本文介绍如何在Linux系统下更新或更改SSH密钥密码,也适用在Unix系统中。SSH密钥通常用于向某些信息系统的用户进行身份验证,SSH密钥本身是私钥,使用从密码短语导出的对称加密密钥进一步加密私钥,设置方法请参考怎么设置SSH密钥一文。
什么是SSH密钥密码 密码短语类似于密码,用于保护你的SSH私钥免受未经授权的访问和使用,始终建议为SSH密钥设置一个强密码,至少15个,最好是20个字符,使其很难猜测到。也可以阅读一下无密码登陆的方法:SSH无密码登录:只需两个简单步(针对Linux系统)。
在Linux下更改或更新SSH密钥密码 有时,如果在生成SSH密钥时未设置,则可能需要更新SSH密钥密码或设置密码。 举个例子,让我们生成没有密码的SSH密钥: # ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:1gSD3mPgxaD0C88YLU+TdYs2T3nBO5ttK5Jj0bvz0gs root@ubuntu-01 The key's randomart image is:
现在使用以下命令设置密码: # ssh-keygen -p -f ~/.ssh/id_rsa Enter new passphrase (empty for no passphrase): <Enter passphrase> Enter same passphrase again:<Retype passphrase> Your identification has been saved with the new passphrase. 如果使用私钥的自定义路径,请将~/.ssh/id_rsa替换为私钥的路径。 重置密码时会应用相同的命令,将要求你输入旧密码,并设置新密码: # ssh-keygen -p -f ~/.ssh/id_rsa Enter old passphrase: <Enter old passphrase> Enter new passphrase (empty for no passphrase): <Enter new passphrase> Enter same passphrase again: <Retype new passphrase> Your identification has been saved with the new passphrase.
测试新密码 要测试新密码是否正常工作,请将ssh公钥复制到远程服务器并尝试使用它进行ssh: $ ssh-copy-id root@10.10.5.4 Enter passphrase for key '/home/jmutai/.ssh/id_rsa': Now try logging into the machine, with "ssh 'root@10.10.5.4'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting.
保存私钥密码 使用ssh,你可以配置身份验证代理以保存密码,这样你每次使用SSH密钥时都不必重新输入密码: eval $(ssh-agent) # Start agent on demand ssh-add # Add default key ssh-add -l # List keys ssh-add ~/.ssh/id_rsa # Add specific key ssh-add -t 3600 ~/.ssh/id_rsa # Add with timeout ssh-add -D # Drop keys
相关主题 |