SSH key and Tectia key generation

原创

mb649d3a75b51a2 2023-07-02 13:40:46 ©著作权

文章标签 generation ssh system authorization file 文章分类 Python 后端开发

©著作权归作者所有：来自51CTO博客作者mb649d3a75b51a2的原创作品，请联系作者获取转载授权，否则将追究法律责任

host% pwd
/usr/home/user
host% cd .ssh
host% ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/usr/home/user/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /usr/home/user/.ssh/id_rsa.
Your public key has been saved in /usr/home/user/.ssh/id_rsa.pub.
The key fingerprint is:
d5:df:a7:14:05:c5:ec:93:07:ca:1a:dc:ba:4c:11:fauser@host.com     
host% cp id_rsa.pubauthorized_keys 
host% sftpyour_account@host      
Connecting to host...
You are authorized to use this System for approved business purposes only. Use for any other purpose is prohibited. All transactional records, reports, e-mail, software, and other data generated by or residing upon this System are the property of the Company and may be used by the Company for any purpose. Authorized and unauthorized activities may be monitored. support information is available Password Authentication
Password: 
sftp> ls
sshkeys  
sftp> cd sshkeys
sftp> put authorized_keys
Uploading authorized_keys to /sshkeys/authorized_keys
authorized_keys                                                            100%  409     0.4KB/s   00:00   
sftp> ls -l
-rw-r--r--   1 10015    123           409 Oct 21 05:19 authorized_keys
sftp> quit
host% sftpyour_account@hostConnecting to hostYou are authorized to use this System for approved business purposes only. Use for any other purpose is prohibited. All transactional records, reports, e-mail, software, and other data generated by or residing upon this System are the property of the Company and may be used by the Company for any purpose. Authorized and unauthorized activities may be monitoredsftp> quit
host%
 
==================Tectia
[your_account@host~]$ cd .ssh2
[your_account@host .ssh2]$ ssh-keygen -t rsa -c 'dev test isp-test1'
Generating 2048-bit rsa key pair
   2 Oo.oOo.oOo.o
Key generated.
dev test isp-test1
Passphrase : 
Again      : 
Key is stored with NULL passphrase.
 (You can ignore the following warning if you are generating hostkeys.)
 This is not recommended.
 Don't do this unless you know what you're doing.
 If file system protections fail (someone can access the keyfile),
 or if the super-user is malicious, your key can be used without
 the deciphering effort.
Private key saved to /home/your_account/.ssh2/id_rsa_2048_a
Public key saved to /home/your_account/.ssh2/id_rsa_2048_a.pub
[your_account@host .ssh2]$ echo 'IdKey id_rsa_2048_a' > identification
[your_account@host .ssh2]$ cp id_rsa_2048_a.pub authorized_keys
[your_account@host .ssh2]$ sftpyour_account@host Host key digest saved to /home/isp-test1/.ssh2/hostkeys/keys_cebaab29d49922260e762baaf69aef0da0fffe63
You are authorized to use this System for approved business purposes only. Use for any other purpose is prohibited. All transactional records, reports, e-mail, software, and other data generated by or residing upon this System are the property of the Company and may be used by the Company for any purpose. Authorized and unauthorized activities may be monitored. Keyboard-interactive:
Password Authentication
Password: 
sftp> ls
.:
sshkeys/
sftp> cd sshkeys
/sshkeys
sftp> put authorized_keys
authorized_keys                                                                         |  497B |  497B/s | TOC: 00:00:01 | 100%
sftp> ls -l
-rw-r--r--   1 10015    123           497 Oct 21 05:27 authorized_keys
sftp> quit
[your_account@host .ssh2]$ sftpyour_account@host You are authorized to use this System for approved business purposes only. Use for any other purpose is prohibited. All transactional records, reports, e-mail, software, and other data generated by or residing upon this System are the property of the Company and may be used by the Company for any purpose. Authorized and unauthorized activities may be monitored.   
sftp> quit

====

[Change to .ssh directory in user account]
host% cd .ssh
 
[Add contents of public key file provided by ops to ‘authorized_keys’ file (multiple keys can exist in here)]
 
host% cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAqB6F76K88obL++w/5f+EkawfvlgJZPN+OZzOkY3eJDPytHhdeUvEkiNsBK7s+Re+eBgtTnAKz2OMvqG6J2JKjlKsNRXOxBd7ulwe86HC8Pe1p53zYJngGnTWbYF2picwZkF4mLnkQwJusOEVRyKE6giX1ftom0L+mcnTxl4r/+LI2t21ftbekcqUWtXq0JVePNexkVWmWt4Am7o2nrUJ9V2DaIapMQaeCn8s+E0L5Zy1OEe/BFUG4jMwAZJtTsY8JuilOLsCgu1/Q8HsrQOpHqR3E+NFIbVLmKFDm9P5D3YPpUPXln4mLYMUOw6S1FvpzCAA97u363mc/7iNP1nDrw== -dev sftp key
host%
  
 
 
[Change to .ssh2 directory]
[your_account@host ~]$ cd .ssh2
 
[Add contents of public key file provided by ops to a key file (one file per key)]
[your_account@host .ssh2]$ cat xxx_rsa_2048.pub
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "cate-xxx-push-dev"
AAAAB3NzaC1yc2EAAAABJQAAAQEAu4dAzJRJGD7a9AQSMyeOALVT04iEcjBkgwfb
7Zwx09yzisT9t4EkB1zzpeFCWlnkmWpiWlyhhIhnMnNwDDZZ5hxFaM5EiETPiQjW
1sr/DKR2r+7trnLkvUcaPf9QkMmtKuawq5njNs5+xo1pWUkcCS4u2ym2Au1ZcPRn
4+1uaoFwPgZ8Wji+/cKaNRE+35dq3sAok7FcQe05lC4Lo3NMgzbTb9ORoskooc0J
9y6D6CbM994dIyT0jQ5mpwONeEbZKVPfumWxY5POk+Nla1s1oO52Q6TBWTv2cSFF
JrYF7eBJYeb7jRItB8BYUzk+LVzytZqkv0HYUegPdsL/+E3DYQ==
---- END SSH2 PUBLIC KEY ----
 
[Add key to ‘authorization’ file to enable]
[your_account@host .ssh2]$ echo 'Key xxx_rsa_2048.pub' >> authorization