[Linux] SSH Manual – SSH 使用指南

Intro

RFC4252 – The Secure Shell (SSH) Authentication Protocol

SSH – OpenBSD manual page server

ssh_config — OpenSSH SSH client configuration files

ssh

$ ssh user@host.com

ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface] [-b bind_address] [-c cipher_spec] [-D [bind_address:]port] [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11] [-i identity_file] [-J destination] [-L address] [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address] [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]] destination [command]

Debug level 3:

$ ssh user@host.com -vvv

演算法相關

連線選用Key Type

可以選擇SSH的Key type以及設定Fingerprint的格式:

  • HostKeyAlgorithms
  • FingerprintHash
$ ssh -o HostKeyAlgorithms=ssh-ed25519 -o FingerprintHash=md5 user@host.com

查看可用HostKeyAlgorithms:

$ ssh -Q key

ssh-keygen

$ ssh-keygen

usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1]
[-N new_passphrase] [-C comment] [-f output_keyfile]
ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]
ssh-keygen -i [-m key_format] [-f input_keyfile]
ssh-keygen -e [-m key_format] [-f input_keyfile]
ssh-keygen -y [-f input_keyfile]
ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]
ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]
ssh-keygen -B [-f input_keyfile]
ssh-keygen -D pkcs11
ssh-keygen -F hostname [-f known_hosts_file] [-l]
ssh-keygen -H [-f known_hosts_file]
ssh-keygen -R hostname [-f known_hosts_file]
ssh-keygen -r hostname [-f input_keyfile] [-g]
ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point]
ssh-keygen -T output_file -f input_file [-v] [-a rounds] [-J num_lines]
[-j start_line] [-K checkpt] [-W generator]
ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals]
[-O option] [-V validity_interval] [-z serial_number] file …
ssh-keygen -L [-f input_keyfile]
ssh-keygen -A
ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number]
file …
ssh-keygen -Q -f krl_file file …

演算法相關

選用演算法

ssh-keygen [-t dsa | ecdsa | ed25519 | rsa | rsa1]

ssh-keygen -t ecdsa

Server產生Fingerprint

Server端可以利用ssh-keygen-l參數來產生fingerprint:

$ ssh-keygen -lf /path/to/ssh/key

選用fingerprint_hash:

ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]

$ ssh-keygen -E md5 -lf <fileName>

Leave a Reply

Your email address will not be published. Required fields are marked *