总结

总结

我正在使用 PuTTYgen 来生成公钥和私钥。我的问题是,如何将这些文件转换为 RFC4716 格式?

PuTTYgen 允许我以通用格式保存公钥,例如:文件格式:所有文件(*.*)以及原生 PuTTY 格式的私钥。PuTTYgen 还允许将密钥导出为 OpenSSH 或 ssh.com。

尽管如此,我还是找不到任何允许我将文件转换为 RFC 4716 格式的选项。有人知道任何解决方案吗?我的操作系统是 Windows。感谢您提供的任何帮助!

答案1

总结

对于示例密钥(由 PuTTY 输出):

---- BEGIN SSH2 PUBLIC KEY ----
Comment: "rsa-key-20140607"
AAAAB3NzaC1yc2EAAAABJQAAAQEAs+UjC01Fk8xs8vpLW1RIipwxG1zXTaCkIdeJ
K3SyhMVl78/QwErTYuIop3wVmVAuTKhw4uYCMaRZCy36FdSGQ9FwDCP+lT36M2Xv
ZtraweH+1IPHzRf2ENNdEfs286zllu96WGtqLYwObXQbHMm3dPDDbH3apynrS/FJ
HisCayFXFN84aBfh9HFHrM++BXqpxTX5nq50QoRwSjMY6qMuLwjJKKQslcb5hlRV
SjCmUZKv9/fH+i0BI7UHJ01XHNp1sisL5biWkakXD9BxXjv/ggyeLsOTtdtrF0DK
7wYQXyNmpRqHYOBdrZlskHf/R1CtWoBi5IIeARWZVDduXf1Pww==
---- END SSH2 PUBLIC KEY ----

单行格式(例如 预期authorized_keys)为:

ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAs+UjC01Fk8xs8vpLW1RIipwxG1zXTaCkIdeJK3SyhMVl78/QwErTYuIop3wVmVAuTKhw4uYCMaRZCy36FdSGQ9FwDCP+lT36M2XvZtraweH+1IPHzRf2ENNdEfs286zllu96WGtqLYwObXQbHMm3dPDDbH3apynrS/FJHisCayFXFN84aBfh9HFHrM++BXqpxTX5nq50QoRwSjMY6qMuLwjJKKQslcb5hlRVSjCmUZKv9/fH+i0BI7UHJ01XHNp1sisL5biWkakXD9BxXjv/ggyeLsOTtdtrF0DK7wYQXyNmpRqHYOBdrZlskHf/R1CtWoBi5IIeARWZVDduXf1Pww==

这里没有神奇的命令来转换。如果你仔细看,我只是删除了几行,删除了换行符,并在前面加上了ssh-rsa

解释

putty 使用的默认格式定义在RFC4716

从 开始man ssh-keygenssh-keygen支持 3x 格式:

  1. RFC4716
  2. PKCS8
  3. 质子交换膜
 -m key_format
        Specify a key format for the -i (import) or -e (export) conver‐
        sion options.  The supported key formats are: “RFC4716” (RFC
        4716/SSH2 public or private key), “PKCS8” (PEM PKCS8 public key)
        or “PEM” (PEM public key).  The default conversion format is
        “RFC4716”.  Setting a format of “PEM” when generating or updating
        a supported private key type will cause the key to be stored in
        the legacy PEM private key format.

和PuTTY使用的默认值ssh-keygen实际上是相同的(RFC4716),只是文件id_rsa.pub将其放在一行上,这正是authorized_keys文件所期望的。

示例键

例如,我将在 Debian 10 中生成一个新密钥:

user@disp8452:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:lrwmOoBF1PEtDbbVkFwREgWqdJlH5ViEYzQpUAyPyNY user@disp8452
The key's randomart image is:
+---[RSA 2048]----+
| ...+*+oX&Oo     |
| ..o.=o@B*.      |
| .+ E Xo=..      |
| ... o + .       |
| o  .   S        |
|. .    . .       |
|   .  . o        |
|    .. o         |
|    ..           |
+----[SHA256]-----+
user@disp8452:~$ cat /home/user/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzU4exWqu4tsgWIJleq1AJ98cGHswD80cphWYOasspBoOPgdv1rljgb9PFAQX19X+rofYi+aYd1glP8BhRC3rt4zE26J54h8tt46DBT1TkFPJ2O3ULhLSqcv9zENGkGB0bfXkvhI0p/tP4b1a0NnvmNME9i6qyo8/7mPLovaKwP1qkd7/a+p1DQr2XoId9U6G4rx0TKsvhbjmDvaCWAm4c5LT3WbQHh301DWiwsN8xn8LkxaO4GtdIqxHOyj7lmQZGw8ixuvoIY/FjgXhSPGmaWLyz2o45TrTNP7vWxWqgcDi2CegziD67+UN4tBZvB9HwR6V3aaCrV59H15ukAtK1 user@disp8452
user@disp8452:~$ 

RFC4716

您可以以 PuTTY RFC4716 格式获取它,如下所示:

user@disp8452:~$ ssh-keygen -ef /home/user/.ssh/id_rsa -mRFC4716
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "2048-bit RSA, converted by user@disp8452 from OpenSSH"
AAAAB3NzaC1yc2EAAAADAQABAAABAQCzU4exWqu4tsgWIJleq1AJ98cGHswD80cphWYOas
spBoOPgdv1rljgb9PFAQX19X+rofYi+aYd1glP8BhRC3rt4zE26J54h8tt46DBT1TkFPJ2
O3ULhLSqcv9zENGkGB0bfXkvhI0p/tP4b1a0NnvmNME9i6qyo8/7mPLovaKwP1qkd7/a+p
1DQr2XoId9U6G4rx0TKsvhbjmDvaCWAm4c5LT3WbQHh301DWiwsN8xn8LkxaO4GtdIqxHO
yj7lmQZGw8ixuvoIY/FjgXhSPGmaWLyz2o45TrTNP7vWxWqgcDi2CegziD67+UN4tBZvB9
HwR6V3aaCrV59H15ukAtK1
---- END SSH2 PUBLIC KEY ----
user@disp8452:~$ 

BEGIN请注意,指纹行实际上是相同的,因此您只需删除、Comment和行即可手动在 PuTTY 输出的多行格式和单行格式之间进行转换END。然后删除换行符并在其前面添加ssh-rsa

PKCS8

为了完整起见,这是上面密钥的 PKCS8 格式:

user@disp8452:~$ ssh-keygen -ef /home/user/.ssh/id_rsa -mPKCS8
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1OHsVqruLbIFiCZXqtQ
CffHBh7MA/NHKYVmDmrLKQaDj4Hb9a5Y4G/TxQEF9fV/q6H2IvmmHdYJT/AYUQt6
7eMxNuieeIfLbeOgwU9U5BTydjt1C4S0qnL/cxDRpBgdG315L4SNKf7T+G9WtDZ7
5jTBPYuqsqPP+5jy6L2isD9apHe/2vqdQ0K9l6CHfVOhuK8dEyrL4W45g72glgJu
HOS091m0B4d9NQ1osLDfMZ/C5MWjuBrXSKsRzso+5ZkGRsPIsbr6CGPxY4F4Ujxp
mli8s9qOOU60zT+71sVqoHA4tgnoM4g+u/lDeLQWbwfR8Eeld2mgq1efR9ebpALS
tQIDAQAB
-----END PUBLIC KEY-----
user@disp8452:~$

质子交换膜

PEM 格式如下:

user@disp8452:~$ ssh-keygen -ef /home/user/.ssh/id_rsa -mPEM
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAs1OHsVqruLbIFiCZXqtQCffHBh7MA/NHKYVmDmrLKQaDj4Hb9a5Y
4G/TxQEF9fV/q6H2IvmmHdYJT/AYUQt67eMxNuieeIfLbeOgwU9U5BTydjt1C4S0
qnL/cxDRpBgdG315L4SNKf7T+G9WtDZ75jTBPYuqsqPP+5jy6L2isD9apHe/2vqd
Q0K9l6CHfVOhuK8dEyrL4W45g72glgJuHOS091m0B4d9NQ1osLDfMZ/C5MWjuBrX
SKsRzso+5ZkGRsPIsbr6CGPxY4F4Ujxpmli8s9qOOU60zT+71sVqoHA4tgnoM4g+
u/lDeLQWbwfR8Eeld2mgq1efR9ebpALStQIDAQAB
-----END RSA PUBLIC KEY-----
user@disp8452:~$ 

答案2

RFC 4716 格式是“保存公钥”命令生成:

RFC 4716 指定存储 SSH-2 公钥的标准格式在磁盘上。一些 SSH 服务器(例如 ssh.com)需要这种格式的公钥才能接受使用相应私钥的身份验证。(其他服务器,例如 OpenSSH,使用不同的格式;请参阅第 8.2.10 节。)

以 SSH-2 标准格式保存您的公钥,按 PuTTYgen 中的“保存公钥”按钮。PuTTYgen 将弹出一个对话框,询问您将文件保存在哪里。选择一个目录,输入文件名,然后按“保存”。


RFC 4716 格式的公钥如下所示:

---- BEGIN SSH2 PUBLIC KEY ----
Comment: "foobar"
AAAAB3NzaC1yc2EAAAABJQAAAQBZ9s5nqsH6bwB1ljF3DHBRs05PpeWIZEYnYRF5
Ri4CTpUlZq2Ne/32qUUKgLTXpGrsbmASqdYLqow5U91slzb5Lg6zfkZsWz+CgAFV
YPQ5/ZbAZHKstvvES8L/RYJBCczSCuJiQbi60OpRryxP2lVQXbWeLrF/xYThW07p
VhyxxOeB1KocM7gfA6etI7GkQBppFuE/gW1c+efzx6GQNaacimm9k7gSdd+t2JZx
x6WmMmTHxDzCcGz4DCjpctG2AHFu6RcguvhX4G4Dk+Q53Hu1+9OvocJXrXxvPbdu
qU9YwfGHe6ZRXTpV/5XvSXvkIr3moKyXiCAzSD20yffEAXT7
---- END SSH2 PUBLIC KEY ----

相关内容