我最近开始使用 RSA 密钥对登录我管理的各种服务器,并且希望获得一些最佳实践的见解,因为我最近遇到了一些问题。
最佳做法是只在本地保留一个 RSA 密钥,并在您要登录的每个服务器上注册相同的密钥吗?我最近尝试为需要访问的新服务器添加一个额外的密钥,但无法正常工作。
先感谢您。
答案1
我不确定它是否是“标准”的,但如果您要使用多个密钥,则需要在命令行上指定要使用的密钥,或者在 ~/.ssh/config 文件中为每个主机指定密钥。摘自 OpenSSH 手册页:
-i identity_file
Selects a file from which the identity (private key) for public key authentication is read. The default is
~/.ssh/identity for protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and ~/.ssh/id_rsa for protocol
version 2. Identity files may also be specified on a per-host basis in the configuration file. It is pos‐
sible to have multiple -i options (and multiple identities specified in configuration files). ssh will
also try to load certificate information from the filename obtained by appending -cert.pub to identity
filenames.
配置条目示例:
host remote.host.example.com
IdentityFile ~/tmp/example_rsa