这是我用来帮助调试 OSX Mojave 10.14.5 上的 openssl 和/或 ssh 问题的测试脚本,其中安装了 brew 版本的 openssl 和 openssh
> brew info openssh | head -1
stable 8.0p1 (bottled)
> brew info openssl | head -1
stable 1.0.2r (bottled) [keg-only]
> ssh -V
OpenSSH_7.9p1, LibreSSL 2.7.3
> openssl version
LibreSSL 2.6.5
> ! test -f /tmp/foo || rm /tmp/foo &&
ssh-keygen -f /tmp/foo -t rsa -P "" -N "" &&
openssl rsa -in /tmp/foo
Generating public/private rsa key pair.
Your identification has been saved in /tmp/foo.
Your public key has been saved in /tmp/foo.pub.
The key fingerprint is:
SHA256:iZMoPkGh4wkPvMOfV5KSEVFOLc9Dc8zmBvbhdE4d+Rs jon_upowr@greywedge3.lan
The key's randomart image is:
+---[RSA 2048]----+
| .ooo. o ..o |
|.. .+. * B o o |
|=... .* X = . |
|+=o o..* * . E |
| *+o.o+.S o|
| .ooo o. . |
| oo . |
| .. |
| |
+----[SHA256]-----+
unable to load Private Key
4643780204:error:09FFF06C:PEM routines:CRYPTO_internal:no start line:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.260.1/libressl-2.6/crypto/pem/pem_lib.c:683:Expecting: ANY PRIVATE KEY
key 与此类似(不,这不是我将使用的 key ):
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn
NhAAAAAwEAAQAAAQEA3FGfR9sL6p0HWfq0UWUNQmFszkqipVMsM3J23oJjcvnJJIx72X3F
9xbBZQ+6JuUpD6ME32DE3aFGmsrkDa+cE/wD6lj5ey9ORTCFri3QM57sFwQhXl48hvpXF/
zHXpVJv/BdtiQFJwTuEbkcNfHDvyK7WIJjuS1kF+v2dX/PypzhszoZmEB9vK1s9bMEyclb
toXwWnoMW/bRmv484adIM5G+LhRF5nvtWSu0oRRF0KKpogCvfWyckKCcDQH9/DNwtXSmzE
cVUmUdESlUNrD8tJdI9+G/hldym1zjB0q2ai/97y8Y8OG7mxkpJNEYw/oxFc7g1BEenQf0
6GzPWQfIiwAAA9AmUmlFJlJpRQAAAAdzc2gtcnNhAAABAQDcUZ9H2wvqnQdZ+rRRZQ1CYW
zOSqKlUywzcnbegmNy+ckkjHvZfcX3FsFlD7om5SkPowTfYMTdoUaayuQNr5wT/APqWPl7
L05FMIWuLdAznuwXBCFeXjyG+lcX/MdelUm/8F22JAUnBO4RuRw18cO/IrtYgmO5LWQX6/
Z1f8/KnOGzOhmYQH28rWz1swTJyVu2hfBaegxb9tGa/jzhp0gzkb4uFEXme+1ZK7ShFEXQ
oqmiAK99bJyQoJwNAf38M3C1dKbMRxVSZR0RKVQ2sPy0l0j34b+GV3KbXOMHSrZqL/3vLx
jw4bubGSkk0RjD+jEVzuDUER6dB/TobM9ZB8iLAAAAAwEAAQAAAQBzm2zeEqXlHTLfVztJ
PqI/g8nJUcaYw9T8xgJz7a1rhoCyafkO/f1kE4+1jRQcFsF+EAedgzSqK1dWIEKcn9phbi
tLzBZVOlRy3+w1opqOi8TMqwEreH2AQlpzHtQq4GFLk0BJNAt0FxUpPZ38/Hi/keUGo5za
bWQJXWr86u1JHiGA9D6XQU4/KrsJ4UqSvy3QGyZa+ypJII9mV9deK50pgHVlX6S/+8FubC
c9okRiQAhfAdGMYzMgoE4auRZ5rsZkVT4DCOagetuug/Hk9oh1JbkEazEKz3w1SFm5lJVF
/A6/MNPT52RCQtEDAM7MrWYVP2XIaTw89R5ujMPebQNhAAAAgGbNxMyIXrul5FXJvsfHnh
mtfa4DZDIQ4fQ3c79NwhxS7RdSVRO3gzxbmGOQJfFWC73z/zvbMFlpKp17lGz4GWiBm9x8
3OS5ohRL2S5VmLMSMb2zNjyvYr7uK9E0WLt19Imo6rlOkw81mJ90GcSVx/byHXnu5bSjtD
2o5uyKURL/AAAAgQD6xwksyTYXC8BuvmiKxs/RbRUKvsrCNCWccBqndm6vfq8LrNoLD920
d+VXobe2sW/JyaknG82sutUPKhTwEhezKcZ2dqce/yJ/+y5R29fd/AuRFVfZOHPTy6hKKZ
HpJRSDHsZZkA74OYsz7ZLMNnqEa2fh39isO51gl1qOp5gY+wAAAIEA4Ogz75bUdsCUxvmk
iJ3vmROTIxEbNtueflwrBzgG9LG3lLyM4eAAYPz8RAvGV3MySgO5vY+7e0/Nkdn90TsR75
ALpChIWnwSyH2OFP717vu8dFtufIs9mzAPPt+JNj6RnzE3nY23xtDBi1/6xhdbbiTi4+Nd
2Woyp8N1QgvqGbEAAAAYam9uX3Vwb3dyQGdyZXl3ZWRnZTMubGFuAQID
-----END OPENSSH PRIVATE KEY-----
在生成的私钥中用 RSA 替换 OPENSSH 对练习的成功没有影响。
如果我在 debian docker 镜像上尝试相同的操作序列,ssh 生成的 key 可以被运行在同一平台上的 openssl 成功读取。
我期望这也适用于 OSX 是不合理的吗?如果是这样,出了什么问题?
编辑:在我现在删除的示例中,我有一个虚假的 -o 选项。
最佳答案
问题是 OSX Mojave 上 ssh-keygen 的默认行为现在与 Linux 上的不同。特别是,ssh-keygen 在 OSX 上默认生成 OPENSSH 私钥,但在 Linux 上默认生成 RSA 私钥。
通过添加 -m PEM
,可以在两种环境中保证相同的行为。到 ssh-keygen 参数。
感谢 James K Polk引导我朝着正确的方向前进,还有这个 answer .
关于openssl - 为什么 openssl 无法读取 OSX 上由 openssh 创建的 ssh 私钥,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/56473553/