我在 Windows 上通过脚本运行 pscp。如果我添加
echo y | pscp.exe...
它起作用了。但是,我无法让它接受使用
pscp.exe -hostkey aa:bb:cc...
我也尝试过
pscp.exe -hostkey "ssh-rsa 2048 aa:bb:cc..."
这也不起作用。每次我都收到以下错误:
Fatal: Host key did not appear in manually configured list
我是否误解了它的工作原理?这需要完全自动化,我无法手动添加密钥,因为它存储在用户注册表上下文中。此脚本需要使用服务帐户作为计划任务运行,可能在多台计算机上运行。
的正确用法是什么-hostkey?
为避免疑问,是的,这是正确的算法和密钥长度,是的,我使用的是实际指纹,而不是用于示例的“aa:bb:cc ...”。
答案1
正确的用法如下:
C:\>plink -pw password -hostkey 01:02:03:04:05:06:07:08:09:10:11:12:13:14:15:16 username@hostname
这是有效的:
C:\>plink -pw password -hostkey "RSA 2048 01:02:03:04:05:06:07:08:09:10:11:12:13:14:15:16" username@hostname
但正如@dave_thompson_085 所述......该程序似乎忽略了任何额外的空格分隔的单词,因为这也有效:
C:\>plink -pw password -hostkey "ASDF 01:02:03:04:05:06:07:08:09:10:11:12:13:14:15:16 ASDF" username@hostname
我发现密钥必须与握手中预期的任何内容相匹配(通过不提供 -Hostkey 选项发现):
C:\>plink hostname
The server's host key is not cached in the registry. You
have no guarantee that the server is the computer you
think it is.
The server's rsa2 key fingerprint is:
ssh-rsa 2048 01:02:03:04:05:06:07:08:09:10:11:12:13:14:15:16
If you trust this host, enter "y" to add the key to
PuTTY's cache and carry on connecting.
If you want to carry on connecting just once, without
adding the key to the cache, enter "n".
If you do not trust this host, press Return to abandon the
connection.
Store key in cache? (y/n)
此命令将显示服务器上生成的密钥:
$ ls -1 /etc/ssh/ssh_host_*.pub
/etc/ssh/ssh_host_dsa_key.pub
/etc/ssh/ssh_host_key.pub
/etc/ssh/ssh_host_rsa_key.pub
这些命令将显示密钥指纹(使用上面命令显示的文件名):
$ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key
2048 01:02:03:04:05:06:07:08:09:10:11:12:13:14:15:16 /etc/ssh/ssh_host_rsa_key.pub (RSA)
$ ssh-keygen -l -f /etc/ssh/ssh_host_dsa_key
1024 01:02:03:04:05:06:07:08:09:10:11:12:13:14:15:16 /etc/ssh/ssh_host_dsa_key.pub (DSA)