[英]Confused regarding ssh keys on linux
I have few doubts regarding using private/public key on linux. 对于在Linux上使用私钥/公钥,我几乎没有疑问。
Suppose i have two linux boxes A
and B
. 假设我有两个Linux机器
A
和B
I want to use password less logins to B
from any computer. 我想使用少密码从任何计算机登录到
B
so on A i did this 所以在A我做到了
ssh-gen -t rsa
and it made two files ssh-gen -t rsa
,它制作了两个文件
id_rsa
and id_rsa.pub
id_rsa
和id_rsa.pub
Then i copied id_rsa.pub
to B
~/.ssh/A_id_rsa.pub
and then 然后我复制
id_rsa.pub
到B
~/.ssh/A_id_rsa.pub
然后
cat A_id_rsa.pub >> authorized_keys
Now i have these questions 现在我有这些问题
Suppose i have another computer C
where i also want to have passwordless login but i want to use key phrase
to protect the private key
. 假设我有一台计算机
C
,我也想进行无密码登录,但是我想使用key phrase
来保护private key
。 so can i generate another key using ssh-gen -t rsa
with different name and use that or i have to delete the previous key 所以我可以使用其他名称的
ssh-gen -t rsa
生成另一个密钥并使用该密钥,还是我必须删除前一个密钥
The other thing is for password less logins do need to do anything with keys
from B
to A
or its always from A
to B
另一件事是密码少,登录确实需要使用从
B
到A
keys
或总是从A
到B
keys
进行任何操作
So the private key
will always stay on host computer only? 因此,
private key
将始终仅保留在主机上吗? i have seen that AWS gives the private key for login. 我已经看到AWS提供了用于登录的私钥。 then why is that.
那为什么呢 Beuase for putting
A
public key to B
someone needs to access B
. Beuase用于把
A
公钥B
的人需要访问B
。 which is not possible for first time. 这是第一次不可能。 so does it mean we can login with either public key or private key
这是否意味着我们可以使用公钥或私钥登录
Yes, you can generate a key pair on C and do the same that you did for A: 是的,您可以在C上生成密钥对,并执行与A相同的操作:
cat C_id_rsa.pub >> authorized_keys 猫C_id_rsa.pub >> authorized_keys
The keys will only allow logins from A to B. 这些键仅允许从A登录到B。
Yes the private key will stay on the host computer. 是的,私钥将保留在主机上。 I believe AWS automatically puts the public key on computer B while it creates the virtual box.
我相信AWS在创建虚拟盒子时会自动将公钥放置在计算机B上。
In a quick line or two: 一两行:
The keys somewhat work like (very roughly): you need the public key to decrypt what is encrypted by private key and vice-versa. 密钥的工作方式类似于(非常粗略):您需要公共密钥来解密由私钥加密的内容,反之亦然。 To be more precise, http://en.wikipedia.org/wiki/Public-key_cryptography has way better information to start with.
更准确地说, http://en.wikipedia.org/wiki/Public-key_cryptography提供了更好的入门信息。
So to answer the questions: The private key is not normally tied to a computer. 因此回答以下问题:私钥通常不绑定到计算机。 You could copy the private key from, say A to C and could login by using it from C.
您可以将私钥从“ A”复制到“ C”,也可以从C使用它进行登录。
You could generate multiple keys on a single host, one key-pair for each set of hosts. 您可以在一台主机上生成多个密钥,每组主机一个密钥对。 Similarly, you could generate keys from multiple hosts, each host publishing it's key to the target computer's (B in this example) 'authorized_keys' file.
同样,您可以从多个主机生成密钥,每个主机都将其密钥发布到目标计算机的“ authorized_keys”文件(在此示例中为B)。
Ideally, the private key should be as secret as possible. 理想情况下,私钥应尽可能地保密。 While the SSH or key-management would not force having the key on one computer, it should be limited to a single system as a best practice.
尽管SSH或密钥管理不会强制将密钥存储在一台计算机上,但作为最佳实践,它应该限于单个系统。 Having said that, as far I know there is really nothing that prevents copying the private key around, say for backup or migration to a new system.
话虽这么说,据我所知,实际上并没有什么可以阻止私钥的复制,例如备份或迁移到新系统。 In other words, the private key file is like the password, it could be literally used from any system to login.
换句话说,私钥文件就像密码一样,可以从任何系统实际用于登录。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.