如何为 EC2 配置ssh-rsa加密

Question

【以下的问题经过翻译处理】 我想为t2.micro、OpenSSH\_8.7p1配置ssh-rsa加密。步骤如下：

1. 使用sudo vim /etc/ssh/sshd\_config命令打开配置文件，结果如下：

```
Include /etc/ssh/sshd_config.d/*.conf
AuthorizedKeysFile .ssh/authorized_keys
Subsystem sftp  /usr/libexec/openssh/sftp-server
AuthorizedKeysCommand /opt/aws/bin/eic_run_authorized_keys %u %f
AuthorizedKeysCommandUser ec2-instance-connect
PasswordAuthentication no
PubkeyAuthentication yes
HostKeyAlgorithms +ssh-rsa
HostbasedAcceptedAlgorithms +ssh-rsa,ssh-ed25519
PubkeyAcceptedAlgorithms +ssh-rsa
HostbasedAcceptedKeyTypes ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
```

2. 使用sudo systemctl restart sshd命令重启SSH服务。

3. 使用sudo sshd -T | grep "key"命令检查配置结果，结果如下：

```
pubkeyauthentication yes
gssapikeyexchange no
gssapistorecredentialsonrekey no
trustedusercakeys none
revokedkeys none
securitykeyprovider internal
authorizedkeyscommand /opt/aws/bin/eic_run_authorized_keys %u %f
authorizedkeyscommanduser ec2-instance-connect
hostkeyagent none
hostkeyalgorithms ecdsa-sha2-nistp256,ecdsa-sha2-nistp256-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01

Answer

【以下的回答经过翻译处理】 已解决：
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.backup
echo "PubkeyAcceptedAlgorithms ssh-ed25519,ecdsa-sha2-nistp256,rsa-sha2-512" | sudo tee /etc/ssh/sshd_config

如何为 EC2 配置ssh-rsa加密

関連するコンテンツ