您能让 ssh-keygen 的默认客户端密钥长度更大吗？

Question

我认为没有办法通过配置文件来实现这一点。您可以设置一个别名并将其放在 shell 初始化文件中。但这不会阻止用户删除别名并运行自己的命令。

alias ssh-keygen='ssh-keygen -b 3072'

然后

$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/iain/.ssh/id_rsa): /tmp/testkey
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /tmp/testkey.
Your public key has been saved in /tmp/testkey.pub.
The key fingerprint is:
47:3a:03:c8:ac:63:1c:bf:9d:44:1d:4b:b4:0e:66:04 
$ ssh-keygen -lf /tmp/testkey
3072 47:3a:03:c8:ac:63:1c:bf:9d:44:1d:4b:b4:0e:66:04 /tmp/testkey.pub

您可以将其放在每个（现有）用户的 ~/.bashrc 和 /etc/skel/.bashrc 中，以便新用户也可以获得它。

Answer 1

我认为没有办法通过配置文件来实现这一点。您可以设置一个别名并将其放在 shell 初始化文件中。但这不会阻止用户删除别名并运行自己的命令。

alias ssh-keygen='ssh-keygen -b 3072'

然后

$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/iain/.ssh/id_rsa): /tmp/testkey
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /tmp/testkey.
Your public key has been saved in /tmp/testkey.pub.
The key fingerprint is:
47:3a:03:c8:ac:63:1c:bf:9d:44:1d:4b:b4:0e:66:04 
$ ssh-keygen -lf /tmp/testkey
3072 47:3a:03:c8:ac:63:1c:bf:9d:44:1d:4b:b4:0e:66:04 /tmp/testkey.pub

您可以将其放在每个（现有）用户的 ~/.bashrc 和 /etc/skel/.bashrc 中，以便新用户也可以获得它。

您能让 ssh-keygen 的默认客户端密钥长度更大吗？

答案1

相关内容