如何在同一主机上使用多个SSH密钥? [英] How to use multiple SSH keys for the same host?
问题描述
我要做的几乎是能够在同一服务器上为不同用户使用多个SSH密钥.我有一台同时用于虚拟主机和SSH隧道的服务器.我设置的帐户没有专门用于SSH隧道的登录外壳.我使用root用户来管理系统的其余部分.
Pretty much what I want to do is to be able to use multiple SSH keys on the same server for different users. I have a server that I use for both webhosting and as a SSH tunnel. I have setup an account that has no login shell specifically for SSH tunneling. I use the root user to manage the rest of the system.
我有2个SSH密钥,一个具有root用户的密码,另一个没有SSH隧道的密码.当我以隧道用户身份连接时,如何使用隧道密钥,以root用户身份连接时,如何使用根密钥?
I have 2 SSH keys, one with a password for the root user, and one without a password for the SSH tunnel. How do I make it so when I connect as the tunnel user, it uses the tunnel key and when I connect as the root user, it uses the root key?
推荐答案
如果为根用户设置了一个密钥,为隧道用户设置了另一个(通过服务器/远程计算机上的authorized_keys),则为正确的密钥应自动选择.
If you have one key set up for your root user, the other one for your tunnel user (via authorized_keys on the server/remote machine), the right key shall be picked automatically.
这是基于以下假设:您将密钥加载到ssh-agent
中,并且这些密钥可用于ssh
实用程序.
This is based on the assumption that you loaded the keys in ssh-agent
and they are available to the ssh
utility.
否则,您可以使用ssh -i <identity file>
手动指定密钥.
Otherwise, you can manually specify the key with ssh -i <identity file>
.
除此之外,您可以在ssh_config(〜/.ssh/config或/etc/ssh/ssh_config)中设置别名:
Besides that, you can set up aliases in your ssh_config (~/.ssh/config or /etc/ssh/ssh_config):
Host server-root
User root
IdentityFile <path to your key>
Hostname <real hostname>
Host server-tunnel
User tunnel-user
IdentityFile <path to your key>
Hostname <real hostname>
然后使用ssh server-root
或ssh server-tunnel
.
但是我想说使用ssh-agent可能是最简单的设置.
But I would say working with ssh-agent might be the easiest setup.
如果要在没有ssh-agent的情况下自动选择正确的键,则可以通过-i
指定两个键.
If you want auto-selection of the right key without ssh-agent, you could specify both keys via -i
.
要引用openssh手册页:
To quote from the openssh man page:
-i identity_file
Selects a file from which the identity (private key) for public
key authentication is read. The default is ~/.ssh/identity for
protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and
~/.ssh/id_rsa for protocol version 2. Identity files may also be
specified on a per-host basis in the configuration file. It is
possible to have multiple -i options (and multiple identities
specified in configuration files). ssh will also try to load
certificate information from the filename obtained by appending
-cert.pub to identity filenames.
这篇关于如何在同一主机上使用多个SSH密钥?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!