我在数字海洋上为我的Droplet创建了一个ssh密钥 . 几天后我从security page删除了密钥,但仍然可以使用该密钥使用putty ssh . 是否有必要从authorized_keys文件中删除密钥 . 如果是这样,那么在上述安全页面上添加/删除ssh密钥到droplet的用途是什么?
数码海洋的问题 - https://www.digitalocean.com/community/questions/how-to-remove-ssh-keys-for-the-droplet
我在数字海洋上为我的Droplet创建了一个ssh密钥 . 几天后我从security page删除了密钥,但仍然可以使用该密钥使用putty ssh . 是否有必要从authorized_keys文件中删除密钥 . 如果是这样,那么在上述安全页面上添加/删除ssh密钥到droplet的用途是什么?
数码海洋的问题 - https://www.digitalocean.com/community/questions/how-to-remove-ssh-keys-for-the-droplet
1 回答
正如digital tutorial page所说"You can create new DigitalOcean droplets with an SSH key already set up on them by adding your computer’s SSH key to the control panel." .
要为Droplet设置ssh密钥,需要将新创建的密钥添加到Droplet的控制面板 .
即使从安全页面删除了ssh,您也可以访问Droplet,因为现在ssh也位于droplet的〜/ .ssh /文件夹(远程计算机)中 .
To authenticate using SSH keys, a user must have an SSH key pair on their local computer. On the remote server, the public key must be copied to a file within the user's home directory at ~/.ssh/authorized_keys. This file contains a list of public keys, one-per-line, that are authorized to log into this account. When a client connects to the host, wishing to use SSH key authentication, it will inform the server of this intent and will tell the server which public key to use. The server then check its authorized_keys file for the public key, generate a random string and encrypts it using the public key.因此,必须从authorized_keys文件中删除密钥以停止对远程计算机的ssh访问 .
在Droplet创建安全页面列出密钥之后,只显示您用于所有Droplet的所有ssh密钥 . 从安全页面删除它们不会禁止您访问Droplet .