ssh登录远程服务器一般有密码验证和免输入密码的密钥验证两种方式。
都知道使用密钥登陆的话是需要生成一对密钥,然后将公钥放在服务器上.ssh/authorized_keys文件中,如果有多人登陆的话,将多人的id_rsa.pub文件中公钥内容按行全部放入该文件中就行了。本地主机登陆的时候会首先读取ssh客户端配置内容,然后找到私钥id_rsa文件,进行配对,过程如下:
debug1: Authenticating to xx.xx.xx.xx:22 as 'username'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256@libssh.org
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:3b9yRpz12sKEd46UZUnlr5thICYoj/fIkpjkaBk0UKI
debug1: Host 'xx.xx.xx.xx' is known and matches the ECDSA host key.
debug1: Found key in /home/gikor/.ssh/known_hosts:5
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/gikor/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: Authentication succeeded (publickey).
之后就成功登陆了远程服务器。
但是一台本地主机需要维护多台远程服务器的话,如果生成多个公钥密钥对的话本地文件肯定重名,怎么办呢?其实公钥之所谓公钥,就是公开的密钥,只需要在本地生成一对公钥私钥然后将公钥分别放在多台远程服务器上就行了!
自己理解的密钥加密过程:
