我有多个私钥,我用它来连接不同的盒子。 大多数情况下,这是为了让我导入密钥以连接到机器的AWS – 我为此创build了一个单独的密钥集。 而不是一直在做:
ssh -i ~/.ssh/aws-key.pem [email protected]
将aws-key.pem添加到我的“ssh keychain”中,除了现有的“id_dsa”密钥之外,还可以针对所有SSH请求默认进行检查?
你有几个select。
使用SSH代理 。 只需使用ssh-add为您的所有私钥,让代理找出使用哪个密钥。 我通常更喜欢使用代理,并且在login到我的系统时始终启动它,并添加所有密钥。 它使一切都变得简单。
改变你的SSHconfiguration
# .ssh/config # per host example Host blah.example.com User zoredache IdentityFile ~/.ssh/username_YYYYMMDD_id_rsa # global example Host * User zoredache IdentityFile ~/.ssh/key1_YYYYMMDD_id_rsa IdentityFile ~/.ssh/key2_YYYYMMDD_id_rsa IdentityFile ~/.ssh/keyn_YYYYMMDD_id_rsa
在~/.ssh/config使用IdentityFile
如果你只想要一个特定的主机,请将其包含在Host指令下。
IdentityFile Specifies a file from which the user's DSA, ECDSA or DSA authentication identity is read. The default is ~/.ssh/identity for protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and ~/.ssh/id_rsa for protocol version 2. Additionally, any identities represented by the authentication agent will be used for authentication. ssh(1) will try to load certificate information from the filename obtained by appending -cert.pub to the path of a specified IdentityFile. The file name may use the tilde syntax to refer to a user's home directory or one of the following escape characters: '%d' (local user's home directory), '%u' (local user name), '%l' (local host name), '%h' (remote host name) or '%r' (remote user name). It is possible to have multiple identity files specified in configuration files; all these identities will be tried in sequence. Multiple IdentityFile directives will add to the list of identities tried (this behaviour differs from that of other configuration directives).