根据文件名从 ssh-agent 中选择身份

Question 1

我想我必须回答我自己的问题，因为似乎没有任何方法可以通过文件名请求身份。

我编写了一个快速而简单的 Python 脚本，它.ssh/fingerprints为代理持有的每个密钥创建一个公钥文件。然后我可以指定这个不包含密钥的文件，使用IdentityFileSSH 将从 SSH 代理中选择正确的身份。运行良好，并允许我将代理用于任意数量的私钥。

#!/usr/bin/env python
# -*- coding: utf-8 -*-

"""Dumps all public keys held by ssh-agent and stores them in ~/.ssh/fingerprints/, so that
they can be identified using the IdentityFile directive.

"""

import sys, os
import stat
import re
import envoy

RE_MATCH_FILENAME = re.compile(r'([^\\/:*?"<>|\r\n]+)\.\w{2,}$', re.IGNORECASE)

if os.getuid() == 0:
    USERNAME = os.environ['SUDO_USER']
else:
    USERNAME = os.environ['USER']

def error(message):
    print "Error:", message
    sys.exit(1)

def main():
    keylist = envoy.run('ssh-add -L').std_out.strip('\n').split('\n')

    if len(keylist) < 1:
        error("SSH-Agent holds no indentities")

    for key in keylist:
        crypto, ckey, name = key.split(' ')
        filename = os.path.join(os.environ['HOME'], '.ssh/fingerprints',
                  RE_MATCH_FILENAME.search(name).group(1)+'.pub')

        with open(filename, 'w') as f:
            print "Writing %s ..." % filename
            f.write(key)

        envoy.run('chmod 600 %s' % filename)
        envoy.run('chown %s %s' % (USERNAME, filename))


if __name__ == '__main__':
    main()

Answer

我想我必须回答我自己的问题，因为似乎没有任何方法可以通过文件名请求身份。

我编写了一个快速而简单的 Python 脚本，它.ssh/fingerprints为代理持有的每个密钥创建一个公钥文件。然后我可以指定这个不包含密钥的文件，使用IdentityFileSSH 将从 SSH 代理中选择正确的身份。运行良好，并允许我将代理用于任意数量的私钥。

#!/usr/bin/env python
# -*- coding: utf-8 -*-

"""Dumps all public keys held by ssh-agent and stores them in ~/.ssh/fingerprints/, so that
they can be identified using the IdentityFile directive.

"""

import sys, os
import stat
import re
import envoy

RE_MATCH_FILENAME = re.compile(r'([^\\/:*?"<>|\r\n]+)\.\w{2,}$', re.IGNORECASE)

if os.getuid() == 0:
    USERNAME = os.environ['SUDO_USER']
else:
    USERNAME = os.environ['USER']

def error(message):
    print "Error:", message
    sys.exit(1)

def main():
    keylist = envoy.run('ssh-add -L').std_out.strip('\n').split('\n')

    if len(keylist) < 1:
        error("SSH-Agent holds no indentities")

    for key in keylist:
        crypto, ckey, name = key.split(' ')
        filename = os.path.join(os.environ['HOME'], '.ssh/fingerprints',
                  RE_MATCH_FILENAME.search(name).group(1)+'.pub')

        with open(filename, 'w') as f:
            print "Writing %s ..." % filename
            f.write(key)

        envoy.run('chmod 600 %s' % filename)
        envoy.run('chown %s %s' % (USERNAME, filename))


if __name__ == '__main__':
    main()

Question 2

跑步

ssh-add -L | gawk ' { print $2 > $3 ".pub" } '

在远程计算机上自动生成所有公钥文件（假设您的公钥.ssh/config已命名privateKeyFileName.pub且不涉及不一致的路径）。致电咨询chown $USER .ssh/*您的sudo案例。

Answer

跑步

ssh-add -L | gawk ' { print $2 > $3 ".pub" } '

在远程计算机上自动生成所有公钥文件（假设您的公钥.ssh/config已命名privateKeyFileName.pub且不涉及不一致的路径）。致电咨询chown $USER .ssh/*您的sudo案例。

Question 3

从已接受的解决方案中挑选，并假设您只想重用用于访问初始服务器的身份，然后类似：

Host github.com
    IdentitiesOnly yes
    IdentityFile ~/.ssh/authorized_keys

就足够了。

Answer

从已接受的解决方案中挑选，并假设您只想重用用于访问初始服务器的身份，然后类似：

Host github.com
    IdentitiesOnly yes
    IdentityFile ~/.ssh/authorized_keys

就足够了。

Question 4

python3版本的代码在leoluks优秀回答中：

#!/usr/bin/env python
# -*- coding: utf-8 -*-

"""Dumps all public keys held by ssh-agent and stores them in ~/.ssh/fingerprints/, so that
they can be identified using the IdentityFile directive.

"""

import sys, os
import stat
import re
import subprocess

RE_MATCH_FILENAME = re.compile(r'([^\\/:*?"<>|\r\n]+)(\.\w{2,})?$', re.IGNORECASE)

if os.getuid() == 0:
    USERNAME = os.environ['SUDO_USER']
else:
    USERNAME = os.environ['USER']

def error(message):
    print("Error:", message)
    sys.exit(1)

def main():
    keylist = subprocess.check_output(['ssh-add','-L']).decode().strip('\n').split('\n')

    if len(keylist) < 1:
        error("SSH-Agent holds no indentities")

    for key in keylist:
        crypto, ckey, name = key.split(' ')
        print('name', name)
        filename = os.path.join(os.environ['HOME'], '.ssh/fingerprints',
                  RE_MATCH_FILENAME.search(name).group(1)+'.pub')

        with open(filename, 'w') as f:
            print("Writing %s ..." % filename)
            f.write(key)

        subprocess.call(['chmod', '600', filename])
        subprocess.call(['chown',USERNAME, filename])


if __name__ == '__main__':
    main()

Answer

python3版本的代码在leoluks优秀回答中：

#!/usr/bin/env python
# -*- coding: utf-8 -*-

"""Dumps all public keys held by ssh-agent and stores them in ~/.ssh/fingerprints/, so that
they can be identified using the IdentityFile directive.

"""

import sys, os
import stat
import re
import subprocess

RE_MATCH_FILENAME = re.compile(r'([^\\/:*?"<>|\r\n]+)(\.\w{2,})?$', re.IGNORECASE)

if os.getuid() == 0:
    USERNAME = os.environ['SUDO_USER']
else:
    USERNAME = os.environ['USER']

def error(message):
    print("Error:", message)
    sys.exit(1)

def main():
    keylist = subprocess.check_output(['ssh-add','-L']).decode().strip('\n').split('\n')

    if len(keylist) < 1:
        error("SSH-Agent holds no indentities")

    for key in keylist:
        crypto, ckey, name = key.split(' ')
        print('name', name)
        filename = os.path.join(os.environ['HOME'], '.ssh/fingerprints',
                  RE_MATCH_FILENAME.search(name).group(1)+'.pub')

        with open(filename, 'w') as f:
            print("Writing %s ..." % filename)
            f.write(key)

        subprocess.call(['chmod', '600', filename])
        subprocess.call(['chown',USERNAME, filename])


if __name__ == '__main__':
    main()

根据文件名从 ssh-agent 中选择身份

答案1

答案2

答案3

答案4

相关内容