Linux Administration Cookbook
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

Ed25519 example

As with our RSA example, we will start by generating a new key, this time specifying the type as 'ed25519'.

Ed25519 keys are elliptical-curve based and a lot of very clever people believe they offer superior security to RSA. The keys themselves are also much shorter (which we'll touch on later,) meaning if you've ever got to type one out, it's a lot less work. Annoyingly you can't use the public half of an Ed25519 key for encrypting files, as you can with an RSA public half, so there's a trade off but it depends on your needs.

We will again accept the default location for where to save our key, and provide a passphrase:

[vagrant@centos1 ~]$ ssh-keygen -t ed25519 -C "Example Ed25519 key"
Generating public/private ed25519 key pair.
Enter file in which to save the key (/home/vagrant/.ssh/id_ed25519): 
/home/vagrant/.ssh/id_ed25519 already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/vagrant/.ssh/id_ed25519.
Your public key has been saved in /home/vagrant/.ssh/id_ed25519.pub.
The key fingerprint is:
SHA256:nQVR7ZVJMjph093KHB6qLg9Ve87PF4fNnFw8Y5X0kN4 Example Ed25519 key
The key's randomart image is:
+--[ED25519 256]--+
|          o*o+=+=|
|          ..+.B*=|
|           ooB Bo|
|         . +o.B+E|
|        S +.. +==|
|         ..  +.+=|
|        ..    o o|
|        ...    o.|
|         o.     +|
+----[SHA256]-----+

We're going to copy our new key over to centos2. Note that we're also specifying the id_ed25519.pub file as the one to copy over:

Again, the default password for these boxes is vagrant. 
[vagrant@centos1 ~]$ ssh-copy-id -i .ssh/id_ed25519.pub 192.168.33.11
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: ".ssh/id_ed25519.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
vagrant@192.168.33.11's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '192.168.33.11'"
and check to make sure that only the key(s) you wanted were added
If you've run this example straight after the one before it, you may be asked for the passphrase to your RSA key, instead of the password to the box itself. This is fine, and it highlights the fact that key-based authentication is attempted first. If this is the case for you, simply provide the passphrase to your RSA key.

Once installed, attempt to SSH to centos2, specifying the private half of the Ed25519 key:

[vagrant@centos1 ~]$ ssh 192.168.33.11 -i .ssh/id_ed25519
Enter passphrase for key '.ssh/id_ed25519': 
Last login: Wed Aug  8 10:06:33 2018 from 192.168.33.10
[vagrant@centos2 ~]$
上一章目录下一章