa算法密钥SSH登录

ssh-keygen -t dsa -b 1024 //DSA keys must be 1024 bits

Generating public/private dsa key pair.

Enter file in which to save the key (/home/demo/.ssh/id_dsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /home/demo/.ssh/id_dsa.

Your public key has been saved in /home/demo/.ssh/id_dsa.pub.

The key fingerprint is:

demo

$cat ~/.ssh/id_dsa.pub>>~/.ssh/authorized_keys

#chmod 700 .ssh

#chmod 600 ~/.ssh/authorized_keys //不然Xshell 会提示 所选的用户密钥未在远程主机上注册。请再试一次。

//or willnotice The selected user key is not registered in the remote host.Try again.

3：rsa算法密钥SSH登录

$ssh-keygen -t rsa -b 2048 //最大值16384

Generating public/private rsa key pair.

Enter file in which to save the key (/home/demo/.ssh/id_rsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /home/demo/.ssh/id_rsa.

Your public key has been saved in /home/demo/.ssh/id_rsa.pub.

demo

$cat ~/.ssh/id_rsa.pub>>~/.ssh/authorized_keys

#chmod 700 .ssh

#chmod 600 ~/.ssh/authorized_keys //不然Xshell 会提示 所选的用户密钥未在远程主机上注册。请再试一次。

//or willnotice The selected user key is not registered in the remote host.Try again.

4：多个密钥，多种密钥SSH登录

多密钥，只需要把公钥追加到authorized_keys

cat ~/.ssh/id_rsa.pub>>~/.ssh/authorized_keys

其他相关信息

ecdsa Xshell PUTTY还不支持，密钥认证是针对每个用户的。

-t type

Specifies the type of key to create. The possible values are

“rsa1” for protocol version 1 and “dsa”, “ecdsa”, “ed25519”, or

“rsa” for protocol version 2.

-b bits

Specifies the number of bits in the key tocreate. For RSA keys, the minimum size is 768 bits and

the default is 2048 bits. Generally,2048 bits is considered sufficient. DSA keys must be exactly

1024 bits as specified by FIPS 186-2. ForECDSA keys, the -b flag determines the key length by

selecting from one of three elliptic curvesizes: 256, 384 or 521 bits. Attempting to use bit lengths

other than these three values for ECDSA keyswill fail. ED25519 keys have a fixedlength and the

-b flag will be ignored.

ssh-keygen -t rsa -b 2048 //ssh-keygen -t rsa -b 65536,key bits exceeds maximum 16384

Bits has bad value 65536 (too large)

ssh-keygen -t rsa -b 16384

id_rsa

id_rsa.pub

ssh-keygen -t dsa -b 1024 //DSA keys must be 1024 bits

id_dsa

id_dsa.pub

ssh-keygen -t ecdsa -b 521

id_ecdsa

id_ecdsa.pub

ECDSA(椭圆曲线签名算法)

RSA公钥加密算法

DSA

结束