如何在Linux/UNIX上更改或者更新SSH密钥密码短语
时间:2020-02-23 14:30:26 来源:igfitidea点击:
让我们看看如何在Linux系统上更新或者更改SSH密钥密码短语。
SSH键通常用于对用户进行身份验证到某种信息系统。
SSH键自己是私钥;使用从密码级派生的对称加密密钥进一步加密私钥。
很容易在Linux/UNIX系统上更改SSH密钥密码短语。
什么是ssh密钥密码?
密码短语类似于密码,用于保护SSH私钥免于未经授权的访问和使用情况。
始终建议为SSH键设置一个强大的密码,至少15个,最好是20个字符,并且难以猜测。
如何在Linux/UNIX上更改或者更新SSH密钥密码短语
有时我们可能需要更新SSH密钥密码短语,如果我们在生成SSH键时未设置,则会设置一个。
作为一个例子,让我们在没有密码短语的情况下生成ssh键:
# ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:1gSD3mPgxaD0C88YLU+TdYs2T3nBO5ttK5Jj0bvz0gs Hyman@theitroad The key's randomart image is: +---[RSA 2048]----+ | . .++ ... | | . +ooo= o.. | | =o*++ = .. | | Xo++* .o | | . =.S.o. = | | . . + o | | oE+ . | | = =.o | | . o.*o. | +----[SHA256]-----+
现在使用下面的命令设置密码短语:
# ssh-keygen -p -f ~/.ssh/id_rsa Enter new passphrase (empty for no passphrase): <Enter passphrase> Enter same passphrase again:<Retype passphrase> Your identification has been saved with the new passphrase.
如果使用私钥的自定义路径,请更换 ~/.ssh/id_rsa使用私钥的路径。
重置密码时相同的命令适用,我们将被要求旧的,并将新的命令设置。
# ssh-keygen -p -f ~/.ssh/id_rsa Enter old passphrase: <Enter old passphrase> Enter new passphrase (empty for no passphrase): <Enter new passphrase> Enter same passphrase again: <Retype new passphrase> Your identification has been saved with the new passphrase.
测试新密码
要测试新密码是工作的,将SSH公钥复制到远程服务器并尝试使用它进行SSH。
$ssh-copy-id Hyman@theitroad Enter passphrase for key '/home/jmutai/.ssh/id_rsa': Now try logging into the machine, with "ssh 'Hyman@theitroad'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting.
保存私钥密码
使用SSH,我们可以配置身份验证代理以保存密码,以便每次使用SSH键时都不必重新输入密码。
# Start agent on demand eval $(ssh-agent) # Add default key ssh-add # List keys ssh-add -l # Add specific key ssh-add ~/.ssh/id_rsa # Add with timeout ssh-add -t 3600 ~/.ssh/id_rsa # Drop keys ssh-add -D
