总结

tag-icon tag-icon ssh ssh-keys putty
总结

一位同事为我提供了一个 ssh 密钥,以便我将它添加到authorized_keysLinux 服务器上的帐户文件中,以便他们可以访问该帐户。

该文件看起来是这样的:

---- BEGIN SSH2 PUBLIC KEY ----
Comment: "rsa-key-20160816"
AAAAB3NzaC1yc2EAAAABJQAAAQEApoYJFnGDNis/2oCT6/h9Lzz2y0BVHLv8joXM
s4SYcYUVwBxNzqJsDWbikBn/h32AC36qAW24Bft+suGMtJGS3oSX53qR7ozsXs/D
lCO5FzRxi4JodStiYaz/pPK24WFOb4sLXr758tz2u+ZP2lfDfzn9nLxregZvO9m+
zpToLCWlXrzjZxDesJOcfh/eszU9KUKXfXn6Jsey7ej8TYqB2DgYCfv8jGm+oLVe
UOLEl7fxzjgcDdiLaXbqq7dFoOsHUABBV6kaXyE9LmkbXZB9lQ==
---- END SSH2 PUBLIC KEY ----

(好吧,sshd)的手册页authorized_keys明确指出,该文件要求每个密钥占用一行。所以我想我需要将此密钥转换为单行格式?我该如何做到这一点?

答案1

这个问题有一个可以接受的答案,但我认为值得注意的是,有一种方法可以使用工具ssh-keygen而不是sed

ssh-keygen -i -f ssh2.pub > openssh.pub

您现有的 ssh2 密钥在哪里ssh2.pub?openssh.pub 将是 openssh 格式的密钥。如果您只想复制和粘贴,则可以省略重定向并使用:

ssh-keygen -i -f ssh2.pub

答案2

  • 删除BEGINEND
  • 可选择删除该Comment行(如果您想稍后将其添加为注释,可以记下此行)
  • 删除所有剩余的换行符
  • 在行首添加文本“ssh-rsa”

现在关键的是:

ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEApoYJFnGDNis/2oCT6/h9Lzz2y0BVHLv8joXMs4SYcYUVwBxNzqJsDWbikBn/h32AC36qAW24Bft+suGMtJGS3oSX53qR7ozsXs/DlCO5FzRxi4JodStiYaz/pPK24WFOb4sLXr758tz2u+ZP2lfDfzn9nLxregZvO9m+zpToLCWlXrzjZxDesJOcfh/eszU9KUKXfXn6Jsey7ej8TYqB2DgYCfv8jGm+oLVeUOLEl7fxzjgcDdiLaXbqq7dFoOsHUABBV6kaXyE9LmkbXZB9lQ== rsa-key-20160816

除了附加注释之外,这一行代码将完成上述所有操作(假设 GNU sed):

sed key.pub -e 's/---- B.*/ssh-rsa /;/Comment:/d;'|sed ':a;N;$!ba;s/\n//g;s/---.*//'

答案3

总结

对于您提供的示例密钥(由 PuTTY 输出):

---- BEGIN SSH2 PUBLIC KEY ----
Comment: "rsa-key-20160816"
AAAAB3NzaC1yc2EAAAABJQAAAQEApoYJFnGDNis/2oCT6/h9Lzz2y0BVHLv8joXM
s4SYcYUVwBxNzqJsDWbikBn/h32AC36qAW24Bft+suGMtJGS3oSX53qR7ozsXs/D
lCO5FzRxi4JodStiYaz/pPK24WFOb4sLXr758tz2u+ZP2lfDfzn9nLxregZvO9m+
zpToLCWlXrzjZxDesJOcfh/eszU9KUKXfXn6Jsey7ej8TYqB2DgYCfv8jGm+oLVe
UOLEl7fxzjgcDdiLaXbqq7dFoOsHUABBV6kaXyE9LmkbXZB9lQ==
---- END SSH2 PUBLIC KEY ----

单行格式(例如 预期authorized_keys)为:

ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEApoYJFnGDNis/2oCT6/h9Lzz2y0BVHLv8joXM
s4SYcYUVwBxNzqJsDWbikBn/h32AC36qAW24Bft+suGMtJGS3oSX53qR7ozsXs/D
lCO5FzRxi4JodStiYaz/pPK24WFOb4sLXr758tz2u+ZP2lfDfzn9nLxregZvO9m+
zpToLCWlXrzjZxDesJOcfh/eszU9KUKXfXn6Jsey7ej8TYqB2DgYCfv8jGm+oLVe
UOLEl7fxzjgcDdiLaXbqq7dFoOsHUABBV6kaXyE9LmkbXZB9lQ==

这里没有神奇的命令来转换。如果你仔细看,我只是删除了几行,删除了换行符,并在前面加上了ssh-rsa

解释

putty 使用的默认格式定义在RFC4716

从 开始man ssh-keygenssh-keygen支持 3x 格式:

  1. RFC4716
  2. PKCS8
  3. 质子交换膜
 -m key_format
        Specify a key format for the -i (import) or -e (export) conver‐
        sion options.  The supported key formats are: “RFC4716” (RFC
        4716/SSH2 public or private key), “PKCS8” (PEM PKCS8 public key)
        or “PEM” (PEM public key).  The default conversion format is
        “RFC4716”.  Setting a format of “PEM” when generating or updating
        a supported private key type will cause the key to be stored in
        the legacy PEM private key format.

和PuTTY使用的默认值ssh-keygen实际上是相同的(RFC4716),只是文件id_rsa.pub将其放在一行上,这正是authorized_keys文件所期望的。

示例键

例如,我将在 Debian 10 中生成一个新密钥:

user@disp8452:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:lrwmOoBF1PEtDbbVkFwREgWqdJlH5ViEYzQpUAyPyNY user@disp8452
The key's randomart image is:
+---[RSA 2048]----+
| ...+*+oX&Oo     |
| ..o.=o@B*.      |
| .+ E Xo=..      |
| ... o + .       |
| o  .   S        |
|. .    . .       |
|   .  . o        |
|    .. o         |
|    ..           |
+----[SHA256]-----+
user@disp8452:~$ cat /home/user/.ssh/id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzU4exWqu4tsgWIJleq1AJ98cGHswD80cphWYOasspBoOPgdv1rljgb9PFAQX19X+rofYi+aYd1glP8BhRC3rt4zE26J54h8tt46DBT1TkFPJ2O3ULhLSqcv9zENGkGB0bfXkvhI0p/tP4b1a0NnvmNME9i6qyo8/7mPLovaKwP1qkd7/a+p1DQr2XoId9U6G4rx0TKsvhbjmDvaCWAm4c5LT3WbQHh301DWiwsN8xn8LkxaO4GtdIqxHOyj7lmQZGw8ixuvoIY/FjgXhSPGmaWLyz2o45TrTNP7vWxWqgcDi2CegziD67+UN4tBZvB9HwR6V3aaCrV59H15ukAtK1 user@disp8452
user@disp8452:~$

RFC4716

您可以以 PuTTY RFC4716 格式获取它,如下所示:

user@disp8452:~$ ssh-keygen -ef /home/user/.ssh/id_rsa -mRFC4716
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "2048-bit RSA, converted by user@disp8452 from OpenSSH"
AAAAB3NzaC1yc2EAAAADAQABAAABAQCzU4exWqu4tsgWIJleq1AJ98cGHswD80cphWYOas
spBoOPgdv1rljgb9PFAQX19X+rofYi+aYd1glP8BhRC3rt4zE26J54h8tt46DBT1TkFPJ2
O3ULhLSqcv9zENGkGB0bfXkvhI0p/tP4b1a0NnvmNME9i6qyo8/7mPLovaKwP1qkd7/a+p
1DQr2XoId9U6G4rx0TKsvhbjmDvaCWAm4c5LT3WbQHh301DWiwsN8xn8LkxaO4GtdIqxHO
yj7lmQZGw8ixuvoIY/FjgXhSPGmaWLyz2o45TrTNP7vWxWqgcDi2CegziD67+UN4tBZvB9
HwR6V3aaCrV59H15ukAtK1
---- END SSH2 PUBLIC KEY ----
user@disp8452:~$

BEGIN请注意,指纹行实际上是相同的,因此您只需删除、Comment和行即可手动在 PuTTY 输出的多行格式和单行格式之间进行转换END。然后删除换行符并在其前面添加ssh-rsa

PKCS8

为了完整起见,这是上面密钥的 PKCS8 格式:

user@disp8452:~$ ssh-keygen -ef /home/user/.ssh/id_rsa -mPKCS8
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1OHsVqruLbIFiCZXqtQ
CffHBh7MA/NHKYVmDmrLKQaDj4Hb9a5Y4G/TxQEF9fV/q6H2IvmmHdYJT/AYUQt6
7eMxNuieeIfLbeOgwU9U5BTydjt1C4S0qnL/cxDRpBgdG315L4SNKf7T+G9WtDZ7
5jTBPYuqsqPP+5jy6L2isD9apHe/2vqdQ0K9l6CHfVOhuK8dEyrL4W45g72glgJu
HOS091m0B4d9NQ1osLDfMZ/C5MWjuBrXSKsRzso+5ZkGRsPIsbr6CGPxY4F4Ujxp
mli8s9qOOU60zT+71sVqoHA4tgnoM4g+u/lDeLQWbwfR8Eeld2mgq1efR9ebpALS
tQIDAQAB
-----END PUBLIC KEY-----
user@disp8452:~$

质子交换膜

PEM 格式如下:

user@disp8452:~$ ssh-keygen -ef /home/user/.ssh/id_rsa -mPEM
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAs1OHsVqruLbIFiCZXqtQCffHBh7MA/NHKYVmDmrLKQaDj4Hb9a5Y
4G/TxQEF9fV/q6H2IvmmHdYJT/AYUQt67eMxNuieeIfLbeOgwU9U5BTydjt1C4S0
qnL/cxDRpBgdG315L4SNKf7T+G9WtDZ75jTBPYuqsqPP+5jy6L2isD9apHe/2vqd
Q0K9l6CHfVOhuK8dEyrL4W45g72glgJuHOS091m0B4d9NQ1osLDfMZ/C5MWjuBrX
SKsRzso+5ZkGRsPIsbr6CGPxY4F4Ujxpmli8s9qOOU60zT+71sVqoHA4tgnoM4g+
u/lDeLQWbwfR8Eeld2mgq1efR9ebpALStQIDAQAB
-----END RSA PUBLIC KEY-----
user@disp8452:~$

相关内容