我无法理解 SSH 代理如何引用它正在使用的密钥。
我有四个带有以下注释的 SSH 密钥:
$ tail -n +1 *.pub
==> github_id_ed25519.pub <==
ssh-ed25519 ... mygithubusername@myhost
==> id_ecdsa.pub <==
ecdsa-sha2-nistp521 ... me@myhost
==> id_ed25519.pub <==
ssh-ed25519 ... me@myhost
==> id_rsa.pub <==
ssh-rsa ... me@myhost
我将这些密钥添加到 SSH 代理(带有确认-c选项):
$ ssh-add -c github_id_ed25519 id_ecdsa id_ed25519 id_rsa
Enter passphrase for github_id_ed25519 (will confirm each use):
Identity added: github_id_ed25519 (mygithubusername)
The user must confirm each use of the key
Identity added: id_ecdsa (id_ecdsa)
The user must confirm each use of the key
Identity added: id_ed25519 (me@myhost)
The user must confirm each use of the key
Identity added: id_rsa (id_rsa)
The user must confirm each use of the key
我列出了所有添加的键:
$ ssh-add -l
256 SHA256:... mygithubusername (ED25519)
521 SHA256:... id_ecdsa (ECDSA)
256 SHA256:... me@myhost (ED25519)
4096 SHA256:... id_rsa (RSA)
SSH 代理从哪里获得用于引用密钥的名称?
它似乎使用:
很难理解这一点。使用密钥的文件名将是最直接的,但现在它只是一团糟。目前,每次我使用 SSH 登录并收到确认对话框时,要弄清楚它实际尝试使用的是哪个密钥并不容易。
ssh-add attempts to read the comment in the private key file. If it fails, it uses the filename as a comment for further prompts:
From ssh-add.c:add_file() :
if (comment == NULL || *comment == '\0')
comment = xstrdup(filename);
I'd suspect that any identities using the filename as the comment had no comment originally saved with the key, even if one was manually edited in to the public key file at a later date. The ssh-keygen manual page implies that there is no way to change or add a comment in the private key file on any non-deprecated key formats:
-c Requests changing the comment in the private and public key files. This
operation is only supported for RSA1 keys.
| 归档时间: |
|
| 查看次数: |
900 次 |
| 最近记录: |