如何在同一主机上使用多个SSH密钥? [英] How to use multiple SSH keys for the same host?

问题描述

我要做的几乎是能够在同一服务器上为不同用户使用多个SSH密钥.我有一台同时用于虚拟主机和SSH隧道的服务器.我设置的帐户没有专门用于SSH隧道的登录外壳.我使用root用户来管理系统的其余部分.

Pretty much what I want to do is to be able to use multiple SSH keys on the same server for different users. I have a server that I use for both webhosting and as a SSH tunnel. I have setup an account that has no login shell specifically for SSH tunneling. I use the root user to manage the rest of the system.

我有2个SSH密钥，一个具有root用户的密码，另一个没有SSH隧道的密码.当我以隧道用户身份连接时，如何使用隧道密钥，以root用户身份连接时，如何使用根密钥?

I have 2 SSH keys, one with a password for the root user, and one without a password for the SSH tunnel. How do I make it so when I connect as the tunnel user, it uses the tunnel key and when I connect as the root user, it uses the root key?

推荐答案

如果为根用户设置了一个密钥，为隧道用户设置了另一个(通过服务器/远程计算机上的authorized_keys)，则为正确的密钥应自动选择.

If you have one key set up for your root user, the other one for your tunnel user (via authorized_keys on the server/remote machine), the right key shall be picked automatically.

这是基于以下假设:您将密钥加载到ssh-agent中，并且这些密钥可用于ssh实用程序.

This is based on the assumption that you loaded the keys in ssh-agent and they are available to the ssh utility.

否则，您可以使用ssh -i <identity file>手动指定密钥.

Otherwise, you can manually specify the key with ssh -i <identity file>.

除此之外，您可以在ssh_config(〜/.ssh/config或/etc/ssh/ssh_config)中设置别名:

Besides that, you can set up aliases in your ssh_config (~/.ssh/config or /etc/ssh/ssh_config):

Host server-root
User root
IdentityFile <path to your key>
Hostname <real hostname>

Host server-tunnel
User tunnel-user
IdentityFile <path to your key>
Hostname <real hostname>

然后使用ssh server-root或ssh server-tunnel.

但是我想说使用ssh-agent可能是最简单的设置.

But I would say working with ssh-agent might be the easiest setup.

如果要在没有ssh-agent的情况下自动选择正确的键，则可以通过-i指定两个键.

If you want auto-selection of the right key without ssh-agent, you could specify both keys via -i.

要引用openssh手册页:

To quote from the openssh man page:

 -i identity_file
     Selects a file from which the identity (private key) for public
     key authentication is read.  The default is ~/.ssh/identity for
     protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and
     ~/.ssh/id_rsa for protocol version 2.  Identity files may also be
     specified on a per-host basis in the configuration file.  It is
     possible to have multiple -i options (and multiple identities
     specified in configuration files).  ssh will also try to load
     certificate information from the filename obtained by appending
     -cert.pub to identity filenames.

这篇关于如何在同一主机上使用多个SSH密钥?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！