`ssh-keygen -A` 到底是做什么的?
What exactly does `ssh-keygen -A` do?
$ ssh-keygen --help
ssh-keygen: unrecognized option: -
usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa]
[-N new_passphrase] [-C comment] [-f output_keyfile]
ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]
ssh-keygen -i [-m key_format] [-f input_keyfile]
ssh-keygen -e [-m key_format] [-f input_keyfile]
ssh-keygen -y [-f input_keyfile]
ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]
ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]
ssh-keygen -B [-f input_keyfile]
ssh-keygen -D pkcs11
ssh-keygen -F hostname [-f known_hosts_file] [-l]
ssh-keygen -H [-f known_hosts_file]
ssh-keygen -R hostname [-f known_hosts_file]
ssh-keygen -r hostname [-f input_keyfile] [-g]
ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point]
ssh-keygen -T output_file -f input_file [-v] [-a rounds] [-J num_lines]
[-j start_line] [-K checkpt] [-W generator]
ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals]
[-O option] [-V validity_interval] [-z serial_number] file ...
ssh-keygen -L [-f input_keyfile]
ssh-keygen -A
ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number]
file ...
ssh-keygen -Q -f krl_file file ...
您可能会注意到 ssh-keygen -A 明显缺少文档。
$ ssh-keygen -A
ssh-keygen: generating new host keys: RSA DSA ECDSA ED25519
它似乎正在生成 (A)ll 个密钥文件,但我在 /root/.ssh/ 中没有看到任何密钥。只是为了确认,我 运行 ssh-keygen 没有任何选项,通过所有提示输入,并且我有预期的密钥。
所以问题是,"What exactly is happening?"
根据我的阅读,-A 选项生成 (A)ll 个默认主机密钥。
A 主机密钥 是用于在 SSH 协议中验证计算机的加密密钥。这是来自 ssh.com
的精彩解释
当我通过 ssh-keygen 提示按回车键时,在 ~/.ssh/ 文件夹中生成了一个密钥;如我所料。但是,当 运行 ssh-keygen -A 时,我没有在 ~/.ssh/.
中看到任何其他键
阅读 ssh.com 的 post 后,我发现 /etc/ssh/ 中有新生成的钥匙。
更新:
查看@Biffen 在原始问题评论中推荐的 explainshell.com/explain?cmd=ssh-keygen+-A 文档!
我怀疑被问到的部分问题是 ssh-keygen -A 存储结果的位置,这是我试图问自己的问题,我想我已经回答了。
您可以通过 运行 "ssh-keygen -A" 命令以普通用户(非 ROOT)的身份相当快速地查看结果存储在系统中的位置:然后权限将阻止您实际重写任何东西:
user> ssh-keygen -A
ssh-keygen: generating new host keys: RSA1 open /etc/ssh/ssh_host_key failed: Permission denied.
Saving the key failed: /etc/ssh/ssh_host_key.
ssh-keygen: generating new host keys: ED25519 open /etc/ssh/ssh_host_ed25519_key failed: Permission denied.
Saving the key failed: /etc/ssh/ssh_host_ed25519_key.
显示系统范围的密钥存储在 /etc/ssh 中。
这可以通过 sshd_config 文件进行配置:
user> grep etc/ssh /etc/ssh/sshd_config
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
这在 ssh-keygen 手册中有记录:
-A
For each of the key types (rsa1, rsa, dsa, ecdsa and ed25519) for which host keys do not exist, generate the host keys with the default key file path, an empty
passphrase, default bits for the key type, and default comment. This is used by system administration scripts to generate new host keys.
因此,如果您的系统还没有主机密钥,ssh-keygen -A 将会创建它们。 重新创建 主机密钥将导致您的 SSH 客户端在您下次连接到机器时抱怨主机的密钥指纹已更改,并且...
Are you sure you want to continue connecting (yes/no)?
(假设你之前已经通过SSH连接成功)
$ ssh-keygen --help
ssh-keygen: unrecognized option: -
usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa]
[-N new_passphrase] [-C comment] [-f output_keyfile]
ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]
ssh-keygen -i [-m key_format] [-f input_keyfile]
ssh-keygen -e [-m key_format] [-f input_keyfile]
ssh-keygen -y [-f input_keyfile]
ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]
ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]
ssh-keygen -B [-f input_keyfile]
ssh-keygen -D pkcs11
ssh-keygen -F hostname [-f known_hosts_file] [-l]
ssh-keygen -H [-f known_hosts_file]
ssh-keygen -R hostname [-f known_hosts_file]
ssh-keygen -r hostname [-f input_keyfile] [-g]
ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point]
ssh-keygen -T output_file -f input_file [-v] [-a rounds] [-J num_lines]
[-j start_line] [-K checkpt] [-W generator]
ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals]
[-O option] [-V validity_interval] [-z serial_number] file ...
ssh-keygen -L [-f input_keyfile]
ssh-keygen -A
ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number]
file ...
ssh-keygen -Q -f krl_file file ...
您可能会注意到 ssh-keygen -A 明显缺少文档。
$ ssh-keygen -A
ssh-keygen: generating new host keys: RSA DSA ECDSA ED25519
它似乎正在生成 (A)ll 个密钥文件,但我在 /root/.ssh/ 中没有看到任何密钥。只是为了确认,我 运行 ssh-keygen 没有任何选项,通过所有提示输入,并且我有预期的密钥。
所以问题是,"What exactly is happening?"
根据我的阅读,-A 选项生成 (A)ll 个默认主机密钥。
A 主机密钥 是用于在 SSH 协议中验证计算机的加密密钥。这是来自 ssh.com
的精彩解释当我通过 ssh-keygen 提示按回车键时,在 ~/.ssh/ 文件夹中生成了一个密钥;如我所料。但是,当 运行 ssh-keygen -A 时,我没有在 ~/.ssh/.
阅读 ssh.com 的 post 后,我发现 /etc/ssh/ 中有新生成的钥匙。
更新:
查看@Biffen 在原始问题评论中推荐的 explainshell.com/explain?cmd=ssh-keygen+-A 文档!
我怀疑被问到的部分问题是 ssh-keygen -A 存储结果的位置,这是我试图问自己的问题,我想我已经回答了。
您可以通过 运行 "ssh-keygen -A" 命令以普通用户(非 ROOT)的身份相当快速地查看结果存储在系统中的位置:然后权限将阻止您实际重写任何东西:
user> ssh-keygen -A
ssh-keygen: generating new host keys: RSA1 open /etc/ssh/ssh_host_key failed: Permission denied.
Saving the key failed: /etc/ssh/ssh_host_key.
ssh-keygen: generating new host keys: ED25519 open /etc/ssh/ssh_host_ed25519_key failed: Permission denied.
Saving the key failed: /etc/ssh/ssh_host_ed25519_key.
显示系统范围的密钥存储在 /etc/ssh 中。 这可以通过 sshd_config 文件进行配置:
user> grep etc/ssh /etc/ssh/sshd_config
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
这在 ssh-keygen 手册中有记录:
-AFor each of the key types (rsa1, rsa, dsa, ecdsa and ed25519) for which host keys do not exist, generate the host keys with the default key file path, an empty passphrase, default bits for the key type, and default comment. This is used by system administration scripts to generate new host keys.
因此,如果您的系统还没有主机密钥,ssh-keygen -A 将会创建它们。 重新创建 主机密钥将导致您的 SSH 客户端在您下次连接到机器时抱怨主机的密钥指纹已更改,并且...
Are you sure you want to continue connecting (yes/no)?
(假设你之前已经通过SSH连接成功)