Linux
使用 AES-256-CBC 生成 SSH 對
好的,它很容易創建一個 ssh 對
ssh-keygen,但是如何ssh-keygen使用允許我使用 AES-256-CBC 的 ssh 對生成?預設值始終是 AES-128-CBC,我已經嘗試了不同的參數,但它們的功能不像:
ssh-keygen -b 4096 -t rsa -Z aes-256-cbc但是他們沒有工作,知道怎麼做嗎?
您不會生成使用
aes時使用的密鑰ssh-keygen。由於aes是*對稱密碼,它的密鑰不是*成對出現的。通信的兩端使用相同的密鑰。ssh-keygen 生成的密鑰使用公鑰加密進行身份驗證。從
ssh-keygen手冊:ssh-keygen generates, manages and converts authentication keys for ssh(1). ssh-keygen can create RSA keys for use by SSH protocol version 1 and DSA, ECDSA, Ed25519 or RSA keys for use by SSH protocol version 2.從
ssh手冊:Public key authentication works as follows: The scheme is based on public-key cryptography, using cryptosystems where encryption and decryption are done using separate keys, and it is unfeasible to derive the decryption key from the encryption key. The idea is that each user creates a public/private key pair for authentication purposes. The server knows the public key, and only the user knows the private key. ssh implements public key authentication protocol automatically, using one of the DSA, ECDSA, Ed25519 or RSA algorithms.公鑰加密的問題在於它非常慢。對稱密鑰加密速度更快,用於
ssh實際數據傳輸。用於對稱加密的密鑰是在建立連接後即時生成的(引用sshd手冊):For protocol 2, forward security is provided through a Diffie-Hellman key agreement. This key agreement results in a shared session key. The rest of the session is encrypted using a symmetric cipher, currently 128-bit AES, Blowfish, 3DES, CAST128, Arcfour, 192-bit AES, or 256-bit AES. The client selects the encryption algorithm to use from those offered by the server. Additionally, session integrity is provided through a cryptographic message authentication code (hmac-md5, hmac-sha1, umac-64, umac-128, hmac-ripemd160, hmac-sha2-256 or hmac-sha2-512).如果你想使用
aes256-cbc它,你需要在命令行中使用 -c 選項指定它,它的最基本形式如下所示:$ ssh -c aes256-cbc user@host
ssh_config您還可以使用逗號分隔的列表在 中指定首選的密碼選擇。但是,不建議修改預設值,因為這最好留給專家。OpenSSH 開發人員在選擇預設值時需要考慮很多因素和多年的經驗。