将 ssh 密钥移动到 root 拥有的位置

Question

SSH 公钥文件

是的，~/.ssh/authorized_keys如果您在中指定它，它仍将起作用/etc/ssh/sshd_config。查看sshd_配置手册页：

 AuthorizedKeysFile
         Specifies the file that contains the public keys that can be used for user
         authentication.  The format is described in the AUTHORIZED_KEYS FILE FORMAT section
         of sshd(8).  AuthorizedKeysFile may contain tokens of the form %T which are
         substituted during connection setup.  The following tokens are defined: %% is
         replaced by a literal '%', %h is replaced by the home directory of the user being
         authenticated, and %u is replaced by the username of that user.  After expansion,
         AuthorizedKeysFile is taken to be an absolute path or one relative to the user's
         home directory.  Multiple files may be listed, separated by whitespace.  Alternately
         this option may be set to “none” to skip checking for user keys in files.  The
         default is “.ssh/authorized_keys .ssh/authorized_keys2”.

但你必须将钥匙存放在文件不是目录。

更改 sshd 配置时，当前 ssh 会话不会停止工作。因此，您可以更改配置，重新启动 sshd 并测试新配置。

# edit the configuration
$ sudo vi /etc/ssh/sshd_config

# restart the sshd
$ sudo systemctl restart sshd.service

# test from your remote hosts
$ ssh -i somenewkey root/user@ec2host

来自 LDAP 的 SSH 公钥

通过中央实例管理 SSH 公钥的一种方法是使用 LDAP 服务器。这邮政描述了身份验证工作的基本要求。还有一些不错的脚本管理存储的公钥。主要缺点是，您需要设置和管理 LDAP 服务器（使用加密、证书等），并且该服务器可从所有 VM 或容器实例访问。

Answer 1

SSH 公钥文件

是的，~/.ssh/authorized_keys如果您在中指定它，它仍将起作用/etc/ssh/sshd_config。查看sshd_配置手册页：

 AuthorizedKeysFile
         Specifies the file that contains the public keys that can be used for user
         authentication.  The format is described in the AUTHORIZED_KEYS FILE FORMAT section
         of sshd(8).  AuthorizedKeysFile may contain tokens of the form %T which are
         substituted during connection setup.  The following tokens are defined: %% is
         replaced by a literal '%', %h is replaced by the home directory of the user being
         authenticated, and %u is replaced by the username of that user.  After expansion,
         AuthorizedKeysFile is taken to be an absolute path or one relative to the user's
         home directory.  Multiple files may be listed, separated by whitespace.  Alternately
         this option may be set to “none” to skip checking for user keys in files.  The
         default is “.ssh/authorized_keys .ssh/authorized_keys2”.

但你必须将钥匙存放在文件不是目录。

更改 sshd 配置时，当前 ssh 会话不会停止工作。因此，您可以更改配置，重新启动 sshd 并测试新配置。

# edit the configuration
$ sudo vi /etc/ssh/sshd_config

# restart the sshd
$ sudo systemctl restart sshd.service

# test from your remote hosts
$ ssh -i somenewkey root/user@ec2host

来自 LDAP 的 SSH 公钥

通过中央实例管理 SSH 公钥的一种方法是使用 LDAP 服务器。这邮政描述了身份验证工作的基本要求。还有一些不错的脚本管理存储的公钥。主要缺点是，您需要设置和管理 LDAP 服务器（使用加密、证书等），并且该服务器可从所有 VM 或容器实例访问。

将 ssh 密钥移动到 root 拥有的位置

答案1

SSH 公钥文件

来自 LDAP 的 SSH 公钥

相关内容