[筆記] EC2 登錄機制

1 minute read

機制

ec2 登錄使用 .pem
其實就是跟平常把public key 放到想登陸的主機達到不用密碼登錄是相同道理
這種方式登陸時實際上就是用自己的私鑰去配對之前放過去的公鑰
這邊只是把私鑰轉成檔案 ,
可以理解成AWS把public key先放到ec2主機, 然後把private key 給你.
你ssh 指定該private key檔案去登錄, (本來預設會用~/.ssh/id_rsa)

產生公私鑰

ssh-keygen -m PEM -t rsa -b 4096

## -m 表示輸出特定格式 這邊為PEM, 預設為RFC4716
## -t 為金鑰類型
## -b 為金鑰使用長度 這邊為 4096 bit

no prompt

RUN ssh-keygen -m PEM -t rsa -b 4096 -N "" -f ~/.ssh/id_rsa
## no prompt 直接輸出至 ~/.ssh/id_rsa 

PEM 與 RFC4716 辨別

一般key pair副檔名其實是無法辨認格式的

PEM 是將key pair 以 ASCII的方式呈現,
快速辨別方式通常開頭以MII 開頭

pem範例

-----BEGIN RSA PRIVATE KEY-----
MIIJKQIBAAKCAgEA2qKj2cwkKX7YLBNHHQiqdhVQNuBJ9Shp/PEYRgg3sx9WEnsl
6Z0rYTdOTS8LxbFlV1TKN9+daYUWj0YRfimzV27ikUfl1Q//zPB1oQw3sTzSsOXz
DwsM24RaeOhR6ZsEYczoCB3jmrz3ti8NDmJTIT9AT8z+VM8pCCGr6c6MUDlMvAJa
Q7wLUufZaeUOGLxF3IfN0m6S8xUiZffcCkRbkUCUerefiO4nLEGhsibuOCeS/Ud9
hk+ef1SQVJ64mGrDwExgkMkjUWHOVO6a5SikJoAJyMhiGsM2Qvv7N/djPPfB5qSE
KH/35Gjx6eaRS1rh/ClMUSyks3y/zd2Kie3zlH+XCabiiFQtydZv5vYguIj0sybO
ih3iZHQRDXMFkjBPsxrYm4DWxeRQTqbH2bHVCHABNlLva4rjGMiz4iNbBMW6sxV7
DdLNJlyUlaTVrbRFSiFZUtqIz6YpcRtF72oI5y89JoOJUFADki0KwEXDGfg1IPJf
KiW54Q+LZr6ZqwRgn/AjdgXI0oXEpzHxMdo+NO8yiMx1FMnSoAEbjBHOBR+9tP7l
6WSnFs0ZjcIBgLIGu8k+4yXOpezjp6L8CfyP72AU0lMnRgX124irpQvyjGP/zv/9
7+gWG/8fF/01bqmHIzG5cNoXfmRtW5pGoxGzjNYY7LgTl5jfnjsR17F7NlUCAwEA
AQKCAgA3uOHnvYat6L0xpowmUzIWvGHgSpOu3uj8ZXoZRzji9yaZuTc1bjBDK7RS
KZ5neUnp0xti2CQnY5sXUvVcYUZrD0DBZECoZ9Z7JgHk1NdQ3b6ZBVJIUDmrrPTe
Ad/2mOKqBm5Qu0VqB6VekmlSdC7Zt2QtsoJTnSTJBMPq6BCM1b2/4R2eS8vbCmo3
+f/4v+tSRG5ppnLfb1CACobTOw7XW008ZZZMcN4dAnEylYd7WmK1GMZeN+aebzAF
0RodBoDzfsPRwuG0eSf8L3/czdngUhusR53xUjV/JvelEPEC9eY+YUmphMvqM/EL
+w6m1Pfpq6Dew3EKqc28qy0G8FV2163OnLmgezoU29waeoj2MscycO3yvi2Kfo6J
NecJa/SzOlJCrL2QieR9QiXv8IGtBMkrMNxbsp8ziZgao+GvcVZAF86ytKde55Js
YgArt9bBvVUoFpBZR5p81Rm6UQaSanmNPokEDS8PvUIfCgLPfQxGXgg7hNr7Qn9z
TUlEE/j/1kK73SCbYvgLtTnqlUP1X1m+Q8Awt/MHgHbaW3e1dkoAwzjk4UqAe/pf
1s3NiVSqAB+5WyhruSr30ok1zYAwA/PTHEUyb3OD3eOuV1iDfqOH3yDyiPGrs8gJ
8wfGgrq6ltpmwX66oUx5SUy76gfAx7atDhvdaKoPIWMzjYiqwQKCAQEA+rtX3n8b
znIhbx+FaU+oqNIsPv5/iglPfMaCAZaI/HbEkJ8b33/cPau3LydbMEkeO6XGkaFB
KnWWyggMLOQ7Ss7X9BftfkeI8Dq0xr15V2ZStpLPH+G+eh8aacYGi7IBB6z/IriP
sK9hzak47FLNoBP/F1hEt1JG6b9b9yISu1J4jkjLCiH4ooiRb2lK23YswCLGYg6o
u8XAQCdefQgq5osz/ThoC27Cbpjg5rkZUZNe4VKviMPD9v7Uo3HPuAGd74EsathJ
NZx8M6JPo8+E2BuKwX7TyVFSR20h8NP/mlZLmhUosa7qwBbB2+O5rBTN/MOvohH/
skd5FU4nvyLexQKCAQEA3zqnTnoektgOgpx47bw40RvXWlOzpKgqGY+cIIVYs5+P
wo7CqzDaPZ/uGUYBMGXtclmwjjK1AYbuof8xihHDt47Y/8d6F7RxxiUAmjhNf4w5
hPCErwNV5a35VIEw0LdAIt+oOjwDpHoT1F728LL2ErQfiVuRMesWUPn6nRiEuZjk
nZqR+N7UzkLlG+/GBmPwh7lejipVrQlvGIJZp862WArmNF44IWznOJ4TDTEST+kB
NdENBd1NnuuRbF+hPHqdlIE1j+ZrM4sl9WPhK2ZYpwTzS1fNY6C+yGPIybLm1DHw
13Y3VLHlr0uSYAUvtCDDjAyf8hzSHkyea4K4AzNyUQKCAQBsL6XsdUAURh6zChDQ
rfSCU52P2NRDRV0s46J4+PFGriCGnoCyYUMwwQUbrYmlPgdziUYy1DeAEJjtt6c5
P4lt7+4yfpiVIlyt+0bBckQHODl8WcBRa2B65SzKcw2j/TyAiV7VJnmprSMwUFIl
dl0PM1GgSw/rYe8DMPSHoAYhGaa3DiW9y4ay6uaGAhKwuz738IlVCio4S0124QXe
QUXxkCLwogQS2sm+Wuy/4SJRlpsb8keXZZEK5E3v8E3GgbwZ+cymlYiRP2JADUr7
zbDuZoPqlcTgWtx7wVUhyvfBKncYlwSmFmloVOl07b/RxnBTHkSMU+PWkwxl6wEv
ceZZAoIBAQCL03aXDqF2A8XbBF4vM/Y27YSQfNuK6Rct2anHKR+tq+XlzXyctMYP
Uc1XoWT/Rulb9lhESfjdUwLJEEucm5IHuX+tf+q3THzzy5u7/kZ0/YXOAsZpxeIZ
M0d5Kk9EfXS8I3KBv7PcY+dl4HI3xTGj95XFeUjShtn8sQjNPF1u0BlrqzWCOTn9
VSOjwyY8PH+e1Hso+9WcxMsFBClaln3bWkBmTxpDva575XAzlChPS7lJV4Aby0pi
oFYAF0qs0nVAX0sIryE5MRD+y6hwgfRH8i7fY8kwfbDjXrWXuesiwYGFxPPVpnUj
v2eZo8YEw30ZjZLmmiz3c7DL0R6oSqJxAoIBAQDNiaCOChMT6X4QBDX/VaQYm8EQ
6nGoGvMyMUrG9M2jSYtdunJtb47pS5rFQ9Ouoz9sl3Kmum4Z3EVZngBcxQAryiQr
xgyUKYi4CnMjWh1UrnQR9zJswkZuMZr8NPB2m4YFljwwy8LHF2LOIC/o9pDRjBqW
5hmSl4OyDsQifhkSsHLjLjwvArsJsiR5pvUkOZ2jN696mrlRPcH813dL2bzlJUN6
pqhMga8aK+ne5qU1mn3+MZhZTrOdDXDmpja9yI32fadw72LbkTR3c53QP5G8H31d
gaXR80oiOCqWwnOYtw5SEYzQZYxzO9gadHvVg9XEgIwRfEUxEXfF1Wis1CtV
-----END RSA PRIVATE KEY-----

一般使用ssh-keygen 預設為產生 RFC4716 格式的key pair

RFC4716 範例

-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAACFwAAAAdzc2gtcn
NhAAAAAwEAAQAAAgEA2qKj2cwkKX7YLBNHHQiqdhVQNuBJ9Shp/PEYRgg3sx9WEnsl6Z0r
YTdOTS8LxbFlV1TKN9+daYUWj0YRfimzV27ikUfl1Q//zPB1oQw3sTzSsOXzDwsM24RaeO
hR6ZsEYczoCB3jmrz3ti8NDmJTIT9AT8z+VM8pCCGr6c6MUDlMvAJaQ7wLUufZaeUOGLxF
3IfN0m6S8xUiZffcCkRbkUCUerefiO4nLEGhsibuOCeS/Ud9hk+ef1SQVJ64mGrDwExgkM
kjUWHOVO6a5SikJoAJyMhiGsM2Qvv7N/djPPfB5qSEKH/35Gjx6eaRS1rh/ClMUSyks3y/
zd2Kie3zlH+XCabiiFQtydZv5vYguIj0sybOih3iZHQRDXMFkjBPsxrYm4DWxeRQTqbH2b
HVCHABNlLva4rjGMiz4iNbBMW6sxV7DdLNJlyUlaTVrbRFSiFZUtqIz6YpcRtF72oI5y89
JoOJUFADki0KwEXDGfg1IPJfKiW54Q+LZr6ZqwRgn/AjdgXI0oXEpzHxMdo+NO8yiMx1FM
nSoAEbjBHOBR+9tP7l6WSnFs0ZjcIBgLIGu8k+4yXOpezjp6L8CfyP72AU0lMnRgX124ir
pQvyjGP/zv/97+gWG/8fF/01bqmHIzG5cNoXfmRtW5pGoxGzjNYY7LgTl5jfnjsR17F7Nl
UAAAdQUhqcclIanHIAAAAHc3NoLXJzYQAAAgEA2qKj2cwkKX7YLBNHHQiqdhVQNuBJ9Shp
/PEYRgg3sx9WEnsl6Z0rYTdOTS8LxbFlV1TKN9+daYUWj0YRfimzV27ikUfl1Q//zPB1oQ
w3sTzSsOXzDwsM24RaeOhR6ZsEYczoCB3jmrz3ti8NDmJTIT9AT8z+VM8pCCGr6c6MUDlM
vAJaQ7wLUufZaeUOGLxF3IfN0m6S8xUiZffcCkRbkUCUerefiO4nLEGhsibuOCeS/Ud9hk
+ef1SQVJ64mGrDwExgkMkjUWHOVO6a5SikJoAJyMhiGsM2Qvv7N/djPPfB5qSEKH/35Gjx
6eaRS1rh/ClMUSyks3y/zd2Kie3zlH+XCabiiFQtydZv5vYguIj0sybOih3iZHQRDXMFkj
BPsxrYm4DWxeRQTqbH2bHVCHABNlLva4rjGMiz4iNbBMW6sxV7DdLNJlyUlaTVrbRFSiFZ
UtqIz6YpcRtF72oI5y89JoOJUFADki0KwEXDGfg1IPJfKiW54Q+LZr6ZqwRgn/AjdgXI0o
XEpzHxMdo+NO8yiMx1FMnSoAEbjBHOBR+9tP7l6WSnFs0ZjcIBgLIGu8k+4yXOpezjp6L8
CfyP72AU0lMnRgX124irpQvyjGP/zv/97+gWG/8fF/01bqmHIzG5cNoXfmRtW5pGoxGzjN
YY7LgTl5jfnjsR17F7NlUAAAADAQABAAACADe44ee9hq3ovTGmjCZTMha8YeBKk67e6Pxl
ehlHOOL3Jpm5NzVuMEMrtFIpnmd5SenTG2LYJCdjmxdS9VxhRmsPQMFkQKhn1nsmAeTU11
DdvpkFUkhQOaus9N4B3/aY4qoGblC7RWoHpV6SaVJ0Ltm3ZC2yglOdJMkEw+roEIzVvb/h
HZ5Ly9sKajf5//i/61JEbmmmct9vUIAKhtM7DtdbTTxllkxw3h0CcTKVh3taYrUYxl435p
5vMAXRGh0GgPN+w9HC4bR5J/wvf9zN2eBSG6xHnfFSNX8m96UQ8QL15j5hSamEy+oz8Qv7
DqbU9+mroN7DcQqpzbyrLQbwVXbXrc6cuaB7OhTb3Bp6iPYyxzJw7fK+LYp+jok15wlr9L
M6UkKsvZCJ5H1CJe/wga0EySsw3FuynzOJmBqj4a9xVkAXzrK0p17nkmxiACu31sG9VSgW
kFlHmnzVGbpRBpJqeY0+iQQNLw+9Qh8KAs99DEZeCDuE2vtCf3NNSUQT+P/WQrvdIJti+A
u1OeqVQ/VfWb5DwDC38weAdtpbd7V2SgDDOOThSoB7+l/Wzc2JVKoAH7lbKGu5KvfSiTXN
gDAD89McRTJvc4Pd465XWIN+o4ffIPKI8auzyAnzB8aCurqW2mbBfrqhTHlJTLvqB8DHtq
0OG91oqg8hYzONiKrBAAABAQDNiaCOChMT6X4QBDX/VaQYm8EQ6nGoGvMyMUrG9M2jSYtd
unJtb47pS5rFQ9Ouoz9sl3Kmum4Z3EVZngBcxQAryiQrxgyUKYi4CnMjWh1UrnQR9zJswk
ZuMZr8NPB2m4YFljwwy8LHF2LOIC/o9pDRjBqW5hmSl4OyDsQifhkSsHLjLjwvArsJsiR5
pvUkOZ2jN696mrlRPcH813dL2bzlJUN6pqhMga8aK+ne5qU1mn3+MZhZTrOdDXDmpja9yI
32fadw72LbkTR3c53QP5G8H31dgaXR80oiOCqWwnOYtw5SEYzQZYxzO9gadHvVg9XEgIwR
fEUxEXfF1Wis1CtVAAABAQD6u1fefxvOciFvH4VpT6io0iw+/n+KCU98xoIBloj8dsSQnx
vff9w9q7cvJ1swSR47pcaRoUEqdZbKCAws5DtKztf0F+1+R4jwOrTGvXlXZlK2ks8f4b56
HxppxgaLsgEHrP8iuI+wr2HNqTjsUs2gE/8XWES3Ukbpv1v3IhK7UniOSMsKIfiiiJFvaU
rbdizAIsZiDqi7xcBAJ159CCrmizP9OGgLbsJumODmuRlRk17hUq+Iw8P2/tSjcc+4AZ3v
gSxq2Ek1nHwzok+jz4TYG4rBftPJUVJHbSHw0/+aVkuaFSixrurAFsHb47msFM38w6+iEf
+yR3kVTie/It7FAAABAQDfOqdOeh6S2A6CnHjtvDjRG9daU7OkqCoZj5wghVizn4/CjsKr
MNo9n+4ZRgEwZe1yWbCOMrUBhu6h/zGKEcO3jtj/x3oXtHHGJQCaOE1/jDmE8ISvA1Xlrf
lUgTDQt0Ai36g6PAOkehPUXvbwsvYStB+JW5Ex6xZQ+fqdGIS5mOSdmpH43tTOQuUb78YG
Y/CHuV6OKlWtCW8YglmnzrZYCuY0XjghbOc4nhMNMRJP6QE10Q0F3U2e65FsX6E8ep2UgT
WP5msziyX1Y+ErZlinBPNLV81joL7IY8jJsubUMfDXdjdUseWvS5JgBS+0IMOMDJ/yHNIe
TJ5rgrgDM3JRAAAAE2hjY0BidWlsZGtpdHNhbmRib3gBAgMEBQYH
-----END OPENSSH PRIVATE KEY-----

RFC4716 to PEM

ssh-keygen -p -f ~/.ssh/id_rsa -m PEM

實測下 RFC4716 與 PEM 無論哪種格式都可以作為私鑰檔案進行ssh登錄, 本以為會有格式上問題
例如遠端主機為 RFC4716 public key 若登錄用 pem 的 private key, 是可以成功登陸的

Twitter Facebook LinkedIn

You May Also Enjoy

[筆記] Terragrunt 基礎使用

3 minute read

也運行了幾個月了, 紀錄一下理解與基礎用法

[筆記] LVM & Storage Pool 初始化設定

5 minute read

硬碟分區+ LVM + storage pool 設定流程

[筆記] cerbot 基礎使用

4 minute read

免費仔的SSL好夥伴

[筆記] Squid 基礎使用

1 minute read

主要用來做 forward proxy