tech:ssh_clefs
Table des matières
Notes clefs SSH
Création de la paire de clefs
Création de la paire de clefs par script
if [ ! -e ~/.ssh/id_rsa ] then ssh-keygen -q -N "" < /dev/zero fi
SSH Générer une clef publique à partir d'une clef privée
Create Public Key from Private
ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub
Emprunte (Fingerprint) de la clef SSH
ssh-keygen -lf ~/.ssh/id_rsa.pub ssh-keygen -E md5 -lf ~/.ssh/id_rsa.pub
Ou
ssh-add ~/.ssh/id_rsa_jbl2 ssh-add -l ssh-add -L | ssh-keygen -E md5 -lf -
Pour une clef pem générée via AWS (à partir de la clef privée)
openssl pkcs8 -in /home/jibe/.ssh/id_rsa_jbl2 -nocrypt -topk8 -outform DER | openssl sha1 -c
Pb
Pb userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes
Voir
/var/log/auth.log
Jan 23 22:40:37 server1 sshd[26567]: userauth_pubkey: key type ssh-dss not in PubkeyAcceptedKeyTypes [preauth]
/etc/ssh/sshd_config
PubkeyAcceptedKeyTypes=+ssh-dss
ssh-keygen -t ecdsa #ssh-keygen -t ecdsa -b 521
Err no mutual signature algorithm
$ ssh -v old-rhel5 ... debug1: send_pubkey_test: no mutual signature algorithm ...
Solution (contournement)
PubkeyAcceptedKeyTypes +ssh-rsa
~/.ssh/config
Host old-rhel5 Hostname 192.168.1.20 KexAlgorithms +diffie-hellman-group1-sha1,diffie-hellman-group14-sha1 HostKeyAlgorithms +ssh-rsa PubkeyAcceptedKeyTypes +ssh-rsa
tech/ssh_clefs.txt · Dernière modification : de Jean-Baptiste