我经常看到非官方文档说你应该在创建自己的盒子时保存
vagrant
用户的ssh公钥,如下所示:
curl https://raw.githubusercontent.com/mitchellh/vagrant/master/keys/vagrant.pub >> /home/vagrant/.ssh/authorized_keys
当
vagrant up
与该框一起时,会显示以下消息:
default: Vagrant insecure key detected. Vagrant will automatically replace
default: this with a newly generated keypair for better security.
default:
default: Inserting generated public key within guest...
default: Removing insecure key from the guest if it's present...
default: Key inserted! Disconnecting and reconnecting using new SSH key...
我觉得mitchellh上面的
vagrant.pub
键不太合适。
保存
vagrant
用户的ssh公钥的最佳方法是什么?
您在 raw.githubusercontent.com 上指出的关键是一个示例不得使用。
返回的消息似乎表明另一个keypair已自动生成:
default: Inserting generated public key within guest... default: Removing insecure key from the guest if it's present... default: Key inserted! Disconnecting and reconnecting using new SSH key...
因此,如果一切正常,您的容器现在在 /home/vagrant/.ssh/authorized_keys
中使用新的
公钥,并且您的本地主机在
$HOME/.ssh/id_rsa
中使用新的 私钥。
将此文件与您最初下载的文件进行比较,查看两个文件的修改时间(在本地主机上和在 vagrant 容器中)
只需运行:
ssh-keygen -f ~/.ssh/vagrant-dedicated
参见
man ssh-keygen
了解密钥长度、密码等...
输出示例:
对话框:
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
简单输出:
Generating public/private rsa key pair.
Your identification has been saved in vagrant-dedicated.
Your public key has been saved in vagrant-dedicated.pub.
The key fingerprint is:
SHA256:U2YfVbMlCUed7tXrvf3xBQoLB3glpSpto4hwdjTKwV0 user @host
The key's randomart image is:
+---[RSA 2048]----+
| E ..o .o==+|
| . . . . + o.o=|
| o + . + + . ...|
| . + o o = . . .o|
|. = o = S o . o o|
|.+ o + . + o . + |
|. . . . . ..o|
| .*|
| .*|
+----[SHA256]-----+
这将创建两个文件:
ls -l ~/.ssh/vagrant-dedicated*
-rw------- 1 user user 1679 Oct 20 12:18 vagrant-dedicated
-rw-r--r-- 1 user user 394 Oct 20 12:18 vagrant-dedicated.pub
head -n1 ~/.ssh/vagrant-dedicated*
==> vagrant-dedicated <==
-----BEGIN RSA PRIVATE KEY-----
==> vagrant-dedicated.pub <==
ssh-rsa AAAAB3...0y/5 user@host
将容器
/home/vagrant/.ssh/authorized_keys
的内容替换为~/.ssh/vagrant-dedicated.pub
的内容,然后使用vagrant-dedicated
作为ssh连接的私钥。
ssh -i ~/.ssh/vagrant-dedicated vagrant@container
第一次连接到新的目标主机之前,
ssh
将提示您有关主机的指纹。
您可以比较
的输出ssh-keygen -vlf /etc/ssh/ssh_host_rsa_key.pub
在目标流浪者容器上,输出第一个连接输出:
ssh -o VisualHostKey=true -i ~/.ssh/vagrant-dedicated vagrant@container
第一次运行将开始输出如下:
The authenticity of host 'container (10.12.34.56)' can't be established.
然后,指纹,类似
ECDSA key fingerprint is SHA256:9M+2wGn0nZO3GPYkWuuxzXqI3nIbk5IJJ5xwhsxwbXk
以及 Ascii 艺术 表示:
+---[ECDSA 256]---+
| . .. . |
| = .+ E |
| =oo. |
| .=.. |
| S=o. |
| o+=o..o |
| =+*X*..|
| . =*+#+.|
| .o=O+= |
+----[SHA256]-----+
两个命令必须给出相同的 fingerprint 和 ascii art。