Zak*_*Zak 7 linux ssh-keys ssh-keygen
$ ssh-keygen --help
ssh-keygen: unrecognized option: -
usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa]
[-N new_passphrase] [-C comment] [-f output_keyfile]
ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]
ssh-keygen -i [-m key_format] [-f input_keyfile]
ssh-keygen -e [-m key_format] [-f input_keyfile]
ssh-keygen -y [-f input_keyfile]
ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]
ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]
ssh-keygen -B [-f input_keyfile]
ssh-keygen -D pkcs11
ssh-keygen -F hostname [-f known_hosts_file] [-l]
ssh-keygen -H [-f known_hosts_file]
ssh-keygen -R hostname [-f known_hosts_file]
ssh-keygen -r hostname [-f input_keyfile] [-g]
ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point]
ssh-keygen -T output_file -f input_file [-v] [-a rounds] [-J num_lines]
[-j start_line] [-K checkpt] [-W generator]
ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals]
[-O option] [-V validity_interval] [-z serial_number] file ...
ssh-keygen -L [-f input_keyfile]
ssh-keygen -A
ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number]
file ...
ssh-keygen -Q -f krl_file file ...
您可能会注意到ssh-keygen -A明显缺少文档。
$ ssh-keygen -A
ssh-keygen: generating new host keys: RSA DSA ECDSA ED25519
它似乎正在生成 (A)ll 密钥文件,但我在/root/.ssh/. 只是为了确认,我ssh-keygen没有选择地运行,通过所有提示输入,并且我按预期获得了密钥。
所以问题是,“到底发生了什么?”
这在ssh-keygen手册中有记录:
-A对于不存在主机密钥的每种密钥类型(rsa1、rsa、dsa、ecdsa 和 ed25519),使用默认密钥文件路径、空密码、密钥类型的默认位和默认注释生成主机密钥. 系统管理脚本使用它来生成新的主机密钥。
因此,如果您的系统还没有主机密钥,ssh-keygen -A将创建它们。 重新创建主机密钥将导致您的 SSH 客户端抱怨主机的密钥指纹在您下次连接到机器时发生了更改,并且...
Are you sure you want to continue connecting (yes/no)?
(假设您之前已经使用 SSH 成功连接到机器)