4.3.5 RSA、DSA密钥对的生成
RSA、DSA密钥对的生成非常简单,只需一个命令即可完成。以下为密钥对的生成方法,具体步骤如下:
1. 生成RSA密钥对
(1) 生成RSA密钥对。输入以下命令:
- # ssh-keygen -t rsa
(2) 输入密钥对密码:
- Generating public/private rsa key pair.
- Enter file in which to save the key (/root/.ssh/id_rsa): //输入保存私钥
- 的文件名,保持默认即可。在此直接回车
- Enter passphrase (empty for no passphrase): //输入密钥对密码,
- 若直接回车,则表示采用空密钥
- Enter same passphrase again: //确认密钥对密码
- Your identification has been saved in /root/.ssh/id_rsa. //生成的私钥文件名
- Your public key has been saved in /root/.ssh/id_rsa.pub. //生成的公钥文件名
- The key fingerprint is:
- 58:8c:d5:55:7d:41:0f:ca:db:6f:f1:f4:47:d9:49:aa root@localhost.localdomain
RSA密钥对生成成功,其中公钥为/root/.ssh/id_rsa.pub,私钥为/root/.ssh/id_rsa,这表示此密钥对是由root用户创建的。对于其他用户产生的密钥对,则会存放在/$HOME/.ssh目录下。
默认的密钥保存位置是:
XP/2003用户:c:/Documents and Settings/登陆名/.ssh
Vista用户: c:/Users/登陆名/.ssh
linux :~/.ssh
2. 生成DSA密钥对
(1) 生成DSA密钥对。输入以下命令:
- # ssh-keygen –t dsa
(2) 输入密钥对密码:
- Generating public/private dsa key pair.
- Enter file in which to save the key (/root/.ssh/id_dsa): //输入保存私钥的文件
- 名,保持默认即可。在此直接回车
- Enter passphrase (empty for no passphrase): //输入密钥对密码,若
- 直接回车,则表示采用空密钥
- Enter same passphrase again: //确认密钥对密码
- Your identification has been saved in /root/.ssh/id_dsa. //生成的私钥文件名
- Your public key has been saved in /root/.ssh/id_dsa.pub. //生成的公钥文件名
- The key fingerprint is:
- 40:d3:9f:f7:3b:7b:28:89:76:ae:f3:ee:d4:e8:b0:21 root@localhost.localdomain
DSA密钥对生成成功,其中公钥为/root/.ssh/id_dsa.pub,私钥为/root/.ssh/id_dsa。接下来需要将公钥安装到OpenSSH服务器上。
若用户需要生成2.x版本的密钥对,可采用ssh-keygen -d命令实现。生成的2.x版本的密钥文件为identity和identity.pub。密钥文件所在的目录不变。