健全检查SSH公钥呢？ [英] Sanity check SSH public key?

问题描述

我已经要求用户输入他们的公开id_rsa.pubSSH密钥，那我再放置在/home/theiraccount/.ssh/authorized_keys，这样他们就可以通过SSH登录到服务器。我想这个过程自动化。

I have asked users for their public "id_rsa.pub" ssh key, that I then place in "/home/theiraccount/.ssh/authorized_keys", so they can login to the server by SSH. I'd like to automate this process.

反正是有理智检查字符串他们给我（​​编程方式或其他方式）？我想验证sshd是否可以阅读的文本和它实际上看起来像一个有效的公共密钥（并没有被损坏）？

Is there anyway to sanity check the string they give me (programmatically or otherwise)? I want to verify that sshd can read the text and that it actually looks like a valid public key (and hasn't been corrupted)?

换句话说，什么是 id_rsa.pub 文件的格式？如果有人进入它在一个领域我能在表单处理程序脚本编写，以验证它的完整性和正确性？

Put another way, what is the format of the id_rsa.pub file? If someone enters it in a field what can I write in the form handler script to verify that it is complete and correct?

推荐答案

SSH-凯基可用于计算密钥文件的指纹，如果你将失败不要将它传递一个键：

ssh-keygen can be used to calculate the fingerprint of a key file, which will fail if you don't pass it a key:

ssh-keygen -l -f id_rsa.pub

另一种可能性是<一个href=\"http://manpages.ubuntu.com/manpages/raring/man1/ssh-vulnkey.1.html\"><$c$c>ssh-vulnkey,这将具有在同一时间检查针对已知泄露密钥的黑名单的按键的优点

Another possibility would be ssh-vulnkey, that would have the advantage of checking the keys against the blacklist of known compromised keys at the same time.

这篇关于健全检查SSH公钥呢？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！