在我的大部分经验中,默认情况下, ssh将在〜/ .ssh / id_rsa(.pub)中查找默认密钥对。
偶尔我尝试编写脚本来利用这个默认密钥位置,但是我最终对它进行了硬编码(例如DEFAULT_KEY_LOCATION="${HOME}/.ssh/id_rsa" /。ssh DEFAULT_KEY_LOCATION="${HOME}/.ssh/id_rsa"等),我觉得它是一个BadThing™。
是否有任何环境variables或ssh工具的输出,可以告诉我哪个用户的默认密钥的位置?
例如,是否有像ssh-defaults --key-location或环境variables$ SSH_DEFAULT_KEY?
从ssh的手册页:
-i identity_file Selects a file from which the identity (private key) for public key authentication is read. The default is ~/.ssh/identity for protocol version 1, and ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and ~/.ssh/id_rsa for protocol version 2. Identity files may also be specified on a per-host basis in the configuration file. It is possible to have multiple -i options (and multiple identities specified in configuration files). ssh will also try to load certificate information from the filename obtained by appending -cert.pub to identity filenames.
随后,如果它位于可以通过ssh自动find的位置,则根本不需要指定path。 即
ssh -i ~/.ssh/id_rsa [email protected]
和
ssh [email protected]
都将以相同的方式工作。 如果因为除了使用ssh以外的其他原因(例如,填充授权密钥)而需要编程查找密钥位置,则可以检查configuration文件检查的所有位置,并parsingssh_config文件以查找单个主机条目。 从man ssh_config:
The file name may use the tilde syntax to refer to a user's home directory or one of the following escape characters: '%d' (local user's home directory), '%u' (local user name), '%l' (local host name), '%h' (remote host name) or '%r' (remote user name).
所以你也必须parsing这个格式来定位单个文件(如果定义的话)。