Linux 健全性检查 SSH 公钥?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/16336169/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Sanity check SSH public key?
提问by Andrew Tomazos
I have asked users for their public "id_rsa.pub" ssh key, that I then place in "/home/theiraccount/.ssh/authorized_keys", so they can login to the server by SSH. I'd like to automate this process.
我已经向用户询问了他们的公共“id_rsa.pub”ssh 密钥,然后我将其放在“/home/theiraccount/.ssh/authorized_keys”中,以便他们可以通过 SSH 登录到服务器。我想自动化这个过程。
Is there anyway to sanity check the string they give me (programmatically or otherwise)? I want to verify that sshd can read the text and that it actually looks like a valid public key (and hasn't been corrupted)?
无论如何都要检查他们给我的字符串(以编程方式或其他方式)?我想验证 sshd 是否可以读取文本并且它实际上看起来像一个有效的公钥(并且没有被损坏)?
Put another way, what is the format of the id_rsa.pubfile? If someone enters it in a field what can I write in the form handler script to verify that it is complete and correct?
换句话说,id_rsa.pub文件的格式是什么?如果有人在字段中输入它,我可以在表单处理程序脚本中写什么来验证它是否完整和正确?
回答by mata
ssh-keygencan be used to calculate the fingerprint of a key file, which will fail if you don't pass it a key:
ssh-keygen可用于计算密钥文件的指纹,如果您不向其传递密钥,则会失败:
ssh-keygen -l -f id_rsa.pub
Another possibility would be ssh-vulnkey, that would have the advantage of checking the keys against the blacklist of known compromised keys at the same time.
另一种可能性是ssh-vulnkey,这将具有同时根据已知泄露密钥的黑名单检查密钥的优势。
