HostKeyAlgorithms | KexAlgorithms | FingerprintHash
Intro
RFC4252 - The Secure Shell (SSH) Authentication Protocol
SSH - OpenBSD manual page server
ssh_config — OpenSSH SSH client configuration files
ssh
$ ssh user@host.comssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface] [-b bind_address] [-c cipher_spec] [-D [bind_address:]port] [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11] [-i identity_file] [-J destination] [-L address] [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address] [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]] destination [command]
Debug level 3:
$ ssh user@host.com -vvvOptions
HostKeyAlgorithms - 選用加密演算法
可以選擇 SSH 的 Key 加密演算法 :
$ ssh -o HostKeyAlgorithms=ssh-ed25519 user@host.com查看可用 HostKeyAlgorithms:
$ ssh -Q keyKexAlgorithms - 選用 Key Exchange
可以選擇 SSH 的 Key Exchange 演算法:
$ ssh -o KexAlgorithms=diffie-hellman-group14-sha256 user@host.com查看可用 KexAlgorithms:
$ ssh -Q kexFingerprintHash - 指紋格式
指定 verbose 顯示的 Fingerprint 格式
$ ssh -v -o FingerprintHash=md5 user@host.comssh-keygen
$ ssh-keygenusage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1] [-N new_passphrase] [-C comment] [-f output_keyfile] ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile] ssh-keygen -i [-m key_format] [-f input_keyfile] ssh-keygen -e [-m key_format] [-f input_keyfile] ssh-keygen -y [-f input_keyfile] ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile] ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile] ssh-keygen -B [-f input_keyfile] ssh-keygen -D pkcs11 ssh-keygen -F hostname [-f known_hosts_file] [-l] ssh-keygen -H [-f known_hosts_file] ssh-keygen -R hostname [-f known_hosts_file] ssh-keygen -r hostname [-f input_keyfile] [-g] ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point] ssh-keygen -T output_file -f input_file [-v] [-a rounds] [-J num_lines] [-j start_line] [-K checkpt] [-W generator] ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals] [-O option] [-V validity_interval] [-z serial_number] file ... ssh-keygen -L [-f input_keyfile] ssh-keygen -A ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number] file ... ssh-keygen -Q -f krl_file file ...
演算法相關
選用演算法
ssh-keygen [-t dsa | ecdsa | ed25519 | rsa | rsa1]
ssh-keygen -t ecdsaServer產生Fingerprint
Server端可以利用ssh-keygen的-l參數來產生fingerprint:
$ ssh-keygen -lf /path/to/ssh/key選用fingerprint_hash:
ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]
$ ssh-keygen -E md5 -lf <fileName>known_hosts
移除 ~/.ssh/known_hosts 中指定網域
$ ssh-keygen -R example.comClinet 端設定
可以參考: SSH Config 連線設定檔指南