OpenSSH / SSH1 / SSH2 相互運用のための鍵管理

[.ssh/identity .ssh/identity.pub の生成 (OpenSSH : SSH1 Protocol 用 RSA キー・ペア)]

 % ssh-keygen -t rsa1
 Generating public/private rsa1 key pair.
 Enter file in which to save the key (/home/heart/.ssh/identity): 
 Created directory '/home/heart/.ssh'.
 Enter passphrase (empty for no passphrase): 
 Enter same passphrase again: 
 Your identification has been saved in /home/heart/.ssh/identity.
 Your public key has been saved in /home/heart/.ssh/identity.pub.
 The key fingerprint is:
 21:c1:cf:6f:08:44:69:2d:4b:38:60:8e:56:20:ac:07 heart@heart

[.ssh/id_rsa .ssh/id_rsa.pub の生成 (OpenSSH : SSH2 Protocol 用 RSA キー・ペア)]

 % ssh-keygen -t rsa
 Generating public/private rsa key pair.
 Enter file in which to save the key (/home/heart/.ssh/id_rsa): 
 Enter passphrase (empty for no passphrase): 
 Enter same passphrase again: 
 Your identification has been saved in /home/heart/.ssh/id_rsa.
 Your public key has been saved in /home/heart/.ssh/id_rsa.pub.
 The key fingerprint is:
 9c:1c:ac:2c:71:6b:5a:52:9f:8f:4b:56:03:f6:a5:af heart@heart

[.ssh/id_dsa .ssh/id_dsa.pub の生成 (OpenSSH : SSH2 Protocol 用 DSA キー・ペア)]

 % ssh-keygen -t dsa
 Generating public/private dsa key pair.
 Enter file in which to save the key (/home/heart/.ssh/id_dsa): 
 Enter passphrase (empty for no passphrase): 
 Enter same passphrase again: 
 Your identification has been saved in /home/heart/.ssh/id_dsa.
 Your public key has been saved in /home/heart/.ssh/id_dsa.pub.
 The key fingerprint is:
 4a:97:f7:98:d2:d6:05:39:c3:94:86:fe:9b:a3:26:27 heart@heart

[.ssh2/id_rsa_1024_a .ssh2/id_rsa_1024_a.pub の生成 (SSH2 : RSA キー・ペア)]

 % ssh-keygen2 -t rsa
 Generating 1024-bit rsa key pair
    1 oOo.oOo.oO
 Key generated.
 1024-bit rsa, heart@heart, Fri Feb 08 2002 15:32:32 +0900
 Passphrase :
 Again      :
 Private key saved to /home/heart/.ssh2/id_rsa_1024_a
 Public key saved to /home/heart/.ssh2/id_rsa_1024_a.pub

[.ssh2/id_dsa_1024_a .ssh2/id_dsa_1024_a.pub の生成 (SSH2 : DSA キー・ペア)]

 % ssh-keygen2 -t dsa
 Generating 1024-bit dsa key pair
    1 oOo.oO
 Key generated.
 1024-bit dsa, heart@heart, Fri Mar 30 2001 10:23:00 +0900
 Passphrase : 
 Again      : 
 Private key saved to /home/heart/.ssh2/id_dsa_1024_a
 Public key saved to /home/heart/.ssh2/id_dsa_1024_a.pub

[.ssh2/id_dsa_openssh.pub .ssh2/id_rsa_openssh.pub の生成 (SSH2 : 対 OpenSSH 用 公開鍵)]

 % ssh-keygen -f ~/.ssh/id_dsa -e > ~/.ssh2/id_dsa_openssh.pub
 Enter passphrase: 

 % ssh-keygen -f ~/.ssh/id_rsa -e > ~/.ssh2/id_rsa_openssh.pub
 Enter passphrase:

OpenSSH 2.x を利用している場合は -e Option の代りに -x Option を利用してください.

[.ssh/id_rsa_ssh2.pub .ssh/id_dsa_ssh2.pub の生成 (OpenSSH : 対 SSH2 用 公開鍵)]

 % ssh-keygen -f ~/.ssh2/id_rsa_1024_a.pub -i > ~/.ssh/id_rsa_ssh2.pub
 ignore: ---- BEGIN SSH2 PUBLIC KEY ----
 ignore: Subject: heart
 ignore: Comment: "1024-bit dsa, heart@heart, Fri Feb 08 2002 15:32:32 +0900"
 ignore: ---- END SSH2 PUBLIC KEY ----

 % ssh-keygen -f ~/.ssh2/id_dsa_1024_a.pub -i > ~/.ssh/id_dsa_ssh2.pub
 ignore: ---- BEGIN SSH2 PUBLIC KEY ----
 ignore: Subject: heart
 ignore: Comment: "1024-bit dsa, heart@heart, Fri Mar 30 2001 10:23:00 +0900"
 ignore: ---- END SSH2 PUBLIC KEY ----

OpenSSH 2.x を利用している場合は -i Option の代りに -X Option を利用してください.

[公開鍵 の登録 (OpenSSH / SSH2)]

 % cat ~/.ssh/*.pub > ~/.ssh/authorized_keys
 % cat ~/.ssh/id_*.pub > ~/.ssh/authorized_keys2
 % echo "key id_dsa_1024_a.pub" >> ~/.ssh2/authorization
 % echo "key id_rsa_1024_a.pub" >> ~/.ssh2/authorization
 % echo "key id_dsa_openssh.pub" >> ~/.ssh2/authorization
 % echo "key id_rsa_openssh.pub" >> ~/.ssh2/authorization

OpenSSH 3.x からは ~/.ssh/authorized_keys2 は必要なくなり, すべての 公開鍵 を ~/.ssh/authorized_keys に登録することになりました. ここでは念のために, 作成しています.

[秘密鍵 の登録 (SSH2 のみ)]

 % echo "idkey id_dsa_1024_a" >> ~/.ssh2/identification
 % echo "idkey id_rsa_1024_a" >> ~/.ssh2/identification

Reference


Copyright (C) 1999-2002 Masaru Onozawa
e-mail: masy@webmasters.gr.jp
$Id: secsh_key.html,v 1.6 2002/05/09 08:26:00 masy Exp $