我有两台虚拟机。
- VM1 运行的是 ubuntu 18.04
- VM2 运行的是 ubuntu 20.04.1
当我ssh-keygen在 VM1 上时,它会给我一个 RSA 私钥。
当我在 VM2 上执行同样的事情时,它会给我一个 OpenSSH 私钥。
为什么两个 Ubuntu VM 生成不同的密钥?我正在尝试自动生成密钥并将其转换为 Ansible 可用的 PEM 密钥。这对 VM1 来说很有效,但由于 VM2 生成的是 OpenSSH 密钥而不是 RSA 私钥,因此 OpenSSL 命令无法转换密钥。
root@Bento:~/.ssh# openssl rsa -in privkey -outform pem > privkey.pem
unable to load Private Key
139680893203776:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: ANY PRIVATE KEY
Ansible 任务
- name: Generate an OpenSSH keypair
community.crypto.openssh_keypair:
path: "/{{ ansible_env.HOME }}/.ssh/privkey"
type: rsa
comment: " KEY {{ ansible_date_time.date }}"
- name: Convert to pem
become: true
shell: openssl rsa -in {{ ansible_env.HOME }}/.ssh/privkey -outform pem > {{ ansible_env.HOME }}/.ssh/privkey.pem
VM2 上的手动 ssh-keygen
root@Bento:~/.ssh# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): privkey
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in privkey
Your public key has been saved in privkey.pub
The key fingerprint is:
SHA256:12L0AzhQV1DbnTI+BBK98pVr3uIRoMpEDlOdAC+EzeY root@Bento
The key's randomart image is:
+---[RSA 3072]----+
| +oo++o*=o |
| ..+o. =...o ..|
| o+ oo o.o+o..|
| E* +.=+oo |
| oS.* =+. |
| o .o o +o |
| o o.. |
| o.. |
| ... |
+----[SHA256]-----+
root@Bento:~/.ssh# ssh-keygen -e -m pem -f privkey
-----BEGIN RSA PUBLIC KEY-----
MIIBigKCAYEA26DDdYXIReHsRqWHh19VMGuKCvR+y4G6XVpxAqVAD+NeNLtMVAZu
G76mYWgmVIEGuQgB4O/E0V9Tpg8NNU7NQLG81BL1RZayZSo1rpr6ylFfltRRNe9k
nG0uJE9Ipikm8yeooTWp6hd/7tSMj4NHzHVQFcY88zLnaGu6f627ZwTpmaW7vvF+
PzYJZBqlrsXgUTVPHqjfrkqQY+M/eqBvt/hLa3u8t+tkIAkLO4W8bwb3fTo324GK
0O8juU5jMggEyeGaXko2CgJFAjZZipQa45S6O53+xRjtMI6lzTPvRuXWiPnYNwHI
KvTf2WsAQ2C/z40Phiumtda8FinX5y+sC9U3AZqfBg5XFSEcc+/5wWRHyRru2ARt
sL32wniRUQ6m+Ky/QIbSfE2j6XGjU7uwM/kK7v9GSCGQeJwE7KFO01xgpb6xNS+X
xG0S3iEwnUltAyCOSm3te9s2rzNz9W151s27PxlrwT9Lv5Gv8sma0SHO/s6jZjZ7
ZqWUncdpl5uNAgMBAAE=
-----END RSA PUBLIC KEY-----
root@Bento:~/.ssh#
ssh-keygen -e -m pem -f privkey仍在生成 openssh 密钥而不是 rsa 密钥。
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
NhAAAAAwEAAQAAAYEA26DDdYXIReHsRqWHh19VMGuKCvR+y4G6XVpxAqVAD+NeNLtMVAZu
G76mYWgmVIEGuQgB4O/E0V9Tpg8NNU7NQLG81BL1RZayZSo1rpr6ylFfltRRNe9knG0uJE
9Ipikm8yeooTWp6hd/7tSMj4NHzHVQFcY88zLnaGu6f627ZwTpmaW7vvF+PzYJZBqlrsXg
UTVPHqjfrkqQY+M/eqBvt/hLa3u8t+tkIAkLO4W8bwb3fTo324GK0O8juU5jMggEyeGaXk
o2CgJFAjZZipQa45S6O53+xRjtMI6lzTPvRuXWiPnYNwHIKvTf2WsAQ2C/z40Phiumtda8
FinX5y+sC9U3AZqfBg5XFSEcc+/5wWRHyRru2ARtsL32wniRUQ6m+Ky/QIbSfE2j6XGjU7
uwM/kK7v9GSCGQeJwE7KFO01xgpb6xNS+XxG0S3iEwnUltAyCOSm3te9s2rzNz9W151s27
PxlrwT9Lv5Gv8sma0SHO/s6jZjZ7ZqWUncdpl5uNAAAFiA6J97AOifewAAAAB3NzaC1yc2
EAAAGBANugw3WFyEXh7Ealh4dfVTBrigr0fsuBul1acQKlQA/jXjS7TFQGbhu+pmFoJlSB
BrkIAeDvxNFfU6YPDTVOzUCxvNQS9UWWsmUqNa6a+spRX5bUUTXvZJxtLiRPSKYpJvMnqK
E1qeoXf+7UjI+DR8x1UBXGPPMy52hrun+tu2cE6Zmlu77xfj82CWQapa7F4FE1Tx6o365K
kGPjP3qgb7f4S2t7vLfrZCAJCzuFvG8G9306N9uBitDvI7lOYzIIBMnhml5KNgoCRQI2WY
qUGuOUujud/sUY7TCOpc0z70bl1oj52DcByCr039lrAENgv8+ND4YrprXWvBYp1+cvrAvV
NwGanwYOVxUhHHPv+cFkR8ka7tgEbbC99sJ4kVEOpvisv0CG0nxNo+lxo1O7sDP5Cu7/Rk
ghkHicBOyhTtNcYKW+sTUvl8RtEt4hMJ1JbQMgjkpt7XvbNq8zc/VtedbNuz8Za8E/S7+R
r/LJmtEhzv7Oo2Y2e2allJ3HaZebjQAAAAMBAAEAAAGBALJyx/14KsZlD3ZDToA2fGAwMG
RATbmKeWMadhIhNJD0O3n66MSoyNQwLr2cQvCMOWsjz2r1ReScYLnfJus2UN0MzRE/KhxV
mjNKfX2WHMlAHrvNXQLGtOfIaiJEbRHdA/GzOndpw9oZJ/BksKR2lWLRurVGcgVkSdN1HH
5bKZZFzovxtj8ptlsjy7OTVyVPT7iL6PJPYhcaLIGMhepb6wn+a0E0s5x4XM0OrBq7yeQo
M/SC1hm7ApBKjaslvsFK8x/GKScNU2ipyvhfp3aO2dfRCfCq4ak3bODWmQRnXFqiCVzbLf
lWBW6NJSvXBTVqaxg6XozBj6RN6v62vRpJWxYv4d/cs30uYDXgLyoVrZ372INbGzBz5YlR
CM7hltBteAsjLL7AXoNvlQnXHdwnmFBvw+5Tw7/VNRgYTcq6t7uM7ZNt80HBga+Q7WR+G4
JbQwuxDexZqVNP2lVVm8Oxx6sKw6zk/+I5BgbbqMVJBXGVdhkah9UeEyxNfYyUspTAAQAA
AMEApcfsq09FDPiry+7skzloxIRi4MCU9sfNZ9BHrocVN2N2x76eHtYtBwDw5wD9xtjgsJ
CUG0fY5+vmYKpboGlXtaMwMYozgFCt/IZJ56+wIgJ/U0fyLk0eY/YqEyhu2j05aT5gvoIL
fjY0zOOOE81lfSU6NPycDaZt3eR5Blwvj1VdwXLKXjez2hXuYHa6F3Zgbg879eHvXrW8lA
Q3qqDOClJFlmME/vi8DqQwfUXkfjpwhy+PgxjsoeNOWbDfcLlrAAAAwQDtSfEeQQqXHpEs
iQsflQ5FxVFwEiumFsbJVyXq/5wJWab7GNawy2tVtPFeKnAxsXDjLUsetvA2Yo12Ctjz0B
Np6InC4XAJoyUowAx0aA+Ry0abicN8VyFIDsTGcZDHQZkpJmswOEiX/HXB0A7Sdgh7eCas
CG0izLZLqwD7RurTcH32a8r1ZrKm78Jqf4ZkT7NqeJb6Bgq3cTahysmxTYfnjkDdjMtUJ4
auW7MTrYxGaNqt431Q+kiU/iVmFG7yC40AAADBAOzyTw76DC9cZO+ykQ4basF1iYbTwl73
49/T309IQjZAqcTO1/l4RqXh6R79FAaq5bN4FcqaQOeRwwm0+E04cjUiKThJvKDOQ203V4
izwboN7E/heRIAAi2zswpHrOjzoffpjs7iZ5/MeA4j+SuH+A47dV+w7k+SPamhKCiFzkye
ZV0GVwDVy+Tn6Jr/oSc3oWtKhcabhWE0Gpggr2nhjhiP+leB/4T6Ow5T7S9A2caKA7PXcB
o8Sdh2lcnjNA/QAQAAAApyb290QEJlbnRvAQIDBAUGBw==
-----END OPENSSH PRIVATE KEY-----
答案1
这些机器上有不同版本的 OpenSSH。
自 OpenSSH 7.8 起,ssh-keygen默认以新的“OpenSSH”格式生成密钥。在旧版本中,它将使用“PEM”格式。
使用-m转变要求特定格式,以使行为在各个版本之间保持一致。不过,为此您至少需要 OpenSSH 5.6。
有关相关问题,请参阅ssh-keygen [-o] 有什么作用?