我正在尝试在AWS CloudFront上上传公钥。我生成密钥如下
ssh-keygen -t ecdsa -b 521
我也尝试过
ssh-keygen -b 4096
[通过控制台上传时,出现以下错误:com.amazonaws.services.cloudfront.model.InvalidArgumentException:您的请求包含空/无效/超出限制的RSA编码密钥(服务:AmazonCloudFront;状态码:400 ;错误代码:InvalidArgument;请求ID:08fa98af-0c02-11ea-b06e-d771d01bbfcb)
ssh -V的结果是“ OpenSSH_7.7p1,OpenSSL 1.0.2p,2018年8月14日”。
任何帮助将不胜感激。谢谢。
我通过这种方式生成密钥来解决它:
openssl genrsa -out key.pem
openssl rsa -pubout -in key.pem -out pubkey.pem
并上传生成的pubkey.pem。我仍不确定我以前的方法不起作用的具体原因。
这是因为CloudFront不支持长度为4096位的密钥。当您运行命令openssl rsa -pubout -in key.pem -out pubkey.pem时,默认情况下会生成2048位接受的密钥。
The length of the public key for a certificate depends on where you're storing it.
Importing a certificate into AWS Certificate Manager (ACM): public key length must be 1024 or 2048 bits. The limit for a certificate that you use with CloudFront is 2048 bits, even though ACM supports larger keys.
Uploading a certificate to the AWS Identity and Access Management (IAM) certificate store: maximum size of the public key is 2048 bits.