前陣子在幫同事丟 SSH Public Key 到設備後遇到一直無法驗證 Public Key 的情況,依稀記得以前有用過可以拿 Private Key 去驗證 Public Key 是否同一把,但是隨著時間流失就忘了 … 才發現 Blog 沒寫到這件事,剛好記錄下來。
使用方式很簡單,先產生一對 RSA Key
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): demo
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in test.
Your public key has been saved in test.pub.
The key fingerprint is:
SHA256:1biOIkmaRpNF5NErMjUXNI2WIR6C5aPozFVxIFMzKTE root@shazi.info
The key's randomart image is:
+---[RSA 2048]----+
| ooEOOBB |
|.. **=@.. o |
| o.== . o . |
|..o+o . . . |
|o ++.. S . |
|+..= . o |
| ++ o . . . |
| . . . |
| |
+----[SHA256]-----+
$ ls
demo demo.pub然後一樣用 ssh-keygen 拿 private key 產生 public key。
$ ssh-keygen -y -f demo
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDEehUYmDtDCjMVtI7nrsjYVXuq9+3YGki/DbBY2HBbgby4QqbXe3zZxaOqfvCRqmfj5Dt2TiGibKsMS/5ZYNlXByAe8yIUCGH3VPL9faLs7OlzMKTCVtMw7EWs0EuSS4Z90K2cesVy9NrtSp7wSYj1/abF/wZpbX4CwjvSGjZLd3WMC4az7xQq0ogkktnMt8dx554uZQP9yPedbpJLJDJI8Cew9OiadJ7LIR42aQ6SSWrcTV67qlO02PmXERLjuYHhVnIFffA5dqOrL4CI1tkrq0PMj9RnEzLpL5711Ce/WAiwKFfC3uNRMqTkt5YqCPkmSAfMW08Atln/d2/piN4L
$ cat demo.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDEehUYmDtDCjMVtI7nrsjYVXuq9+3YGki/DbBY2HBbgby4QqbXe3zZxaOqfvCRqmfj5Dt2TiGibKsMS/5ZYNlXByAe8yIUCGH3VPL9faLs7OlzMKTCVtMw7EWs0EuSS4Z90K2cesVy9NrtSp7wSYj1/abF/wZpbX4CwjvSGjZLd3WMC4az7xQq0ogkktnMt8dx554uZQP9yPedbpJLJDJI8Cew9OiadJ7LIR42aQ6SSWrcTV67qlO02PmXERLjuYHhVnIFffA5dqOrL4CI1tkrq0PMj9RnEzLpL5711Ce/WAiwKFfC3uNRMqTkt5YqCPkmSAfMW08Atln/d2/piN4L root@shazi.info兩把 Public Key 必須是相同的,後面的「root@shazi.info」為 comment