准备钥匙和锁(密钥对)：

 

$ pwd/Users/test$ ssh-keygen -t dsa -C "$(whoami)@$(hostname),$(date '+%F %T')" -f ./ssh/my_dsa_sshkey

参数：

 

-t: 支持的格式是rsa1, rsa, dsa和ecdsa. OSX 10.8之前的不支持ecdsa.

-f : 用于设定密钥的加密方式，合法的有rsa, dsa和ecdsa

-b: 设定密钥长度, rsa是768到2048之间的数值； dsa只能是1024；ecdsa只能是256, 384 or 521中的一个。

-N: 这就是设置密语暗号(passphrass)，这个的用途是，一旦你的那把钥匙丢了，别人没有你的暗语，也无法使用。

-q: 如果不想看它的提示信息，就加上这个静默选项。

-f: 保存的文件名。

-C: 可以设置一个注释.

 

$ ssh-keygen -A

如果求简单，就是用这一句，自动为每一个加密方式(rsa1, rsa, dsa and ecdsa)，在默认位置(.ssh/)生成默认密钥对文件(identity, id_rsa, id_dsa, id_ecdsa)

 

查看生成的ssh密钥对：

 

# display public key-钥匙$ ssh-keygen -e -f .ssh/my_dsa_sshkey---- BEGIN SSH2 PUBLIC KEY ----Comment: "1024-bit DSA, converted by toliu@W430-275.local from OpenSSH"AAAAB3NzaC1kc3MAAACBAP448yfy/RPzS4vJmVUdAgbhTT7+wAcPVgQM9phZRlVET6S+iy6IK7w9gVZUYmNsWKCII=---- END SSH2 PUBLIC KEY ----#display private key－锁$ ssh-keygen -y -f .ssh/my_dsa_sshkeysh-dss AAAAB3NzaC1kc3MAAACBAP448yfy/RPzS4vJmVUdAgbhTT7+wAcPVgQM9phZRlVET6S+iy6IK7w9gVZUYmNsWKCIIVp3Tp35WBdBWzwBlBIKad73oDmskHXzKdhpqBqlTOBXnb5bEShR1GXv41isiDg/uhWjr3yPQQBqQuZtqeGnIgyDsaDCElbH9RzQXQLdAAAAFQCd8b6azLV+cIBHUlhx96s0THzxJwAAAIAXkuFTxQ6Weax8nQA6UGbPUOV1yVpLa6Js/wBZdTzgWJpvtMoVSE/F+5dkzHWYdPh9x1HKCw310GVsvIdmZeh=

 

其实直接用cat来看私有和共有密钥：

 

# it will not show a passphrased private key itself. 有暗号的钥匙不会显示钥匙原貌# if private key without passphras, it will show the private key itself.$ cat .ssh/my_dsa_sshkey----BEGIN DSA PRIVATE KEY-----Proc-Type: 4,ENCRYPTEDDEK-Info: AES-128-CBC,5549710C5D9791C4020C7A0FFAA00306HpvJCObP/tsGpmlBphXc1Kw6DzkZc6KDcEbrvQeB9Q5vsuz9DQvIPaWwKOBomWWNeDZHfVS9CVFkrRW+2mvXaw7uHgMMjQNdKnAdnV5voi5ePjwFF9OMpvS7u9+0zoWO9fJYX/QB2LS9ijpXf5g4nVN5/6ZrEZ5Z/xeVVAzqn4irH6U7x3qd+RFb8nLf+pRU4wIoa05eqYLE7BHP7uqe9==-----END DSA PRIVATE KEY-----# show the public key itself－锁$ cat .ssh/my_dsa_sshkey.pub---- BEGIN SSH2 PUBLIC KEY ----Comment: "1024-bit DSA, converted by toliu@W430-275.local from OpenSSH"AAAAB3NzaC1kc3MAAACBAP448yfy/RPzS4vJmVUdAgbhTT7+wAcPVgQM9phZRlVET6S+iy6IK7w9gVZUYmNsWKCII=---- END SSH2 PUBLIC KEY ----

 

 

10.8系统的变更-Ref (1)：

 

$ cat /etc/sshd_config | grep "authorized_keys"# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2# but this is overridden so installations will only check .ssh/authorized_keysAuthorizedKeysFile	.ssh/authorized_keys

 

 

在10.6上面现实的是

#RSAAuthentication yes#PubkeyAuthentication yes#AuthorizedKeysFile	.ssh/authorized_keys

Ref:

(1): 

(2):  －

(3): man ssh; man ssh-keygen

(4): 

(5):