问题
I have asked users for their public "id_rsa.pub" ssh key, that I then place in "/home/theiraccount/.ssh/authorized_keys", so they can login to the server by SSH. I'd like to automate this process.
Is there anyway to sanity check the string they give me (programmatically or otherwise)? I want to verify that sshd can read the text and that it actually looks like a valid public key (and hasn't been corrupted)?
Put another way, what is the format of the id_rsa.pub file? If someone enters it in a field what can I write in the form handler script to verify that it is complete and correct?
回答1:
ssh-keygen can be used to calculate the fingerprint of a key file, which will fail if you don't pass it a key:
ssh-keygen -l -f id_rsa.pub
Another possibility would be ssh-vulnkey, that would have the advantage of checking the keys against the blacklist of known compromised keys at the same time.
来源:https://stackoverflow.com/questions/16336169/sanity-check-ssh-public-key