linux多用户密钥登陆,多用户,多(种\个)密钥,SSH 密钥登录linux服务器

接上文Linux服务器采用密钥认证登录

多用户,多(种\个)密钥,SSH 密钥登录linux服务器

多用户,多种密钥算法(rsa\dsa),SSH 私钥登录linux(Red Hat \ CentOS \ Fedora \ Debian \ Ubuntu) 服务器

multi-user, multi-key (rsa \ dsa), private key ssh login linux server (Red Hat \ CentOS \ Fedora \ Debian \ Ubuntu)

使用密钥验证登录

基于密钥的安全验证必须为用户自己创建一对密钥,但是一台服务器上不可能只有一个用户,算法和强度也不会只有一种。

1:用户,假如一台服务器上有有两个用户root和demo

root //提前生成了两对rsa算法密钥

#ssh-keygen -t rsa -b 2048

#ssh-keygen -t rsa -b 16384 //rsa 最大位数16384

demo //demo 先使用dsa算法密钥,然后在使用rsa算法密钥,然后放到一起authorized_keys

$ssh-keygen -t dsa -b 1024 //dsa 位数必须是1024

2:dsa算法密钥SSH登录

ssh-keygen -t dsa -b 1024 //DSA keys must be 1024 bits

Generating public/private dsa key pair.

Enter file in which to save the key (/home/demo/.ssh/id_dsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /home/demo/.ssh/id_dsa.

Your public key has been saved in /home/demo/.ssh/id_dsa.pub.

The key fingerprint is:

demo

$cat ~/.ssh/id_dsa.pub>>~/.ssh/authorized_keys

#chmod 700 .ssh

#chmod 600 ~/.ssh/authorized_keys //不然Xshell 会提示 所选的用户密钥未在远程主机上注册。请再试一次。

//or willnotice The selected user key is not registered in the remote host.Try again.

3:rsa算法密钥SSH登录

$ssh-keygen -t rsa -b 2048 //最大值16384

Generating public/private rsa key pair.

Enter file in which to save the key (/home/demo/.ssh/id_rsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /home/demo/.ssh/id_rsa.

Your public key has been saved in /home/demo/.ssh/id_rsa.pub.

demo

$cat ~/.ssh/id_rsa.pub>>~/.ssh/authorized_keys

#chmod 700 .ssh

#chmod 600 ~/.ssh/authorized_keys //不然Xshell 会提示 所选的用户密钥未在远程主机上注册。请再试一次。

//or willnotice The selected user key is not registered in the remote host.Try again.

4:多个密钥,多种密钥SSH登录

多密钥,只需要把公钥追加到authorized_keys

cat ~/.ssh/id_rsa.pub>>~/.ssh/authorized_keys

其他相关信息

ecdsa Xshell PUTTY还不支持,密钥认证是针对每个用户的。

-t type

Specifies the type of key to create. The possible values are

“rsa1” for protocol version 1 and “dsa”, “ecdsa”, “ed25519”, or

“rsa” for protocol version 2.

-b bits

Specifies the number of bits in the key tocreate. For RSA keys, the minimum size is 768 bits and

the default is 2048 bits. Generally,2048 bits is considered sufficient. DSA keys must be exactly

1024 bits as specified by FIPS 186-2. ForECDSA keys, the -b flag determines the key length by

selecting from one of three elliptic curvesizes: 256, 384 or 521 bits. Attempting to use bit lengths

other than these three values for ECDSA keyswill fail. ED25519 keys have a fixedlength and the

-b flag will be ignored.

ssh-keygen -t rsa -b 2048 //ssh-keygen -t rsa -b 65536,key bits exceeds maximum 16384

Bits has bad value 65536 (too large)

ssh-keygen -t rsa -b 16384

id_rsa

id_rsa.pub

ssh-keygen -t dsa -b 1024 //DSA keys must be 1024 bits

id_dsa

id_dsa.pub

ssh-keygen -t ecdsa -b 521

id_ecdsa

id_ecdsa.pub

ECDSA(椭圆曲线签名算法)

RSA公钥加密算法

DSA

结束

d2c3403b31a72e80ea9514c05e2ea1dd.png

1ede6a3c27393c60049d2649a116744d.png

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值