我有 Linux 服务器运行sshd。
如何hostkey从 Linux 服务器提供到plink.exeWindows 上?
例如:跑步 plink.exe -ssh -batch -m plink.tmp -hostkey ...
您可以使用 plink 本身来获取主机密钥:
c:\> plink -v -batch host
Connecting to 1.2.3.4 port 22
We claim version: SSH-2.0-PuTTY_Release_0.68
Server version: SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.1
Using SSH protocol version 2
Doing ECDH key exchange with curve Curve25519 and hash SHA-256
Server also has ssh-ed25519/ecdsa-sha2-nistp256 host keys, but we don't know any of them
Host key fingerprint is:
ssh-rsa 2048 c6:e7:49:ec:07:5b:30:02:d9:57:dd:7f:39:e3:f3:35
Initialised AES-256 SDCTR client->server encryption
Initialised HMAC-SHA-256 client->server MAC algorithm
Initialised AES-256 SDCTR server->client encryption
Initialised HMAC-SHA-256 server->client MAC algorithm
Disconnected: Unable to authenticate
-v附加信息需要参数(verbose),-batch确保 plink 无需登录即可直接退出(只要不提供用户名和密码)。
在您找到的输出中Host key fingerprint is:,后跟十六进制格式的指纹,在本例中:
c6:e7:49:ec:07:5b:30:02:d9:57:dd:7f:39:e3:f3:35
这是您必须提供的字符串plink -hostkey以确认目标主机实际上是它声称的主机。
您可以通过运行以下命令从目标主机本身获取密钥的指纹:
$ ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
2048 00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff /etc/ssh/ssh_host_rsa_key.pub (RSA)
更高版本ssh-keygen默认为 SHA-256,因此您可以通过以下方式获得原始 MD5 行为:
$ ssh-keygen -l -E md5 -f /etc/ssh/ssh_host_rsa_key.pub
2048 MD5:00:11:22:33:44:55:66:77:88:99:aa:bb:cc:dd:ee:ff /etc/ssh/ssh_host_rsa_key.pub (RSA)
只需去掉MD5:前缀即可。HostKey根据中指令的值调整键的路径/etc/ssh/sshd_config。