由于每次登入伺服器都要輸入密碼比較麻煩,今天信手拈來:
fanshengshuai >>> ssh-keygen -t dsa 18-11-20 9:48
Generating public/private dsa key pair.
Enter file in which to save the key (/home/fanshengshuai/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/fanshengshuai/.ssh/id_dsa.
Your public key has been saved in /home/fanshengshuai/.ssh/id_dsa.pub.
The key fingerprint is:
SHA256:Drq2qj+9VYIQBvXj9j2BGfHCUNAjcNe70eVTGh48C8c [email protected]
The key's randomart image is:
+---[DSA 1024]----+
|.o=.+++. o |
| . +.+oo. . E . |
| . o.+..o * B |
| o o =o . * |
| + = So . |
| . o *.. |
| .. o + |
| . oo . |
|.oo++o |
+----[SHA256]-----+
等我把
~/.ssh/id_dsa.pub
内容儲存到伺服器後,竟然登入不上,
ssh -v
之後,發現了這個提示:
debug1: Skipping ssh-dss key /home/fanshengshuai/.ssh/id_dsa - not in PubkeyAcceptedKeyTypes
網上搜尋了一下,才知道 OpenSSH 7.0 以上已經預設關閉了 ssh-dss 了,我們看一下我們的 ssh 版本:
fanshengshuai >>> ssh -V 18-11-20 10:07
OpenSSH_7.9p1, OpenSSL 1.1.1 11 Sep 2018
已經是 7.9 了,我們用下面的方法把 ssh-dss 打開:
fanshengshuai >>> sudo vim /etc/ssh/ssh_config
注意是 ssh_config,本地的配置檔案,不是伺服器上的 sshd_config。
找到
# Host *
把注釋去掉,然後下面添加一句:
PubkeyAcceptedKeyTypes=+ssh-dss
,完成後這個樣子:
Host *
PubkeyAcceptedKeyTypes=+ssh-dss
儲存以後,就可以用 dsa 登入伺服器了。
其實,我們想一下,OpenSSH 為什麼放棄了DSA?一定有他的問題,下面是對他的引用:
Starting with the 7.0 release of OpenSSH, support for ssh-dss keys has
been disabled by default at runtime due to their inherit weakness. If
you rely on these key types, you will have to take corrective action or
risk being locked out.
Your best option is to generate new keys using strong algos such as rsa
or ecdsa or ed25519. RSA keys will give you the greatest portability
with other clients/servers while ed25519 will get you the best security
with OpenSSH (but requires recent versions of client & server).
If you are stuck with DSA keys, you can re-enable support locally by
updating your sshd_config and ~/.ssh/config files with lines like so:
PubkeyAcceptedKeyTypes=+ssh-dss
Be aware though that eventually OpenSSH will drop support for DSA keys
entirely, so this is only a stop gap solution.
More details can be found on OpenSSH’s website:
http://www.openssh.com/legacy.html
是以還是盡量選擇支援的加密方式為好。
![linux-svn解除安裝與安裝[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)