将ssh公钥保存在自定义游民箱中的最佳方法是什么?

时间:2019-10-20 08:06:17

标签: ssh vagrant

我经常看到非官方文件说,在创建如下所示的框时,您应该保存vagrant用户的ssh公钥:

curl https://raw.githubusercontent.com/mitchellh/vagrant/master/keys/vagrant.pub >> /home/vagrant/.ssh/authorized_keys

vagrant up出现框时,将显示以下消息:

default: Vagrant insecure key detected. Vagrant will automatically replace
default: this with a newly generated keypair for better security.
default: 
default: Inserting generated public key within guest...
default: Removing insecure key from the guest if it's present...
default: Key inserted! Disconnecting and reconnecting using new SSH key...

在我看来,米切尔(Mitchellh)上方的vagrant.pub键不合适。

保存vagrant用户的ssh公钥的最佳方法是什么?

1 个答案:

答案 0 :(得分:1)

您在raw.githubusercontent.com上指向的密钥是一个不可用的示例。

返回的消息似乎表明自动生成了另一个密钥对

default: Inserting generated public key within guest...
default: Removing insecure key from the guest if it's present...
default: Key inserted! Disconnecting and reconnecting using new SSH key...

因此,如果一切正常,您的容器现在在/home/vagrant/.ssh/authorized_keys中使用新的公钥,而您的本地主机在{{ 1}}。

将此文件与最初下载的文件进行比较,查看两个文件的修改时间(在本地主机上和在无业游民的容器中)

构建您自己的密钥

只需运行:

$HOME/.ssh/id_rsa

有关{em>密钥长度,密码等,请参见ssh-keygen -f ~/.ssh/vagrant-dedicated

示例输出:

  • 对话框:

    man ssh-keygen

  • 简单输出:

    Enter passphrase (empty for no passphrase): 
Enter same passphrase again:

这将创建两个文件:

Generating public/private rsa key pair.
Your identification has been saved in vagrant-dedicated.
Your public key has been saved in vagrant-dedicated.pub.
The key fingerprint is:
SHA256:U2YfVbMlCUed7tXrvf3xBQoLB3glpSpto4hwdjTKwV0 user @host  
The key's randomart image is:
+---[RSA 2048]----+
|      E ..o .o==+|
| . . . . +   o.o=|
|  o + . + + . ...|
| . + o o = . . .o|
|. = o = S o . o o|
|.+ o + . + o . + |
|. . .     . . ..o|
|               .*|
|               .*|
+----[SHA256]-----+

ls -l ~/.ssh/vagrant-dedicated* -rw------- 1 user user 1679 Oct 20 12:18 vagrant-dedicated -rw-r--r-- 1 user user 394 Oct 20 12:18 vagrant-dedicated.pub head -n1 ~/.ssh/vagrant-dedicated* ==> vagrant-dedicated <== -----BEGIN RSA PRIVATE KEY----- ==> vagrant-dedicated.pub <== ssh-rsa AAAAB3...0y/5 user@host 的内容替换容器/home/vagrant/.ssh/authorized_keys的内容,然后使用~/.ssh/vagrant-dedicated.pub作为ssh连接的私钥。

vagrant-dedicated

关于指纹的注意事项

在第一次连接到新的目标主机之前,ssh -i ~/.ssh/vagrant-dedicated vagrant@container 会提示您主机的指纹。

您可以比较

的输出 
ssh

在带有第一个连接输出的输出的目标无业游民的容器上

ssh-keygen -vlf /etc/ssh/ssh_host_rsa_key.pub

首次运行将开始输出,例如:

ssh -o VisualHostKey=true -i ~/.ssh/vagrant-dedicated vagrant@container

然后是 指纹 ,类似

The authenticity of host 'container (10.12.34.56)' can't be established.

Ascii art 表示形式:

ECDSA key fingerprint is SHA256:9M+2wGn0nZO3GPYkWuuxzXqI3nIbk5IJJ5xwhsxwbXk

两个命令必须具有相同的指纹 ascii艺术

相关问题
最新问题