如果您希望远程连接到计算机,最好和最安全的方法之一是使用安全外壳(Shell)( SSH ) 连接。这会在您和远程主机之间创建加密连接,确保发送的数据不会被截获或以任何方式监控。
您也可以将SSH用作其他流量的隧道,例如通过 SSH 的安全 VNC 连接(secure VNC connection over SSH)。使SSH连接更加安全的一种方法是使用SSH密钥,它用 617 位加密密钥代替了可能容易破解的密码。下面介绍如何在Windows、Mac和Linux计算机上生成新的SSH密钥。
什么是 SSH 密钥?(What Are SSH Keys?)
SSH密钥允许您使用(SSH)Secure Shell协议在不使用密码的情况下创建与远程服务器或 PC 的安全连接。SSH密钥是成对创建的,一个私有密钥和一个公共密钥保持连接——一个不能在没有另一个的情况下使用。
在大多数情况下,公钥保留在远程 PC 或服务器上以加密连接。然后使用私钥对该远程设备进行身份验证,允许您在不提供密码的情况下连接和使用它。
(Public)SSH公钥和私钥是同一个整体的两个部分——没有私钥,您无法使用公钥进行身份验证并建立连接,没有公钥,私钥将毫无用处。您可以在Windows(Windows)、Mac和Linux上生成新的SSH密钥,然后将公钥(public )传输到远程设备。
然后将私钥(private)安全地存储在您的 PC 或Mac上。安全地保存此密钥的副本很重要(例如,使用密码管理器(password manager))。如果丢失,您可能无法重新建立远程连接。
同样重要的是不要与他人共享您的公钥或私钥,尤其是您的私钥(或可能解密它的密码)。有了私钥,流氓用户将能够与您的远程设备建立连接,而无需任何额外的身份验证。
如何使用 Windows 生成 SSH 密钥(How to Use Windows to Generate SSH Keys)
您可以使用Windows使用内置的OpenSSH客户端或流行的第三方PuTTY客户端生成SSH密钥。如果您更喜欢使用图形用户界面 ( GUI ) 创建新的SSH密钥,PuTTY是最佳选择。如果您更愿意使用内置软件,那么请改用OpenSSH(通过Windows PowerShell)。
通过 Windows PowerShell 使用 OpenSSH(Using OpenSSH via Windows PowerShell)
- 如果您想使用OpenSSH,您需要首先检查它是否已启用。为此,请右键单击“开始(Start)”菜单并选择“设置”(Settings)。
- 在设置(Settings)菜单中,选择应用程序(Apps )>应用程序和功能(Apps & features )>可选功能(Optional features)。
- 查看OpenSSH 客户端(OpenSSH Client)条目的可选功能(Optional features)菜单。如果不存在,请选择Add a feature。
- 选择OpenSSH Client选项,然后选择Install进行安装。让Windows(Windows)稍等片刻来安装所需的软件。如果您想使用SSH连接到您的Windows PC,请确保也选择OpenSSH Server选项。
- 安装OpenSSH后(OpenSSH),右键单击开始(Start)菜单并选择Windows PowerShell (Admin)。
- 在新的Windows PowerShell窗口中,键入ssh-keygen并选择回车(enter )键。此时您可以为您的密钥键入一个新的保存位置和文件名,或者只需再次按回车(enter)键将您的文件保存在C:\Users\user\.ssh\ 文件夹中(将用户(user)替换为您自己的用户目录)。
ssh-keygen 工具将默认使用RSA加密,但您可以通过键入ssh-keygen -t method来切换到另一种加密形式,将method替换为可用的加密选项之一(dsa、ecdsa、ed25519、rsa)。
- 接下来,您将需要输入密码。这会在您的 PC 上加密您的私钥,通常建议这样做,尽管它不是必需的。您可以使用容易记住的单词或短语,但您也可以在此处使用安全密码。(use a secure password)输入(Type)您的密码并选择enter进行确认,或者将其留空并选择enter将其留空。
- 添加密码后,Windows将在(Windows)C:\Users\user\.ssh\ 文件夹中生成所需的密钥(将user替换为您自己的用户文件夹名称)。如果您选择使用默认文件名,则id_rsa.pub文件是您的公钥,而id_rsa(没有扩展名)是您的私钥。一旦您生成了您的密钥,您需要移动您的公钥密钥 ( id_rsa.pub ) 到远程 PC、Mac或服务器上的.ssh目录。(.ssh)
使用腻子(Using PuTTY)
众所周知的PuTTY SSH客户端是大多数Windows用户的默认客户端。它包括其他几个用于建立SSH连接的工具,包括PuTTYgen,一个用于生成新SSH密钥的工具。
- 要使用PuTTY生成SSH密钥,请为您的 PC 下载 PuTTY(download PuTTY for your PC)并安装它。安装后,从Start菜单启动PuTTYgen(包含的SSH生成器工具),从Type of key to generate选项中选择(Type of key to generate)RSA,然后选择Generate。您也可以选择一种替代加密选项,但以下步骤可能会有所不同。
- 生成密钥的部分过程是随机移动鼠标。使用鼠标或触控板在进度条正下方的区域执行此操作,直到生成密钥对。
- 如果您想为您的密钥添加密码短语,请在“密钥密码短语(Key passphrase )”和“确认密码短语(Confirm passphrase)”框中输入此密码,然后选择“保存公钥(Save public key)”和“保存私钥(Save private key)”以保存您的密钥。您还可以在Public key for pasteing into OpenSSH authorized_keys(Public key for pasting into OpenSSH authorized_keys )框中选择文本,然后右键单击并选择Copy以手动将其复制并粘贴到文件中。
- 保存密钥后,您可以将公钥(public key )移动到远程 PC、Mac或服务器。对于您的private key,您可能需要将其移动到您的C:\Users\user\.ssh\文件夹(将user替换为您的正确用户目录)以将其与您首选的SSH客户端一起使用。
如何在 Linux 或 Mac 上生成 SSH 密钥(How to Generate SSH Keys on Linux or Mac)
OpenSSH是用于(OpenSSH)SSH管理的黄金标准工具集,与Windows版本一样,ssh-keygen工具仍然是在(ssh-keygen)Mac或Linux计算机上生成新SSH密钥的最佳方式。
因此,用于生成SSH密钥的(SSH)GUI工具很少见,通常不推荐使用。由于所有Mac计算机和几乎所有 Linux 发行版(all Linux distributions)都包含OpenSSH工具,因此以下步骤应该适用于这两个平台。
- 首先,在您的 Linux PC 或Mac上打开一个新的终端窗口。如果您想使用Mac生成SSH密钥,您可以使用Launchpad 启动(Launchpad)终端(Terminal)应用程序。在Linux(Linux) PC上打开新终端的步骤会有所不同,具体取决于您的发行版。
- 在 Linux PC 或Mac上的新终端窗口中,键入ssh-keygen并选择回车(enter )键。与Windows上的ssh-keygen一样,Linux和Mac版本默认使用RSA加密。如果您更喜欢使用其他形式的加密,请键入ssh-keygen -t 方法,(ssh-keygen -t method, )将方法(method)替换为您希望使用的加密形式(例如dsa、ecdsa、ed25519、rsa)。
- 接下来,您需要确定要保存新SSH密钥的位置——默认文件名和位置将显示在终端窗口的圆括号中。如果您想将密钥保存在其他地方并使用不同的文件名,请在此处键入新位置和文件名,然后选择回车(enter )键。
- 接下来,您需要输入密码来加密您的私钥(如果您想使用一个)。输入您的密码两次,或选择两次输入(enter)以将密码留空(尽管不推荐这样做)。
- 此时,您的SSH密钥将在您指定的保存位置生成,并使用默认的id_rsa文件名进行 RSA 加密(公钥为id_rsa.pub ,私钥为(id_rsa.pub)id_rsa)。您需要将您的公钥 ( id_rsa.pub ) 移动到您的远程 PC、Mac或服务器,以便能够使用SSH建立连接。
使用 SSH 建立安全连接(Making Secure Connections Using SSH)
生成SSH密钥后,您需要确保将公钥复制到远程 PC、Mac或服务器。这与您的私钥相关联,允许您首选的SSH客户端无需典型密码即可建立安全的SSH连接。(SSH)例如,您可以使用 SSH 远程连接到另一台 Mac(use SSH to connect to another Mac remotely)。
安全 SSH(Secure SSH)连接还可以帮助您使用SSH隧道绕过学校或工作场所的防火墙。(get around a school or workplace firewall)您还可以使用SSH连接(和更新)Raspberry Pi(connect to (and update) a Raspberry Pi)或其他基于 Linux 的 PC 和服务器。但是,如果您想在Windows 10上执行此操作,您需要确保启用OpenSSH服务器。
How to Generate SSH Keys on Windows, Mac and Linux
If you’re lookіng to connect remotely to a computer, one of the best and most secure methods is to use a Secure Shell (SSH) connection. This creates an encrypted connectiоn between you and the remote hоst, ensuring that the data being sеnt cаn’t be intercepted or monitored in any way.
You can use SSH as a tunnel for other traffic, too, such as a secure VNC connection over SSH. One way you can make your SSH connections even safer is to use SSH keys, which replaces potentially easy-to-crack passwords with a 617-digit encryption key. Here’s how to generate new SSH keys on Windows, Mac, and Linux computers.
What Are SSH Keys?
SSH keys allow you to create secure connections to remote servers or PCs without using a password using the Secure Shell protocol. SSH keys are created in pairs, with a private key and a public key that remain connected—one can’t be used without the other.
In most cases, the public key remains on the remote PC or server to encrypt the connection. The private key is then used to authenticate with that remote device, allowing you to connect and use it without supplying a password.
Public and private SSH keys are two parts of the same whole—without the private key, you can’t authenticate with the public key and establish a connection, and without the public key, the private key is useless. You can generate new SSH keys on Windows, Mac, and Linux, then transfer the public key to the remote device.
The private key is then stored safely on your PC or Mac. It’s important to save a copy of this key securely (for instance, using a password manager). If you lose it, you may not be able to re-establish your remote connections.
It’s also important not to share either your public or private key with others, but especially your private key (or the passphrase that may decrypt it). With the private key at their disposal, a rogue user will be able to establish a connection to your remote device without requiring any additional authentication.
How to Use Windows to Generate SSH Keys
You can use Windows to generate SSH keys using the built-in OpenSSH client or the popular, third-party PuTTY client. If you’d prefer to use a graphical user interface (GUI) to create new SSH keys, PuTTY is the best option. If you’d rather use built-in software, then use OpenSSH (via the Windows PowerShell) instead.
Using OpenSSH via Windows PowerShell
- If you want to use OpenSSH, you’ll need to first check that it’s enabled first. To do this, right-click the Start menu and select Settings.
- In the Settings menu, select Apps > Apps & features > Optional features.
- Look through the Optional features menu for the OpenSSH Client entry. If it isn’t there, select Add a feature.
- Select the OpenSSH Client option, then select Install to install it. Allow a few moments for Windows to install the required software. If you want to use SSH to connect to your Windows PC, make sure to select the OpenSSH Server option, too.
- With OpenSSH installed, right-click the Start menu and select Windows PowerShell (Admin).
- In the new Windows PowerShell window, type ssh-keygen and select the enter key. You can type a new save location and filename for your key at this point, or simply press enter a second time to save your files in the C:\Users\user\.ssh\ folder (replacing user with your own user directory).
The ssh-keygen tool will use RSA encryption by default, but you can switch to another form of encryption by typing ssh-keygen -t method instead, replacing method with one of the available encryption options (dsa, ecdsa, ed25519, rsa).
- Next, you’ll be required to enter a passphrase. This encrypts your private key on your PC and is typically recommended, although it isn’t required. You can use a memorable word or phrase, but you can also use a secure password here instead. Type in your passphrase and select enter to confirm, or simply leave it blank and select enter to leave it blank.
- Once you’ve added your passphrase, Windows will generate the required keys in the C:\Users\user\.ssh\ folder (replacing user with your own user folder name). If you select to use the default filename, the id_rsa.pub file is your public key, while id_rsa (with no extension) is your private key. Once you’ve generated your keys, you’ll need to move your public key (id_rsa.pub) to the .ssh directory on your remote PC, Mac, or server.
Using PuTTY
The well-known PuTTY SSH client is the default client for most Windows users. It includes several other tools for establishing SSH connections, including PuTTYgen, a tool for generating new SSH keys.
- To use PuTTY to generate your SSH keys, download PuTTY for your PC and install it. Once installed, launch PuTTYgen (the included SSH generator tool) from the Start menu, select RSA from the Type of key to generate options, then select Generate. You can also select one of the alternative encryption options, but the steps below may vary.
- Part of the process of generating your keys is to move your mouse randomly. Use your mouse or trackpad to do this in the area immediately below the progress bar until the key pair is generated.
- If you want to add a passphrase to your keys, type this in the Key passphrase and Confirm passphrase boxes, then select Save public key and Save private key to save your keys. You can also select the text in the Public key for pasting into OpenSSH authorized_keys box, then right-click and select Copy to copy and paste it into a file manually.
- With your keys saved, you can then move the public key to your remote PC, Mac, or server. For your private key, you may need to move this into your C:\Users\user\.ssh\ folder (replacing user with your correct user directory) to use it with your preferred SSH client.
How to Generate SSH Keys on Linux or Mac
OpenSSH is the gold standard set of tools for SSH management and, just like the Windows version, the ssh-keygen tool remains the best way to generate new SSH keys on Mac or Linux computers.
As a consequence, GUI tools for generating SSH keys are rare and not typically recommended. As the OpenSSH tools are included with all Mac computers and with almost all Linux distributions, the steps below should work for both platforms.
- To begin, open a new terminal window on your Linux PC or Mac. If you want to use your Mac to generate SSH keys, you can launch the Terminal app using the Launchpad. The steps for opening a new terminal on a Linux PC will vary, depending on your distribution.
- In the new terminal window on your Linux PC or Mac, type ssh-keygen and select the enter key. As with ssh-keygen on Windows, the Linux and Mac version defaults to using RSA encryption. If you’d prefer to use another form of encryption, type ssh-keygen -t method, replacing method with the form of encryption you wish to use (eg. dsa, ecdsa, ed25519, rsa).
- You’ll next need to determine where you’d like to save the new SSH keys—the default file name and location will be shown in round brackets in the terminal window. If you want to save your keys somewhere else and with a different filename, type a new location and file name here, then select the enter key.
- Next, you’ll need to type a passphrase to encrypt your private key (if you’d like to use one). Type your passphrase twice, or select enter twice to leave the passphrase blank (although this isn’t recommended).
- At this point, your SSH keys will be generated in the save location you specified and using the default id_rsa filename for RSA encryption (id_rsa.pub for the public key and id_rsa for the private key). You’ll need to move your public key (id_rsa.pub) to your remote PC, Mac, or server to be able to establish your connection using SSH.
Making Secure Connections Using SSH
Once you’ve generated your SSH keys, you’ll need to make sure to copy the public key to your remote PC, Mac, or server. This links with your private key, which allows your preferred SSH client to establish secure SSH connections without a typical password. For instance, you could use SSH to connect to another Mac remotely.
Secure SSH connections can also help you get around a school or workplace firewall using an SSH tunnel. You can also use SSH to connect to (and update) a Raspberry Pi or other Linux-based PCs and servers. You’ll need to make sure you enable the OpenSSH server if you want to do this on Windows 10, however.