在自定义 vagrant 框中保存 ssh public 密钥的最佳方法是什么?
What is the best way to save ssh public key in custom vagrant box?
我经常看到非官方文档说你应该在创建自己的盒子时保存 vagrant 用户的 ssh public 密钥,如下所示:
curl https://raw.githubusercontent.com/mitchellh/vagrant/master/keys/vagrant.pub >> /home/vagrant/.ssh/authorized_keys
并且当 vagrant up 带有框时,显示以下消息:
default: Vagrant insecure key detected. Vagrant will automatically replace
default: this with a newly generated keypair for better security.
default:
default: Inserting generated public key within guest...
default: Removing insecure key from the guest if it's present...
default: Key inserted! Disconnecting and reconnecting using new SSH key...
我觉得 mitchellh 上面的 vagrant.pub 键不合适。
保存 vagrant 用户的 ssh public 密钥的最佳方法是什么?
您在 raw.githubusercontent.com 上指向的密钥是一个示例,不能使用。
返回的消息似乎告诉我们另一个 keypair 是自动生成的:
default: Inserting generated public key within guest...
default: Removing insecure key from the guest if it's present...
default: Key inserted! Disconnecting and reconnecting using new SSH key...
因此,如果一切正常,您的容器现在在 /home/vagrant/.ssh/authorized_keys 中使用新的 public 键,并且您的本地主机使用新的 $HOME/.ssh/id_rsa.
中的私钥
将此文件与您最初下载的文件进行比较,查看两个文件的修改时间(在本地主机和 vagrant 容器中)
构建您自己的密钥
简单运行:
ssh-keygen -f ~/.ssh/vagrant-dedicated
请参阅 man ssh-keygen 了解 密钥长度 、 密码 等...
示例输出:
对话:
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
简单输出:
Generating public/private rsa key pair.
Your identification has been saved in vagrant-dedicated.
Your public key has been saved in vagrant-dedicated.pub.
The key fingerprint is:
SHA256:U2YfVbMlCUed7tXrvf3xBQoLB3glpSpto4hwdjTKwV0 user @host
The key's randomart image is:
+---[RSA 2048]----+
| E ..o .o==+|
| . . . . + o.o=|
| o + . + + . ...|
| . + o o = . . .o|
|. = o = S o . o o|
|.+ o + . + o . + |
|. . . . . ..o|
| .*|
| .*|
+----[SHA256]-----+
这将创建两个文件:
ls -l ~/.ssh/vagrant-dedicated*
-rw------- 1 user user 1679 Oct 20 12:18 vagrant-dedicated
-rw-r--r-- 1 user user 394 Oct 20 12:18 vagrant-dedicated.pub
head -n1 ~/.ssh/vagrant-dedicated*
==> vagrant-dedicated <==
-----BEGIN RSA PRIVATE KEY-----
==> vagrant-dedicated.pub <==
ssh-rsa AAAAB3...0y/5 user@host
用~/.ssh/vagrant-dedicated.pub的内容替换容器/home/vagrant/.ssh/authorized_keys的内容,然后使用vagrant-dedicated作为ssh连接的私钥。
ssh -i ~/.ssh/vagrant-dedicated vagrant@container
指纹注意事项
在第一次连接到新的目标主机之前,ssh 会提示您有关主机的指纹。
你可以比较
的输出
ssh-keygen -vlf /etc/ssh/ssh_host_rsa_key.pub
在目标 vagrant 容器上,输出第一个连接输出:
ssh -o VisualHostKey=true -i ~/.ssh/vagrant-dedicated vagrant@container
首先 运行 将开始输出:
The authenticity of host 'container (10.12.34.56)' can't be established.
然后,指纹,类似
ECDSA key fingerprint is SHA256:9M+2wGn0nZO3GPYkWuuxzXqI3nIbk5IJJ5xwhsxwbXk
和Ascii艺术表示:
+---[ECDSA 256]---+
| . .. . |
| = .+ E |
| =oo. |
| .=.. |
| S=o. |
| o+=o..o |
| =+*X*..|
| . =*+#+.|
| .o=O+= |
+----[SHA256]-----+
两个命令必须提供相同的 fingerprint 和 ascii art.
我经常看到非官方文档说你应该在创建自己的盒子时保存 vagrant 用户的 ssh public 密钥,如下所示:
curl https://raw.githubusercontent.com/mitchellh/vagrant/master/keys/vagrant.pub >> /home/vagrant/.ssh/authorized_keys
并且当 vagrant up 带有框时,显示以下消息:
default: Vagrant insecure key detected. Vagrant will automatically replace
default: this with a newly generated keypair for better security.
default:
default: Inserting generated public key within guest...
default: Removing insecure key from the guest if it's present...
default: Key inserted! Disconnecting and reconnecting using new SSH key...
我觉得 mitchellh 上面的 vagrant.pub 键不合适。
保存 vagrant 用户的 ssh public 密钥的最佳方法是什么?
您在 raw.githubusercontent.com 上指向的密钥是一个示例,不能使用。
返回的消息似乎告诉我们另一个 keypair 是自动生成的:
default: Inserting generated public key within guest... default: Removing insecure key from the guest if it's present... default: Key inserted! Disconnecting and reconnecting using new SSH key...
因此,如果一切正常,您的容器现在在 /home/vagrant/.ssh/authorized_keys 中使用新的 public 键,并且您的本地主机使用新的 $HOME/.ssh/id_rsa.
将此文件与您最初下载的文件进行比较,查看两个文件的修改时间(在本地主机和 vagrant 容器中)
构建您自己的密钥
简单运行:
ssh-keygen -f ~/.ssh/vagrant-dedicated
请参阅 man ssh-keygen 了解 密钥长度 、 密码 等...
示例输出:
对话:
Enter passphrase (empty for no passphrase): Enter same passphrase again:简单输出:
Generating public/private rsa key pair. Your identification has been saved in vagrant-dedicated. Your public key has been saved in vagrant-dedicated.pub. The key fingerprint is: SHA256:U2YfVbMlCUed7tXrvf3xBQoLB3glpSpto4hwdjTKwV0 user @host The key's randomart image is: +---[RSA 2048]----+ | E ..o .o==+| | . . . . + o.o=| | o + . + + . ...| | . + o o = . . .o| |. = o = S o . o o| |.+ o + . + o . + | |. . . . . ..o| | .*| | .*| +----[SHA256]-----+
这将创建两个文件:
ls -l ~/.ssh/vagrant-dedicated*
-rw------- 1 user user 1679 Oct 20 12:18 vagrant-dedicated
-rw-r--r-- 1 user user 394 Oct 20 12:18 vagrant-dedicated.pub
head -n1 ~/.ssh/vagrant-dedicated*
==> vagrant-dedicated <==
-----BEGIN RSA PRIVATE KEY-----
==> vagrant-dedicated.pub <==
ssh-rsa AAAAB3...0y/5 user@host
用~/.ssh/vagrant-dedicated.pub的内容替换容器/home/vagrant/.ssh/authorized_keys的内容,然后使用vagrant-dedicated作为ssh连接的私钥。
ssh -i ~/.ssh/vagrant-dedicated vagrant@container
指纹注意事项
在第一次连接到新的目标主机之前,ssh 会提示您有关主机的指纹。
你可以比较
的输出ssh-keygen -vlf /etc/ssh/ssh_host_rsa_key.pub
在目标 vagrant 容器上,输出第一个连接输出:
ssh -o VisualHostKey=true -i ~/.ssh/vagrant-dedicated vagrant@container
首先 运行 将开始输出:
The authenticity of host 'container (10.12.34.56)' can't be established.
然后,指纹,类似
ECDSA key fingerprint is SHA256:9M+2wGn0nZO3GPYkWuuxzXqI3nIbk5IJJ5xwhsxwbXk
和Ascii艺术表示:
+---[ECDSA 256]---+
| . .. . |
| = .+ E |
| =oo. |
| .=.. |
| S=o. |
| o+=o..o |
| =+*X*..|
| . =*+#+.|
| .o=O+= |
+----[SHA256]-----+
两个命令必须提供相同的 fingerprint 和 ascii art.