如何从 SSH 私钥中检索公钥?
Lek*_*eyn 521 ssh command-line
生成的 SSH 私钥ssh-keygen包含公钥部分。如何从私钥中检索此公钥?我丢失了我的公钥,需要将此公钥的内容放在服务器authorized_keys文件中,并且不想创建新的密钥对。
或者说:如何id_rsa.pub从id_rsa文件创建文件?
Lek*_*eyn 789
我在 Server Fault: Create a public SSH key from the private key上找到了答案?
该选项-y输出公钥:
ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub
作为旁注,公钥的注释丢失了。我有一个需要评论的网站(Launchpad?),所以您需要编辑~/.ssh/id_rsa.pub评论并将评论附加到第一行,评论和关键数据之间有一个空格。下面显示了一个示例公钥。
ssh-rsa AAAA..../VqDjtS5 ubuntu@ubuntu
对于添加到 SSH 代理的密钥(在后台运行并避免需要一遍又一遍地重新输入密钥文件密码的程序),您可以使用该ssh-add -L命令列出添加到的密钥的公钥代理(通过ssh-add -l)。当 SSH 密钥存储在智能卡上(并且无法访问私钥文件)时,这很有用。
- @MarkMikofski 不需要`sudo`,你应该已经拥有私钥了。否则你一开始就无法阅读它。 (14认同)
- @Lekensteyn 谢谢,你当然是对的!。还建议使用 `400`,因为不需要写入键入私钥文件。更正的命令应该是`$ chmod 400 ~/.ssh/id_rsa` (8认同)
- 请注意,您的私钥文件`~/.ssh/id_rsa` 必须限制为您的用户名。使用`$ sudo chmod 600 ~/.ssh/id_rsa`并输入你的root凭据来限制它,然后你就可以输出公钥文件了。否则您将收到不受限制的私钥文件警告。 (2认同)
小智 15
This is a solution is specifically for users using Windows to SSH into their remote machines, including cloud images on Amazon AWS and GCE.
(Disclaimer)
I recently used this solution to remote log in to new deployed VM images on GCE.
Tools used:
Steps to perform:
- Generate a public/private key pair using puttygen.
- Upload a public key to your server in the cloud or remote location.
Description (how to do it):
Generate a key/pair or use an existing private key:
If you have a private key:
Open puttygen, press load button and select your private key (*.pem) file.
If you do not have a private key:
- Open puttygen,
- Select the desired key type SSH2 DSA (you may use RSA or DSA) within the Parameters section... and it is important that you leave the passphrase field blank,
- Press generate and follow instructions to generate (public/private) key pair.
Create a new 'authorized_keys' file (with Notepad):
Copy your public key data from the "Public key for pasting into OpenSSH authorized_keys file" section of the PuTTY Key Generator, and paste the key data to the "authorized_keys" file.
Make sure there is only one line of text in this file.
Upload the key to a Linux server:
- Open WinSCP,
- Select the SFTP file protocol and log in with your SSH credentials.
- On success, you see the home directory structure at your remote machine.
Upload authorized_keys file to the home directory at the remote machine.
Set proper permissions:
Make a
.sshdirectory (if it does not exist)Copy the
authorized_keysfile to the .ssh directory (this will replace any existingauthorized_keysfile; take note of this).If the file exists, simply add the contents of this file to the existing file.
Run commands to set permissions:
Run Code Online (Sandbox Code Playgroud)sudo chmod 700 .ssh && chmod 600 .ssh/authorized_keys
Now you will be able to ssh into a remote machine without entering credentials every time.
Further reading:
- 尽管您的回答与问题并不真正相关,但由于您的热情,我投了赞成票。 (3认同)