age \u3068\u3044\u3046\u6697\u53f7\u5316\u30c4\u30fc\u30eb\u3092\u77e5\u308a\u307e\u3057\u305f\uff0e\u3053\u306e age \u3067\u306f ssh \u306e\u516c\u958b\u9375\u3092\u4f7f\u3063\u3066\u6697\u53f7\u5316\uff0c\u79d8\u5bc6\u9375\u3067\u5fa9\u53f7\u5316\u304c\u51fa\u6765\u308b\u306e\u304c\u9762\u767d\u305d\u3046\u306a\u306e\u3067\u5c11\u3057\u8a66\u3057\u3066\u307f\u307e\u3057\u305f\uff0e
\n![\"logo\"/](\"https://github.com/FiloSottile/age/raw/main/logo/logo.svg\"){kind=logo}
\n
\u4eca\u56de\u306f Upstream \u3068\u30d0\u30fc\u30b8\u30e7\u30f3\u306f\u540c\u3058\u3060\u3057 Raspberry Pi OS bookworm armhf \u306e\u30d1\u30c3\u30b1\u30fc\u30b8\u3092\u5229\u7528\u3057\u307e\u3057\u305f\uff0e
\ngo install \u3067\u306e\u5c0e\u5165\u3082 Go \u304c\u5165\u3063\u3066\u3044\u308c\u3070\u7c21\u5358\uff0cGitHub \u306e releases \u306b\u3082\u3044\u304f\u3064\u304b\u306e\u30d0\u30a4\u30ca\u30ea\u304c\u3042\u308a\u307e\u3059\uff0e
\n\u305d\u306e\u4ed6\u5404\u7a2e\u74b0\u5883\u306b\u3082\u30d1\u30c3\u30b1\u30fc\u30b8\u304c\u3042\u308b\u3088\u3046\u3067\u3059\uff0e
$ sudo apt install age\n$ age --version\n1.1.1\n$ dpkg-query -W age\nage 1.1.1-1+b3\n$ age\nUsage:\n age [--encrypt] (-r RECIPIENT | -R PATH)... [--armor] [-o OUTPUT] [INPUT]\n age [--encrypt] --passphrase [--armor] [-o OUTPUT] [INPUT]\n age --decrypt [-i PATH]... [-o OUTPUT] [INPUT]\n\nOptions:\n -e, --encrypt Encrypt the input to the output. Default if omitted.\n -d, --decrypt Decrypt the input to the output.\n -o, --output OUTPUT Write the result to the file at path OUTPUT.\n -a, --armor Encrypt to a PEM encoded format.\n -p, --passphrase Encrypt with a passphrase.\n -r, --recipient RECIPIENT Encrypt to the specified RECIPIENT. Can be repeated.\n -R, --recipients-file PATH Encrypt to recipients listed at PATH. Can be repeated.\n -i, --identity PATH Use the identity file at PATH. Can be repeated.\n\nINPUT defaults to standard input, and OUTPUT defaults to standard output.\nIf OUTPUT exists, it will be overwritten.\n\nRECIPIENT can be an age public key generated by age-keygen (\"age1...\")\nor an SSH public key (\"ssh-ed25519 AAAA...\", \"ssh-rsa AAAA...\").\n\nRecipient files contain one or more recipients, one per line. Empty lines\nand lines starting with \"#\" are ignored as comments. \"-\" may be used to\nread recipients from standard input.\n\nIdentity files contain one or more secret keys (\"AGE-SECRET-KEY-1...\"),\none per line, or an SSH key. Empty lines and lines starting with \"#\" are\nignored as comments. Passphrase encrypted age files can be used as\nidentity files. Multiple key files can be provided, and any unused ones\nwill be ignored. \"-\" may be used to read identities from standard input.\n\nWhen --encrypt is specified explicitly, -i can also be used to encrypt to an\nidentity file symmetrically, instead or in addition to normal recipients.\n\nExample:\n $ age-keygen -o key.txt\n Public key: age1ql3z7hjy54pw3hyww5ayyfg7zqgvc7w3j2elw8zmrj2kg5sfn9aqmcac8p\n $ tar cvz ~/data | age -r age1ql3z7hjy54pw3hyww5ayyfg7zqgvc7w3j2elw8zmrj2kg5sfn9aqmcac8p > data.tar.gz.age\n $ age --decrypt -i key.txt -o data.tar.gz data.tar.gz.age\n
age-keygen \u30b3\u30de\u30f3\u30c9\u3067 age \u7528\u306e\u9375\u30da\u30a2\u304c\u751f\u6210\u3067\u304d\u307e\u3059\uff0e public key \u3092\u5171\u6709\u3057\u307e\u3059\uff0e
$ age-keygen -o key.txt\nPublic key: age1asle7pc9uj5n3fxamxst286ejh24yv5nut0qtedmadsxdm38egvs6ez9jr\n$ cat key.txt\n# created: 2024-03-30T04:44:49+09:00\n# public key: age1asle7pc9uj5n3fxamxst286ejh24yv5nut0qtedmadsxdm38egvs6ez9jr\nAGE-SECRET-KEY-1VZVZ0VXNSP7D3XN6X545MT7EX89S2Z7F68G6CG0RZ9WKMGN0CW4STSVM26\n$ age-keygen -o key2.txt\nPublic key: age1vz7kedcgzvzk4n4ke50wdxthll9g3muhgwlv3vz37g926frzjvvst777qe\n
age public key \u3067\u6697\u53f7\u5316\uff0cage secret key \u3067\u5fa9\u53f7\u5316\u3057\u307e\u3059\uff0e
$ echo 'plain' > data\n$ age -o data.age -r age1asle7pc9uj5n3fxamxst286ejh24yv5nut0qtedmadsxdm38egvs6ez9jr data (1)\n$ age --decrypt -i key.txt -o - data.age (2)\nplain\n$ age -o data.age -r age1asle7pc9uj5n3fxamxst286ejh24yv5nut0qtedmadsxdm38egvs6ez9jr \\\n -r age1vz7kedcgzvzk4n4ke50wdxthll9g3muhgwlv3vz37g926frzjvvst777qe data (3)\n$ age --decrypt -i key.txt -o - data.age (4)\nplain\n$ age --decrypt -i key2.txt -o - data.age (5)\nplain\n
$ age --passphrase -o data.age data (1)\nEnter passphrase (leave empty to autogenerate a secure one):\nConfirm passphrase:\n$ age --passphrase -o data.age data (2)\nEnter passphrase (leave empty to autogenerate a secure one):\nage: using autogenerated passphrase \"resist-host-rabbit-rapid-choose-slender-legal-ramp-forward-scare\"\n$ age --passphrase --armor data (3)\nage: using autogenerated passphrase \"what-open-rifle-junior-meadow-grass-hurdle-cigar-hybrid-slide\"\n-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNjcnlwdCBxcGxLRjNySGliS3ZyUmUz\nTm5MMnVRIDE4ClQzVUhlUmJlSGQrSmdUcU1xaEo0ZkFUcGpLWGZpUnBEbjNPbDMy\nWDk4ZHcKLS0tIFRic2twRVFOVkJ3a2Y3UWZ3WEdxcG5iSi9qWk5TU1UydWllVG1G\nNlBmMkkKh1ok+t0EGZrBXEQujdb6JQLcIGyZXcnvJrAetajKdVImFUCHXu0=\n-----END AGE ENCRYPTED FILE-----\n
$ age --decrypt -o - ./data.age\nEnter passphrase:\nplain\n$ echo '-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNjcnlwdCBxcGxLRjNySGliS3ZyUmUz\nTm5MMnVRIDE4ClQzVUhlUmJlSGQrSmdUcU1xaEo0ZkFUcGpLWGZpUnBEbjNPbDMy\nWDk4ZHcKLS0tIFRic2twRVFOVkJ3a2Y3UWZ3WEdxcG5iSi9qWk5TU1UydWllVG1G\nNlBmMkkKh1ok+t0EGZrBXEQujdb6JQLcIGyZXcnvJrAetajKdVImFUCHXu0=\n-----END AGE ENCRYPTED FILE-----' | age --decrypt -o -\nEnter passphrase:\nplain\n
\u3053\u308c\u3092\u8a66\u3057\u305f\u304b\u3063\u305f\u306e\u3067\u3057\u305f\uff0e
\n$ age --armor -R ~/.ssh/id_ed25519.pub data\n-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGVSY0tCZyBZRUJD\nNUZ6OWpQWDlzK2JKbmszaVp1ak9TQ0NZWkxoM0JuRlhtTm1hNVdFCjZqV0RlRldI\ncjY4TDJJR1hRckxNUkw2QmoreGVoRURzRGhRYllZUjBXck0KLS0tIEJBaFVXa3J0\nRHFobkVzUnRLaDZaUDVHdnpTbklHYmozQThKKzVKT3haUkEKaRkef04BHGL2sDPy\nB9hl8CCpgJ57fOZtLBG8tPruAz5uASNhJss=\n-----END AGE ENCRYPTED FILE-----\n$ echo '-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGVSY0tCZyBZRUJD\nNUZ6OWpQWDlzK2JKbmszaVp1ak9TQ0NZWkxoM0JuRlhtTm1hNVdFCjZqV0RlRldI\ncjY4TDJJR1hRckxNUkw2QmoreGVoRURzRGhRYllZUjBXck0KLS0tIEJBaFVXa3J0\nRHFobkVzUnRLaDZaUDVHdnpTbklHYmozQThKKzVKT3haUkEKaRkef04BHGL2sDPy\nB9hl8CCpgJ57fOZtLBG8tPruAz5uASNhJss=\n-----END AGE ENCRYPTED FILE-----' | age -d -i ~/.ssh/id_ed25519\nplain\n
$ echo 'plain' | age --armor -R ./rsa1024.pub\nage: warning: recipients file \"./rsa1024.pub\": ignoring unsupported SSH key of type \"ssh-rsa\" at line 1\nage: error: failed to parse recipient file \"./rsa1024.pub\": \"./rsa1024.pub\": no recipients found\nage: report unexpected or unhelpful errors at https://filippo.io/age/report\n$ echo 'plain' | age --armor -R ./rsa2048.pub\n-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1yc2EgNXd4UUtBCmxZY2ZKczFr\nMkJ1akc2Y3JkUHQyN0JaRU1RTnN4NHFydjBwZE4vUml4d0JnZ0VQYnVxRUhXRFpx\nWkRCOWxpSG4KTnUzZCsvNmFGSnM0MzNkdEpSRWVyUEl1VVgxOHR3NFd6alJMMUlH\nQ3VYbTZDTDdYNUxoeTdnbE8zNlI5eWpCawpPMTVRZXhoTGNVWHRhRngybkVHVmxE\nQXVTRFJKOEFIVFQwWXFFZHRrdmU4UVhiV0lwbFVtQ0Vzb1ZzTnlBNXc5CjN4VW02\na21MZGxxRmhtY1pOZ1NsQjlBS0RmL1o3M0xNZ0RVQXRXS3pVSDVXS1UramQ5V3Nv\nNWhSZDBaYjhlSWkKTVUzM1dEZzltcWU3SEpPMGV6eG5ucHFqUGZDRWZ0eDNQNTUy\nRmZxdHdXUzBZamlrLzNFaGdWajVTeXZBREF1VwpFN2x4S0VnR0N6WmIxeXFuTjUr\nbGFnCi0tLSAzaytQQktGcHA4dG9OZjhGbGNZY2g1ZktUaHRsemxoNUNxeW9YTkVD\nQ2NJCnEqtAa7v2TJGtQWC2CglKZ9YeX698uiW90pBq13wqwxFxe26eUb\n$ echo 'plain' | age --armor -R ./rsa3072.pub\n-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1yc2EgZFNIbVJ3CmxTaERheUlS\nRDJ2dE8wVXZrWDRKMStQYkl4SW5RVExYUWlLTHcxVjRFRVBSWEVnQk81TThVaG5u\nQWZRYS9vVlQKZHppT25RYnZKaUFSbm5sSVhMZUVMTG1Fc2FPTUl4aFQvdmVEeXBG\nb1dDQ1loMEdYM0QyKzNIN2V6eStlbkQ2ZQpFeVJJeFovd3FzUzZSS3pNMG9YeEtp\nQm0rYitkeWFIR2N2T05tMHB0RW5TTWRvelBmOXdpN0tjVlhZUS8xWGxJClJBMjk3\nWDV5d3BBaFdWbWtFcjIyWHhHMy93cmsrUTd3cGdwaTAzMTN4M3RaQ0o5cUN3TzRw\ncklrTGpVUVBRSE4KNnA4MHhvMVJ6LzduM0JHaTNKNFZKRURuSjhZNldoV1h2N3Qw\nbTRMZ0xqaVkvOVJVR004a3A1bU9JSU9pK0ErKwpKdmtVcEphWk9zbzJ1eHdOV0k0\nRXpBYm9jY3RneDNJSm9mcWQ4SzY5bERxUjV0bWhCRFB5K210M29VL1ZKVGwvCmo1\neHQ4eFRIaDVFTVBaMnRlbkFGLzNZWFA4NVpWVlloVUc1YnlrdUFRSTJqRXdGR3Vl\nNkFWTjlyR05DQUxlMVcKN0xaQTA2bENBY09pZHNtL0dCcU5QVmFDQVVsNUI2eHlH\ndUYyTkc2QXRZN0k1WUZXTHV3UGxPWDgvdlJoNnE4NgoKLS0tICtSSUV0bnRRSjU1\nTUY3cjRJM3ZYV0x6ZXpLbXFnaEttYTZhY01nZzEzd28KLJcw48jawhSaZm1BZ7a1\nQm0770UO7troZcvViUfFJzHSXQsE4n4=\n-----END AGE ENCRYPTED FILE-----\n$ echo 'plain' | age --armor -R ./rsa4096.pub\n-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1yc2Egc0tyUVpRCnluWk1qUFdI\nS2w3c3hmK0ZyMmcvUmZVWUpKejF0RTlSalVzKzQ1QkpCMklHUjlCcGJIeGFKSVNv\nUVdSa2pRbnkKQm5OWHlocEUyQjZYZjRJanVkN2YyMWJKaThwd0hEWkkwQURnWUVF\nbkxnR2ZSTktRRDdEWHZaYTVuVSsvYUY1UQpCa3lMdURsamhWdm52RE0yaE53QUxX\nWnVaRWdPRExnL2lIYSs4SE9YZUlNTldidG5QTC9XQU1IUll2NTQ0RzBjCjJnL0lC\nemtTdDlaNlpQM1JEbHRDdnROWmV3VTNpMDRxcDdabVU3bU5xODg4eUJ3dWZwYnpG\nQWtnbWlzc3RVV2IKZkVnSmQyZ2pOaXluYmFhMllvZ0tKNzcwS3FBWlJtS29LNGYx\nY3dxSFV4UHZpcmJleHFFNXI5ekUxQzNlYzdIWgpackFqemdMV1JjRjdnY3RBTTky\nbDlXVDVrQktjZkszQk12L3hlSDhHTllIdkVIS2FERUtCbWgyaUNad0NuRjRCCjZK\nSUYxYXkyNE1oKzN5VUZ0a1VVQjRnOVBLRUF4VU0yOFJUcEtUZDU2OHFDT2djekxO\nY3o4eGhQay9vNnlMRDUKVm14KzlrS1hOU1JrYTVHYjBwZWZzYXVsNHhPMEY5bTJ4\nZWZZQW5LVVQxRjVBUUQ4eDBEbDNkRTFFTGNvL21Kcgp5YkkxR3FrMTJQdnA3MFFl\nckgvZjBvT3I2WlZ6Q1ZuM3JFeGczTXFwU3FCV3FWbVIrTk1sL0RSWEZwL2Q4NC9m\nCjlDZUJ2NXZnQU5BUUNrVzdPODM1WUxFTzVrT3Q1VGZISThtSzJPb2xvVnU0R2g0\nTlY5RmJnbWhJbnU3TGMvTHoKVEt1OUZwR1UvNlFEVmRnWHZvay8wSGhnZWgrcnRN\nZWZsRHd5YnlCS0ovNAotLS0gYWQ4WXBodENuNDBKVVkwK3c5YnpSeG5OdndCRWph\neW5aU1QvekRLWlhkdwpjWnxdCQrEjd0NbP2ed0AFRLYH94R8EQTGEyYDMwEuzhsk\nM8fb2A==\n-----END AGE ENCRYPTED FILE-----\n
RSA1024 \u3060\u3068\u30a8\u30e9\u30fc\u3068\u306a\u308a\u307e\u3057\u305f\uff0e\u73fe\u5728 RSA \u306f 3072 \u304c\u898f\u5b9a\u5024\u3060\u3063\u305f\u3068\u601d\u3046\u306e\u3067\u9375\u5e33\u306e\u77ed\u3044 1024 \u306f\u8db3\u5207\u308a\u3055\u308c\u3066\u3044\u308b\u306e\u304b\u3082\u3057\u308c\u306a\u3044\u3067\u3059\u306d\uff0e
\n$ echo 'plain' | age --armor -R ./rsa2048.pub -R ./rsa3072.pub -R ./rsa4096.pub -R ~/.ssh/id_ed25519.pub\n-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1yc2EgNXd4UUtBCjFaajdDV3hh\ndXRuNkNNRVpRTUJ2ZDI0ZkRObGdCRmpydlZNUDAzSjhXbGdsWXJZa1lyWnFzSFlo\nbXFJbjNpSFYKcHZrWisyek1MWjZvVlJtV3djUEY1ei82bVFISzdwYm96a2FYeXRR\namdxTEhjWllCcGJsSytQN3ZWay82clZEZwp4bG5HSmVGNEFFVW5xMEx4UXhlT3A0\neHBONUhkbU1qRnRPUUFoR3BldzVhamFrc0xBWVp4Y001bUdqNGROT0dmCkhOUCtF\nTytsbXRTU1Exait5bG9DRVR4ZjRTT3owY01JTGRyOUN4eWFnd0hmTDlOenlWRE12\na0ZrM2E4NkFweTEKMEZvZ3h2TzdOZlJ5YnVpYm1yOXFIUkV2MXI0QnZtT1VMTFRT\nZ2JDOGI4VGpYRVROb3J1TzAvd2xYTHozSVdhOQoyMVFQNHBxb3AzaUQwa0hqeE5C\nbEF3Ci0+IHNzaC1yc2EgZFNIbVJ3Cm9KcEoyZndZK0JCakFURWl2eUt4dHNqdExy\nK0dzNkRpUXF1U0dJSXFIMlFWOFhGcGtkNFRXd1BuVGJBSmZhNkgKNjZZZStZZFFi\nWko2dXFkQ2hKMHVIcWV0ekVaeUhBOTJoSnZUWnFacmVFczE4UnllZnp4cXZCQWE4\nckdFNU5nbQpNaXB4eHhaUG1vWE5HQ2xoRkF5amVPL3kvaUlPL0h6ZVNtL05lV2VK\nOGdkVmpGZjVSNVNOZ1NsbEc1b0NBODFlCkNQTTFWb3orNC9WVWdadThFN3YwUTNr\nYXNCaDZ5KzBSckJpeEdZWllYMml0RmFpTWNZc3FEbHhXaUM0YTU1emMKbXRvQzh2\nUG1lM1FWYzRreDJINGY1MEV0cnArTzdMaklVS1VWRE5haWV0UzlFOG9CN3U0dFNu\nMU0vVFpYVXRoNwp5aHRDc2ZoWWVBeGZwWTlyQ2ZIVjcxczZ1ajJoVy93dDFlVWsy\nNlF0ZEFCTHlBNTk1YlhTNmtKY1RPZ2tqZU94CjJkT3REWTRTZFZuR0pneDNtZjND\nUXVjMWRqeCtVODZEb2J6bkgxWm4ycGRxQWI0amVqdXNFdnJtdkFlZmZMUFYKdlVT\nekhlK1hQSFRuRFBmV09JWTUrSS9VNnQ5RTY2T0dEeG9ONVVXdFRVY0g1ZmdqTStR\nNDRUc21LQXhyK0dNbQoKLT4gc3NoLXJzYSBzS3JRWlEKc2FIQ20zUmRQYmhrRTlO\nbjF0V2lKZXhFWXVNcVJmdk5jNXhMaDdkdGZWcGc4WVVBbGdGZGhTM0dLSFpkbWlP\nSAo4aEl6U2xRTXhTTFUzTzhsWThtbngwZUl6VGQ1Z09IKzJWK29XNzNOL2ZMaEc4\nWkdxUkI0cXVHaS9IT0NTS3M0Ci8vYjJDczQrUzdaSmxrU0ZsOFU4VUk0Nzh3eHh6\nelYzOWJVaUxNbjM3cGRTdkd5Vlc3YWtHUjRiWDNoYU83WGYKNklxMkZCanBMZ0N5\nb2ZvN3VwZkNLcUxTM0FVNU1TMmczSFR1Nm9HMHJQdlIyemxwNWNjVktIWlRnSks2\nVWlwVAoyR3VQZmJCTGJSQ2xGemRWM1lUbmFhcFpmNE5ITmdjUFZZNTFaMW9ZcCtp\nQ0V6ajFwbjEyTkZvT3JRZ3NCK011Cm9EOFcyQTNBT2pOVk5mZDU1cFQ3TFE5MnNK\neEVxWE1uMUNadkhMTVZVcUdBRythZmJnVG81ZG93YlE4K2JLWkYKbTgrTmVOSTEx\nRWRqTXdRRDlmRjBrNUJpenZoenU0NnNzVmlxMmZKVERqTDdoZnlUZUNVaUxZNE91\nRHNsK2NmawpacUVZdU9sdUJEWE83Z1FYYnhFQU5pMlZQVVhiV2hDbzBhM0YwOFZ5\nNy9EclZLK29XTUJ3K25ldDV2dTZpVlgxCkxsN3ZMRjVJekZ2aXl6UnFaSXpoYzUr\nQWRQR0VjOUZPSnpnMk1uL0k4SW11VHdheW1xN25yR3VYbGNoNW9LTUkKUXNXVGFJ\nc3dXY0hxaURhSEllN1o0Rm9nQnZlck53V0R5YTdDYWltTURSbHBGc0JFTUZkL1hz\nMXRqTUNVNUs5MQoxNnFxN1AxenhYUFZnb0hMRDlnaWY3VmRCd0NnZk44UVNpb2Zk\nRUZ4U1Y4Ci0+IHNzaC1lZDI1NTE5IGVSY0tCZyBSNml6R2pvQnV6WWV2WmFHaFo5\nL0hTSFl5Y1h4S1lBNkFSZjNod29TV1dnCnhpVGNIVW44dnNrZlJyWWZxUGhsVGY1\nTlMyR0tkcjUxTnI3NStaL2UwM1kKLS0tIFg3VEg5MGNCZnJBNmU0NXUza1d1aVlM\ncmk0eXVab1RmTzhVTTZid1ZWclUKe1wXH51zJI3GYYwGVPhoXDcuV8vBZIcvGPQz\n5pSAkRa/YrHMrfk=\n-----END AGE ENCRYPTED FILE-----\n
RSA, ED25519 \u4e21\u65b9\u3092\u542b\u3080\u8907\u6570\u306e\u9375\u3067\u6697\u53f7\u5316\u3082\u554f\u984c\u306a\u304b\u3063\u305f\u3067\u3059\uff0e(\u7d19\u5e45\u3092\u3068\u308b\u306e\u3067\u3053\u3053\u306b\u306f\u8f09\u305b\u307e\u305b\u3093\u304c\u305d\u308c\u305e\u308c\u306e\u9375\u3067\u5fa9\u53f7\u3082\u5927\u4e08\u592b\u3067\u3057\u305f\uff0e)
\n$ wget https://github.com/FiloSottile.keys\n$ age -a -R ./FiloSottile.keys data\nage: warning: recipients file \"./FiloSottile.keys\": ignoring unsupported SSH key of type \"ecdsa-sha2-nistp256\" at line 1\nage: error: failed to parse recipient file \"./FiloSottile.keys\": \"./FiloSottile.keys\": no recipients found\nage: report unexpected or unhelpful errors at https://filippo.io/age/report\n$ dd if=FiloSottile.keys bs=20 count=1 2>/dev/null; echo\necdsa-sha2-nistp256\n
GitHub \u304b\u3089 age \u4f5c\u8005\u306e\u9375\u3092\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u3057\u3066\u6697\u53f7\u5316\u3057\u3088\u3046\u3068\u3057\u307e\u3057\u305f\u304c\uff0c\u516c\u958b\u3055\u308c\u3066\u3044\u308b\u9375\u5f62\u5f0f\u304c ed25519-sk \u306e\u3088\u3046\u3067 age \u306b\u5bfe\u5fdc\u3057\u3066\u3044\u306a\u3044\u9375\u3060\u3063\u305f\u306e\u3067\u6697\u53f7\u5316\u51fa\u6765\u307e\u305b\u3093\u3067\u3057\u305f\uff0e
\n| \n Note \n | \n\n \n \n\u9375\u306e\u5165\u624b\u4f8b \n
| \n
GPG \u3092\u516c\u958b\u3057\u3066\u3044\u306a\u3044\u4eba\u3067 GitHub \u306a\u3069\u3067 SSH\u9375\u3092\u516c\u958b\u3057\u3066\u3044\u308b\u4eba\u306f\u7d50\u69cb\u5c45\u308b\u6c17\u304c\u3059\u308b\u306e\u3067 SSH\u9375\u3067\u6697\u53f7\u5316\uff0c\u5fa9\u53f7\u5316\u304c\u3067\u304d\u308b\u3068\u4fbf\u5229\u305d\u3046\u3067\u3059\uff0e
\nopenssl \u3067\u3082\u51fa\u6765\u308b\u3057\u5c0e\u5165\u3055\u308c\u305f\u74b0\u5883\u3082\u591a\u3044\u3068\u601d\u3044\u307e\u3059\u304c\u30b3\u30de\u30f3\u30c9\u304c\u7169\u96d1\uff0cage \u3060\u3068\u5229\u7528\u304c\u7c21\u5358\u306a\u306e\u3067\u666e\u53ca\u3059\u308c\u3070\u4fbf\u5229\u305d\u3046\u3067\u3059\uff0e
$ dpkg-query -W age openssh-client openssl\nage 1.1.1-1+b3\nopenssh-client 1:9.2p1-2+deb12u2\nopenssl 3.0.11-1~deb12u2+rpt1\n$ lsb_release -a\nNo LSB modules are available.\nDistributor ID: Raspbian\nDescription: Raspbian GNU/Linux 12 (bookworm)\nRelease: 12\nCodename: bookworm\n$ arch\narmv7l\n$ cat /proc/device-tree/model ;echo\nRaspberry Pi 3 Model B Rev 1.2\n
\u4ee5\u524d\u4f55\u7a2e\u985e\u304b\u306eVanity Adress \u3092\u6398\u3063\u3066\u307f\u307e\u3057\u305f\uff0e
\n\u3075\u3068SSH\u9375\u306eVanity Adress \u306f\u3069\u3046\u3060\u308d\u3046\u3068\u8a66\u3057\u3066\u307f\u307e\u3057\u305f\uff0e
\n\n
\u9375\u306fEd25519 \uff0e\u9375\u30da\u30a2\u306e\u516c\u958b\u9375\u304c\u3044\u3044\u611f\u3058\u3060\u3068\u826f\u3055\u305d\u3046\u306a\u6c17\u304c\u3057\u307e\u3059\uff0e
\n\u307e\u305a\u306fOpenSSH \u306e ssh-keysign \u3067\u4f5c\u3063\u3066\u307f\u307e\u3059\uff0e\u5927\u6587\u5b57\u5c0f\u6587\u5b57\u3044\u305a\u308c\u304b\u306e mat0 \u304c\u898b\u3064\u304b\u308b\u307e\u3067\u4f5c\u6210\u3057\u3066\u3044\u307e\u3059\uff0e
$ umask 277; no=0; tmp=`mktemp -d -p ~/tmp/`; chmod 700 ${tmp}; while true;do no=$(($no + 1)); ssh-keygen -t ed25519 -f ${tmp}/${no} -N '' -C '' > /dev/null; grep -i -E m[a@]t[o0] ${tmp}/${no}.pub && echo ${tmp}/${no} && break; done\nssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOt6L8+9eF3T8o/M4BnDVZ5F7SVdPmat0hlM8s/8zV/r\n/home/matoken/tmp/tmp.rGb5eSpEaJ/26016\n26016\u9375\u30da\u30a2\u3092\u751f\u6210\u3057\u305f\u3068\u3053\u308d\u3067186\u79d2\u307b\u3069\uff0c\u5927\u4f53140.6keys/sec \u304f\u3089\u3044\uff0e\u9045\u3044\u611f\u3058?vmstat \u3084top \u3092\u898b\u3066\u3082cpu \u306f\u3042\u307e\u308a\u4f7f\u3048\u3066\u3044\u306a\u3044\u611f\u3058\u3067\u3059\uff0e
\n-a 1 (default:16) \u306b\u3059\u308b\u3068160.8/keys/sec \u3068\u5c11\u3057\u65e9\u304f\u306a\u308a\u307e\u3057\u305f\u304c\u9375\u3092\u76d7\u307e\u308c\u305f\u5834\u5408\u306e\u5f37\u5ea6\u304c\u4e0b\u304c\u308b\u3068\u601d\u3046\u306e\u3067\u3084\u3081\u305f\u307b\u3046\u304c\u826f\u3055\u305d\u3046\u3067\u3059\uff0e
tool \u3092\u63a2\u3057\u3066\u307f\u307e\u3059\uff0e
\n$ git clone https://github.com/ionathanch/ssh-keygen-ed25519-vanity\n$ cd ssh-keygen-ed25519-vanity\n$ make\n
$ ./vanity mato\nssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEHmibZNyKuT/GO9rloS8qmatoFOZ4N7fJcRSOPCwsky\n-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZWQyNTUxOQAAACBB5om2Tcirk/xjva5aEvKpmraBTmeDe3yXEUjjwsLJMgAAAIjwyswa8MrMGgAAAAtzc2gtZWQyNTUxOQAAACBB5om2Tcirk/xjva5aEvKpmraBTmeDe3yXEUjjwsLJMgA\nAAEBro42f/ycDTNvMw3JHIGD5dzg+VVgshQw+RWIhN/I2WEHmibZNyKuT/GO9rloS8qmatoFOZ4N7fJcRSOPCwskyAAAAAAECAwQF\n-----END OPENSSH PRIVATE KEY-----\n
shell \u3067ssh-keygen \u3092\u56de\u3059\u3088\u308a\u901f\u305d\u3046\u3067\u3059\uff0e\u66f4\u306bREADME \u306b\u306fmoreutils \u306eparallel \u3092\u4f7f\u3063\u3066\u4e26\u5217\u5b9f\u884c\u3059\u308b\u65b9\u6cd5\u3082\u66f8\u304b\u308c\u3066\u3044\u307e\u3057\u305f\uff0e
\n$ time parallel -n 0 ./vanity vanity -- 1 2 3 4\n
\u4ee5\u4e0b\u306fREADME \u306b\u3042\u3063\u305f\u6587\u5b57\u6570\u306b\u3088\u308a\u3069\u306e\u304f\u3089\u3044\u6642\u9593\u304c\u304b\u304b\u308b\u304b\u306e\u76ee\u5b89\u3067\u3059\uff0e
\n\n\n\n\nRough performance stats
\n
\nObviously since it\u2019s brute force the times are probabilistic, but this gives you an idea of how feasible it would be to find your desired number of characters.\n
\n\n \n\n\n \n \n \n\n\nSubstring \nTime (s) \n\n \n\n \na
\n\n \n0.002
\n\n \n\n \nar
\n\n \n0.015
\n\n \n\n \nars
\n\n \n0.501
\n\n \n\n \narso
\n\n \n3.753
\n\n \n\n\n \narson
\n\n \nabandon all hope ye who seek five sequential characters
\n
\u5927\u5206\u901f\u3044\u3088\u3046\u306a\u6c17\u304c\u3057\u307e\u3059\u304c\u30a2\u30c9\u30ec\u30b9\u306e\u6307\u5b9a\u304c\u56fa\u5b9a\u306a\u3088\u3046\u3067\u5927\u6587\u5b57\u5c0f\u6587\u5b57\u3069\u3063\u3061\u3067\u3082\u3068\u304b\u4ee3\u66ff\u8a18\u53f7\u3067\u3082\u3044\u3044\u306a\u3069\u3068\u3044\u3063\u305f\u3053\u3068\u304c\u51fa\u6765\u306a\u305d\u3046\u3067\u3059\uff0e
\n\u307e\u305f\u5225\u306e\u3082\u306e\u3082\u8a66\u3057\u3066\u307f\u307e\u3059\uff0e
\n$ go install github.com/pcarrier/vanity-keygen@latest\n$ vanity-keygen -h\nUsage of vanity-keygen:\n -cpuprofile string\n write cpu profile to file\n -threads int\n number of threads to run (default 4)\n
$ time vanity-keygen -threads `nproc` [mM][aA@][tT][oO0]\n2023/04/05 08:30:06 Looking for a public key matching [mM][aA@][tT][oO0]\n2023/04/05 08:30:06 Public key:\nssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA2rzJZSoqwrVF/Pf2FzKgfL/eMATOI/V7bjdmqkGV5B\n2023/04/05 08:30:06 Private key:\n-----BEGIN OPENSSH PRIVATE KEY-----\nb3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtz\nc2gtZWQyNTUxOQAAACANq8yWUqKsK1Rfz39hcyoHy/3jAEziP1e243ZqpBleQQAA\nAIiaywRCmssEQgAAAAtzc2gtZWQyNTUxOQAAACANq8yWUqKsK1Rfz39hcyoHy/3j\nAEziP1e243ZqpBleQQAAAEDBsKpzquKe0/QTheaoVSChK8gF6d38u5mwrtqihfMY\n6A2rzJZSoqwrVF/Pf2FzKgfL/eMATOI/V7bjdmqkGV5BAAAAAAECAwQF\n-----END OPENSSH PRIVATE KEY-----\n\nreal 0m0.331s\nuser 0m0.652s\nsys 0m0.048s\n
\u3053\u306e\u30c4\u30fc\u30eb\u306f\u30b9\u30ec\u30c3\u30c9\u6570\u3082\u6307\u5b9a\u3067\u304d\u308b\u3057\uff0c\u30a2\u30c9\u30ec\u30b9\u306e\u6307\u5b9a\u3082\u67d4\u8edf\u306a\u306e\u3067\u826f\u3055\u305d\u3046\u3067\u3059\uff0e
\n$ vanity-keygen aaaaa\n2023/04/05 08:30:12 Looking for a public key matching aaaaa\n2023/04/05 08:30:13 Generated 71,000 keypairs (69,788 Hz)\n2023/04/05 08:30:14 Generated 141,000 keypairs (70,310 Hz)\n2023/04/05 08:30:15 Generated 212,000 keypairs (70,454 Hz)\n2023/04/05 08:30:16 Generated 284,000 keypairs (70,792 Hz)\n2023/04/05 08:30:17 Generated 356,000 keypairs (71,040 Hz)\n
\u63a2\u7d22\u4e2d\u306b\u3069\u306e\u304f\u3089\u3044\u306e\u9375\u3092\u751f\u6210\u3057\u305f\u304b\u3082\u8868\u793a\u3055\u308c\u307e\u3059\uff0e
\n\u826f\u3055\u305d\u3046\u306a\u306e\u3067Tor \u306e\u3068\u304d\u306e\u3088\u3046\u306b\u5c11\u96fb\u529b\u306aSBC\u306eRaspberry Pi 3 modelB \u3067\u3082\u8a66\u3057\u3066\u307f\u307e\u3057\u305f\uff0e
\n$ GOARCH=arm GOARM=7 go build .\n$ file ./vanity-keygen\n./vanity-keygen: ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), statically linked, Go BuildID=Z_Cr4XM48GAIHSA-MQng/2wFeSpgr5k0WPASNS4ho/3FEwAtva33LS2ByXLcjP/0WSk_fEc6xXCDZEo89yH, with debug_info, not stripped\n
$ ./vanity-keygen -threads 4 aaaa\n2023/04/05 08:22:58 Looking for a public key matching aaaa\n2023/04/05 08:22:59 Generated 0 keypairs (0 Hz)\n2023/04/05 08:23:00 Generated 4,000 keypairs (1,991 Hz)\n2023/04/05 08:23:01 Generated 4,000 keypairs (1,332 Hz)\n2023/04/05 08:23:02 Generated 8,000 keypairs (1,990 Hz)\n2023/04/05 08:23:03 Generated 8,000 keypairs (1,598 Hz)\n^C\n$ cat /proc/device-tree/model && echo\nRaspberry Pi 3 Model B Rev 1.2\n
\u2026\u2026\u5927\u5206\u9045\u304f\u306a\u308a\u307e\u3057\u305f\uff0ePC\u3067\u5b9f\u884c\u3057\u305f\u307b\u3046\u304c\u826f\u3055\u305d\u3046\u3067\u3059\uff0e
\n\u6c17\u306b\u5165\u3063\u305f\u9375\u304c\u51fa\u6765\u305f\u3089\u30d1\u30b9\u30d5\u30ec\u30fc\u30ba\u3092\u8a2d\u5b9a\u3057\u305f\u308a\uff0c
\n$ ssh-keygen -p -f ./key\nKey has comment ''\nEnter new passphrase (empty for no passphrase):\nEnter same passphrase again:\nYour identification has been saved with the new passphrase.\n
\u30b3\u30e1\u30f3\u30c8\u3092\u66f8\u304d\u63db\u3048\u305f\u308a\u3057\u307e\u3057\u3087\u3046\uff0e
\n$ ssh-keygen -c -f ./key\nEnter passphrase:\nOld comment:\nNew comment: vanity\nComment 'vanity' applied\n
Tor \u306eVanity adoress \u306a\u3093\u304b\u306b\u6bd4\u3079\u308b\u3068\u3042\u307e\u308a\u76ee\u7acb\u305f\u306a\u3044\u3067\u3059\u304c\uff0chostkey \u3084GitHub/Lab \u306a\u3069\u3067\u4e00\u822c\u516c\u958b\u3057\u3066\u3044\u308b\u9375\u306b\u4f7f\u3046\u306e\u306f\u3042\u308a\u3067\u306f\u3068\u601d\u3044\u307e\u3059\uff0e
\n$ cpu-info\nPackages:\n 0: Intel Core i5-7300U\nMicroarchitectures:\n 2x Sky Lake\nCores:\n 0: 2 processors (0-1), Intel Sky Lake\n 1: 2 processors (2-3), Intel Sky Lake\nLogical processors (System ID):\n 0 (0): APIC ID 0x00000000\n 1 (2): APIC ID 0x00000001\n 2 (1): APIC ID 0x00000002\n 3 (3): APIC ID 0x00000003\n$ lsb_release -dr\nNo LSB modules are available.\nDescription: Debian GNU/Linux 12 (bookworm)\nRelease: 12\n$ arch\nx86_64\n
\u9577\u3044\u30db\u30b9\u30c8\u540d\u306e\u30b5\u30fc\u30d0\u306b\u63a5\u7d9a\u3057\u3088\u3046\u3068\u3057\u305f\u3089\u8a8d\u8a3c\u6210\u529f\u5f8c\u306b\u6012\u3089\u308c\u307e\u3057\u305f\uff0e\u5b9f\u969b\u306f62\u6587\u5b57\u306e\u9577\u3044\u30db\u30b9\u30c8\u540d\u3067\u3057\u305f\uff0e
\nunix_listener: path \"/home/matoken/.ssh/tmp/ssh-${USER}@${\u9577\u3044\u30db\u30b9\u30c8\u540d}:22.r3NYV60KUEAXUuRZ\" too long for Unix domain socket\n\n
\u3068\u308a\u3042\u3048\u305a ssh \u306e\u30aa\u30d7\u30b7\u30e7\u30f3\u3067 -o ControlMaster=no \u3092\u3064\u3051\u3066\u5b9f\u884c\u3059\u308b\u3068\u7e4b\u304c\u308a\u307e\u3059\uff0e
~/.ssh/config \u306e\u5bfe\u8c61host\u3067 ControlMaster no \u3068\u3057\u3066\u307f\u305f\u3051\u3069\u52b9\u304b\u306a\u3044\u3088\u3046\u3067\u540c\u3058\u30a8\u30e9\u30fc\u306b\u306a\u308a\u307e\u3057\u305f\uff0e
Host TARGETHOST\n ControlMaster no\n ControlPath no\n
man 5 ssh_config \u3092\u898b\u308b\u3068 ControlPath \u306b\u4f7f\u3048\u308b\u5909\u6570\u3067 %C \u3092\u6307\u5b9a\u3059\u308b\u3053\u3068\u3067 %l%h%p%r \u306e\u30cf\u30c3\u30b7\u30e5\u306b\u306a\u308b\u3088\u3046\u3067\u3059\uff0e
ControlPath\n Specify the path to the control socket used for connection sharing as described in the ControlMaster section above or the string none to disable connection sharing. Arguments to ControlPath may use the tilde\n syntax to refer to a user's home directory, the tokens described in the TOKENS section and environment variables as described in the ENVIRONMENT VARIABLES section. It is recommended that any ControlPath used\n for opportunistic connection sharing include at least %h, %p, and %r (or alternatively %C) and be placed in a directory that is not writable by other users. This ensures that shared connections are uniquely\n identified.\n
TOKENS\n Arguments to some keywords can make use of tokens, which are expanded at runtime:\n\n %% A literal \u2018%\u2019.\n %C Hash of %l%h%p%r.\n %d Local user's home directory.\n %f The fingerprint of the server's host key.\n %H The known_hosts hostname or address that is being searched for.\n %h The remote hostname.\n %I A string describing the reason for a KnownHostsCommand execution: either ADDRESS when looking up a host by address (only when CheckHostIP is enabled), HOSTNAME when searching by hostname, or ORDER when\n preparing the host key algorithm preference list to use for the destination host.\n %i The local user ID.\n %K The base64 encoded host key.\n %k The host key alias if specified, otherwise the original remote hostname given on the command line.\n %L The local hostname.\n %l The local hostname, including the domain name.\n %n The original remote hostname, as given on the command line.\n %p The remote port.\n %r The remote username.\n %T The local tun(4) or tap(4) network interface assigned if tunnel forwarding was requested, or \"NONE\" otherwise.\n %t The type of the server host key, e.g. ssh-ed25519.\n %u The local username.\n\n CertificateFile, ControlPath, IdentityAgent, IdentityFile, KnownHostsCommand, LocalForward, Match exec, RemoteCommand, RemoteForward, and UserKnownHostsFile accept the tokens %%, %C, %d, %h, %i, %k, %L, %l, %n, %p,\n %r, and %u.\n\n KnownHostsCommand additionally accepts the tokens %f, %H, %I, %K and %t.\n\n Hostname accepts the tokens %% and %h.\n\n LocalCommand accepts all tokens.\n\n ProxyCommand accepts the tokens %%, %h, %n, %p, and %r.\n
\u3053\u308c\u3092 ~/.ssh/config \u306b\u8a2d\u5b9a\u3057\u3066\u307f\u308b\u3068( ControlPath ~/.ssh/tmp/%C )\u3053\u3093\u306a\u611f\u3058\u306e a1e724af86ad309c968737a2fb73a3f1c0298e05 40\u6587\u5b57\u306e\u30cf\u30c3\u30b7\u30e5\u306e\u30d5\u30a1\u30a4\u30eb\u540d\u306b\u306a\u3063\u3066\u3068\u308a\u3042\u3048\u305a\u89e3\u6c7a\u3057\u307e\u3057\u305f\uff0e\u4eba\u9593\u306b\u306f\u512a\u3057\u304f\u306a\u3044\u3051\u3069\u305d\u3046\u898b\u308b\u3082\u306e\u3067\u306f\u306a\u3044\u306e\u3067\u3044\u3044\u304b\u306a?
$ dpkg-query -W openssh-client tor\nopenssh-client 1:8.9p1-3\ntor 0.4.6.10-1\n$ lsb_release -dr\nDescription: Debian GNU/Linux bookworm/sid\nRelease: unstable\n$ arch\nx86_64\n
OpenSSH 7.1/7.1p1\u3067RSA\u9375\u9577\u306f\u6700\u4f4e1024bit\u306b\u306a\u308a\u307e\u3057\u305f\uff0e
\n* Refusing all RSA keys smaller than 1024 bits (the current minimum\n is 768 bits)\n
1024bit\u3088\u308a\u77ed\u3044\u9375\u9577\u306e\u9375\u3092\u4f5c\u308d\u3046\u3068\u3059\u308b\u3068\u6012\u3089\u308c\u307e\u3059\uff0e
\n$ ssh-keygen -t rsa -b 768\nInvalid RSA key length: minimum is 1024 bits\n
\u4ee5\u4e0b\u306eML\u3067\u53e4\u3044\u6a5f\u5668\u304c1024bit\u306b\u5bfe\u5fdc\u3057\u3066\u3044\u306a\u3044\u5834\u5408\u306e\u76f8\u8ac7\u3067OpenSSL\u3067OpenSSH\u3067\u5229\u7528\u3067\u304d\u308bRSA\u9375\u30da\u30a2\u304c\u4f5c\u308c\u308b\u306e\u3092\u77e5\u308a\u307e\u3057\u305f\uff0e
\nYou can use openssl to generate a shorter key:\n\n\t$ openssl genprsa -out key.pem 768\n\t$ ssh-keygen -y -f key.pem > key.pub # optional to get public key\n\nThis works with a 768-bit RSA key (client: OpenSSH_7.2p2, OpenSSL\n1.0.2g; server: OpenSSH_7.2p2, OpenSSL 1.0.2g) but not a 256-bit RSA\nkey: I can generate the shorter key but the server requires a minimum of\n768-bits.\n
\u4f7f\u3046\u3053\u3068\u304c\u3042\u308b\u304b\u308f\u304b\u3089\u306a\u3044\u3051\u3069\u624b\u5143\u306e\u74b0\u5883\u3067\u8a66\u3057\u3066\u307f\u307e\u3057\u305f\uff0e
\n$ openssl genrsa -out id_rsa768 768\nGenerating RSA private key, 768 bit long modulus (2 primes)\n........+++++++\n................................+++++++\ne is 65537 (0x010001)\n
$ openssl genrsa -out id_rsa768 -aes256 768\nGenerating RSA private key, 768 bit long modulus (2 primes)\n..+++++++\n..........+++++++\ne is 65537 (0x010001)\nEnter pass phrase for id_rsa768:\nVerifying - Enter pass phrase for id_rsa768:\n
OpenSSL\u304b\u3089\u66f8\u304d\u51fa\u3055\u308c\u305f\u9375\u30d5\u30a1\u30a4\u30eb\u306e\u30d1\u30fc\u30df\u30c3\u30b7\u30e7\u30f3\u306fumask\u306b\u95a2\u4fc2\u306a\u304f(0000\u3067\u3082)600\u306b\u306a\u3063\u3066\u3044\u307e\u3059 :)
\n$ openssl rsa -text < id_rsa768\n
\u79d8\u5bc6\u9375\u304c\u51fa\u6765\u305f\u306e\u3067\u7d9a\u3044\u3066\u30da\u30a2\u3068\u306a\u308b\u516c\u958b\u9375\u3092\u4f5c\u308a\u307e\u3059\uff0e
\nML\u306e\u4f8b\u3068\u540c\u3058\u3088\u3046\u306b ssh-keygen \u3092\u4f7f\u3046\u3068\u9375\u306e\u9577\u3055\u3067\u6012\u3089\u308c\u307e\u3059\uff0e
$ ssh-keygen -y -f id_rsa768 > id_rsa768.pub\nLoad key \"id_rsa768\": Invalid key length\n
\u516c\u958b\u9375\u3082OpenSSL\u3067\u4f5c\u308a\u307e\u3059\uff0e
\n$ openssl rsa -pubout < id_rsa768 > id_rsa768.pub\nwriting RSA key\n
$ openssl rsa -text -pubin < id_rsa768.pub\n
$ ssh -v -i ~/.ssh/id_rsa768 localhost\n :\ndebug1: Trying private key: /home/matoken/.ssh/id_rsa768\nLoad key \"/home/matoken/.ssh/id_rsa768\": Invalid key length\n
\u3066\u3053\u3068\u3067\u4f7f\u3044\u307f\u3061\u304c\u306a\u3055\u305d\u3046\u3067\u3059\u304c\u30e1\u30e2\u3057\u3066\u304a\u304d\u307e\u3059\uff0e
\n\uff03\u4eca\u306a\u3089ed25519\u4f7f\u3044\u307e\u3059\u3057\u306d\u2026\u2026\uff0e
\u3061\u306a\u307f\u306b1024bit\u3088\u308a\u9577\u3044\u9375\u306a\u3089\u666e\u901a\u306b\u4f7f\u3048\u3066ssh-keygen\u3067\u30b3\u30e1\u30f3\u30c8\u3092\u66f8\u304d\u63db\u3048\u305f\u308a\u30d1\u30b9\u30d5\u30ec\u30fc\u30ba\u3092\u66f8\u304d\u63db\u3048\u305f\u308a\u3067\u3057\u307e\u3057\u305f\uff0e
\n$ openssl genrsa -out id_rsa4096 -aes256 4096\nGenerating RSA private key, 4096 bit long modulus (2 primes)\n................++++\n.....................................................................................................++++\ne is 65537 (0x010001)\nEnter pass phrase for id_rsa4096:\nVerifying - Enter pass phrase for id_rsa4096:\n$ ssh-keygen -c -C 'OpenSSL generate key' -f ./id_rsa4096\nEnter passphrase:\nNo existing comment\nComment 'OpenSSL generated key' applied\n$ ssh-keygen -p -f ./id_rsa4096\nEnter old passphrase:\nKey has comment 'OpenSSL generated key'\nEnter new passphrase (empty for no passphrase):\nEnter same passphrase again:\nYour identification has been saved with the new passphrase.\n
$ dpkg-query -W openssl openssh-client openssh-server\nopenssh-client 1:8.1p1-2\nopenssh-server 1:8.1p1-2\nopenssl 1.1.1d-2\n$ lsb_release -dr\nDescription: Debian GNU/Linux bullseye/sid\nRelease: unstable\n$ uname -m\nx86_64\n
github.com/settings/keys \u304b\u3089SSH Key\u3068\u3057\u3066\u7a81\u3063\u8fbc\u3093\u3069\u304f\u3068\u4fbf\u5229\u3060\u3057\u3001\u4eca\u306eUbuntu Server\u306f\u30bb\u30c3\u30c8\u30a2\u30c3\u30d7\u3067\u305d\u308c\u3092\u4f7f\u3046\u9805\u76ee\u3059\u3089\u3042\u308b\u306e\u3067
\n\u306a\u308b\u307b\u3069\u4fbf\u5229\u305d\u3046
\n\u8a66\u3057\u3066\u307f\u3088\u3046\u3068 Ubuntu Server 18.04.2 LTS
\n (ubuntu-18.04.2-live-server-amd64.iso) \u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30e9\u3067\u8a66\u3057\u3066\u307f\u307e\u3057\u305f\uff0e
OpenSSH \u3092\u5c0e\u5165\u3059\u308b\u3088\u3046\u306b\u3059\u308b\u3068\uff0cSSH\u9375\u3092\u30a4\u30f3\u30dd\u30fc\u30c8\u3059\u308b\u30aa\u30d7\u30b7\u30e7\u30f3\u3067 Github / Launchpad \u304c\u9078\u3079\u307e\u3059\uff0e
\n![\"Screenshot](\"https://i.postimg.cc/yxJF85Zg/Screenshot-ubuntu18-04-2019-03-30-13-02-56.png\")
\u3053\u3093\u306a\u611f\u3058\u3067\u30a4\u30f3\u30dd\u30fc\u30c8\u3055\u308c\u307e\u3057\u305f\uff0e
\n![\"Screenshot](\"https://i.postimg.cc/Bbd2LgTh/Screenshot-ubuntu18-04-2019-03-30-13-05-37.png\")
\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u304c\u7d42\u4e86\u3057\u3066 ssh login \u3059\u308b\u3068\u30a4\u30f3\u30dd\u30fc\u30c8\u3055\u308c\u305f\u9375\u3067 login \u51fa\u6765\u307e\u3057\u305f\uff0e
\n\u30a4\u30f3\u30dd\u30fc\u30c8\u3055\u308c\u305f\u516c\u958b\u9375\u3092\u78ba\u8a8d\u3059\u308b\u3068\u30b3\u30e1\u30f3\u30c8\u90e8\u5206\u304c\u5c11\u3057\u66f8\u304d\u63db\u308f\u3063\u3066\u3044\u307e\u3059\uff0e
\n$ cat ~/.ssh/authorized_keys\r\nssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPgwY9aZPxN/YoBBzd7TOcCk7EuGO0E9PuUjCHPtTuHP matoken@github/16598604 # ssh-import-id gh:matoken\r\nssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEoKnbjj7cVafcAJbYHqUEua1x/81uzoK0LnjgqmR6H8 matoken@github/33364582 # ssh-import-id gh:matoken\n
sshd_config \u3092\u898b\u308b\u3068\u7de8\u96c6\u3067\u306f\u306a\u304f\u672b\u5c3e\u306b\u8ffd\u8a18\u3057\u3066\u308b\u306e\u3067\u3061\u3087\u3063\u3068\u96d1\u3044\u611f\uff0e
\n$ grep PasswordAuthentication /etc/ssh/sshd_config\r\n#PasswordAuthentication yes\r\n# PasswordAuthentication. Depending on your PAM configuration,\r\n# PAM authentication, then enable this but set PasswordAuthentication\r\nPasswordAuthentication no\r\n$ tail -1 /etc/ssh/sshd_config\r\nPasswordAuthentication no\n
\u3061\u306a\u307f\u306b\uff0cGithub \u304b\u3089\u9375\u3092\u5165\u624b\u3059\u308b\u306e\u306f\u3053\u3093\u306a\u611f\u3058\u3067\u884c\u3051\u308b\u3088\u3046\u3067\u3059\uff0e
\n(<USERNAME>\u90e8\u5206\u3092\u8a72\u5f53\u30e6\u30fc\u30b6\u540d\u306b\u4fee\u6b63)
Launchpad \u306f\u3053\u3093\u306a\u611f\u3058\uff0e
\n\u3061\u306a\u307f\u306bLaunchpad \u306f\u672a\u3060ED25519\u5f62\u5f0f\u306b\u306f\u672a\u5bfe\u5fdc\u306a\u3088\u3046\u3067\u3059\uff0e
\n![\"20190330](\"https://i.postimg.cc/W4YRRF6N/20190330-13-03-12-27418.jpg\")
Bitbucket \u306e\u9375\u3082\u540c\u69d8\u306b https://api.bitbucket.org/2.0/users/<USERNAME>/ssh-keys \u3067\u5165\u624b\u3067\u304d\u305d\u3046\u3068\u601d\u3063\u305f\u306e\u3067\u3059\u304c\uff0c\u672a\u8a8d\u8a3c\u3067\u306f\u99c4\u76ee\u307f\u305f\u3044\u3067\u3059\uff0e
\n![\"\u2744\"](\"https://s.w.org/images/core/emoji/17.0.2/72x72/2744.png\")
: “https://github.com/settings/keys \u304b\u3089SSH Key\u3068\u3057\u3066\u7a81\u3063\u8fbc\u3093\u2026” – :don:$ curl -s https://api.bitbucket.org/2.0/users/matoken/ssh-keys|jq\r\n{\r\n \"type\": \"error\",\r\n \"error\": {\r\n \"message\": \"This API is only accessible with the following authentication types: session, password, apppassword\"\r\n }\r\n}\n$ lsb_release -d\r\nDescription:\tUbuntu 18.04.2 LTS\r\n$ uname -m\r\nx86_64\n
ssh \u306f\u653b\u6483\u304c\u591a\u3044\u3067\u3059\uff0e\u516c\u958b\u9375\u8a8d\u8a3c\u306b\u3057\u3066\u304a\u304f\u3068\u5927\u5206\u4fb5\u5165\u306b\u5f37\u304f\u306a\u308a\u307e\u3059\u304c\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u306b\u76f4\u63a5\u7e4b\u304c\u3063\u3066\u3044\u308b\u30b5\u30fc\u30d0\u3067\u306f\u653b\u6483\u306f\u3068\u3066\u3082\u591a\u3044\u3067\u3059\uff0e
\nEndlessh \u306fsshd \u306e\u4ee3\u308f\u308a\u306b\u8d77\u52d5\u3057\u3066\u30d0\u30fc\u30b8\u30e7\u30f3\u60c5\u5831\u3092\u9001\u308b\u524d\u306e\u30c7\u30fc\u30bf\u306b\u307b\u307c\u30e9\u30f3\u30c0\u30e0\u306a\u6587\u5b57\u5217\u3092\u3086\u3063\u304f\u308a\u3068\u914d\u4fe1\u3057\u7d9a\u3051\u3066\u653b\u6483\u8005\u306e\u8db3\u6b62\u3081\u3092\u3059\u308b\u30d7\u30ed\u30b0\u30e9\u30e0\u306e\u3088\u3046\u3067\u3059\uff0e
\n\u672c\u5f53\u306e sshd \u306f\u5225\u30dd\u30fc\u30c8\u3067\u8d77\u52d5\u3057\u3066\u305d\u3063\u3061\u3092\u4f7f\u3046\u611f\u3058\u3067\u3057\u3087\u3046\u304b\uff0e22\u756a\u3092\u7121\u304f\u3057\u3066 port knocking \u3084 sslh \u3092\u4f7f\u3046\u306a\u3069\u306e\u307b\u3046\u304c\u3044\u3044\u304b\u3082\u3067\u3059\u304c\u9762\u767d\u305d\u3046\u3067\u3059\uff0e
\u3068\u3044\u3046\u3053\u3068\u3067\u624b\u5143\u3067\u5c11\u3057\u8a66\u3057\u3066\u307f\u307e\u3057\u305f\uff0e
\n$ git clone https://github.com/skeeto/endlessh\r\n$ cd endlessh\r\n$ git log |head -1\r\ncommit 548a7b1521b2912e7e133d0d9df50e0e514f1f2c\r\n$ make\n
$ ./endlessh -v -p22222 &\r\n[1] 22698\r\n2019-03-24T04:56:10.338Z Port 22222\r\n2019-03-24T04:56:10.338Z Delay 10000\r\n2019-03-24T04:56:10.338Z MaxLineLength 32\r\n2019-03-24T04:56:10.338Z MaxClients 4096\n
$ time ssh localhost -p 22222\r\n2019-03-24T04:56:19.510Z ACCEPT host=::1 port=59402 fd=4 n=1/4096\r\nssh_exchange_identification: No banner received\r\n\r\nreal 700m30.650s\r\nuser 0m0.040s\r\nsys 0m0.240s\r\n2019-03-24T16:37:00.162Z CLOSE host=::1 port=59402 fd=4 time=42040.652 bytes=73944\n
$ kill %1\r\n[1]+ Done ./endlessh -v -p22222\n
\u6570\u56de\u8a66\u3057\u307e\u3057\u305f\u304c\uff0c\u6a19\u6e96\u30aa\u30d7\u30b7\u30e7\u30f3\u3067\u306f700\u5206\u524d\u5f8c\u6355\u307e\u308a\u307e\u3057\u305f\uff0e\u5358\u306b\u3042\u308a\u3082\u306e\u306escript\u3092\u52d5\u304b\u3059\u30ec\u30d9\u30eb\u306e\u653b\u6483\u8005\u3067\u3042\u308c\u3070\u30c4\u30fc\u30eb\u304c\u5bfe\u5fdc\u3059\u308b\u307e\u3067\u306f\u59a8\u5bb3\u306b\u306a\u308a\u305d\u3046\u3067\u3059\uff0e
\n$ git log |head -1\r\ncommit 548a7b1521b2912e7e133d0d9df50e0e514f1f2c\r\n$ dpkg-query -W openssh-client\r\nopenssh-client 1:7.9p1-9\r\n$ lsb_release -dr\r\nDescription: Debian GNU/Linux buster/sid\r\nRelease: unstable\r\n$ uname -m\r\nx86_64\n
\u6700\u8fd1\u77e5\u3063\u305fLaunchPad/GitHUB\u306e\u9375\u3092\u8aad\u307f\u8fbc\u3093\u3067\u30a4\u30f3\u30dd\u30fc\u30c8\u3059\u308b\u30b3\u30de\u30f3\u30c9\u3092\u77e5\u308a\u307e\u3057\u305f\uff0e\u6614\u540c\u540d\u306e\u30b3\u30de\u30f3\u30c9\u304b\u4f55\u304b\u304cOpenSSH\u306b\u3082\u3042\u3063\u305f\u6c17\u304c\u3059\u308b\u3051\u3069\u305d\u308c\u306f\u4eca\u306a\u304f\u3066\u5225\u7269\u307f\u305f\u3044?
\n\u52d5\u304d\u306f\u3053\u3093\u306a\u611f\u3058
\n\nlp:USERID \u3067LaunchPad\u306e\u9375\u3092\u30a4\u30f3\u30dd\u30fc\u30c8\n
\ngh:USERID \u3067GitHUB\u306e\u9375\u3092\u30a4\u30f3\u30dd\u30fc\u30c8\n
\nUSERID \u3067LaunchPad\u306e\u9375\u3092\u30a4\u30f3\u30dd\u30fc\u30c8\n
\nUSERID \u306f\u8907\u6570\u6307\u5b9a\u53ef\u80fd\n
\n\u9375\u306f ~/.ssh/authorized_keys \u306b\u66f8\u304d\u8fbc\u307e\u308c\u308b\n
\n-o \u3067\u66f8\u304d\u51fa\u3059\u30d5\u30a1\u30a4\u30eb\u304c\u6307\u5b9a\u53ef\u80fd`-`\u3060\u3068STDOUT\n
\n-r \u3067\u9375\u524a\u9664\n
$ apt show ssh-import-id\r\nPackage: ssh-import-id\r\nVersion: 3.21-1\r\nPriority: extra\r\nSection: misc\r\nMaintainer: Dustin Kirkland <kirkland@ubuntu.com>\r\nInstalled-Size: 98.3 kB\r\nDepends: ca-certificates, openssh-client, python-requests (>= 1.1.0), wget, python (>= 2.7), python (<< 2.8)\r\nRecommends: openssh-server\r\nHomepage: http://launchpad.net/ssh-import-id\r\nDownload-Size: 17.7 kB\r\nAPT-Manual-Installed: yes\r\nAPT-Sources: http://dennou-q.gfd-dennou.org/debian stretch/main amd64 Packages\r\nDescription: securely retrieve an SSH public key and install it locally\r\n This utility will securely contact a public keyserver (Launchpad.net by\r\n default, but Github.com is also supported), retrieve one or more user's\r\n public keys, and append these to the current user's ~/.ssh/authorized_keys\r\n file.$ ssh-import-id -h\r\nusage: ssh-import-id [-h] [-o FILE] [-r] USERID [USERID ...]\r\n\r\nAuthorize SSH public keys from trusted online identities.\r\n\r\npositional arguments:\r\n USERID User IDs to import\r\n\r\noptional arguments:\r\n -h, --help show this help message and exit\r\n -o FILE, --output FILE\r\n Write output to file (default ~/.ssh/authorized_keys)\r\n -r, --remove Remove a key from authorized keys fileLaunchPad\u306e matoken \u306e\u9375\u3092\u30a4\u30f3\u30dd\u30fc\u30c8
$ ssh-import-id -o - lp:matoken\r\n2016-04-10 19:07:35,698 INFO Authorized key ['4096', 'SHA256:4MQHGaIDjLbnM3kU5rgFSq6cDou3LUYSjSTumL+eFKw', 'mk@rsa4k','(RSA)']\r\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDSnDzGBIHoX20WWjPrqn4JoWIHChE5JNqlnPxL0cSCj8wxQ9Y7AEgZfd9yq2ipXsBoVCi6D6ymk1/fQmEe8vW4U10ajb9VnA7ypy4Rjp1RV2RNyIS7jsJdYCMhGlXW8OlyKcxPbh6z/L/2ZuHbw32shJzMAs58JNNwxERQJDfPiJLq1WWrjOxAPCxtuTWddXfaZFgdxZQIXxW1TpTUqeu/OowQ8v1Mqt27agB2RZNPUOwe8A94cwJDbJNNpS7TIRgyKeApD45TKYc0w7ehbC42nURM//4PguHXBC3Arp1P3/Z4/DGdnLOrXU9fUWe0g+ucyT4aL6pI0on8mOivv2CcnePvTDHIwRIchibp0lPtBLOS4pmQFHf5U5N2SZF+B0dI/3Q4Sd9BC5VmF9owLi1bXRZw17Hqpgj2tOnI3HYTOvbssLt0DQcQBOE4puQ9epc+Lioqw6+SvCtiQl1pGl3b3reQh61q4lhc+FRtYvsUIOrjYHJ+QG0sGTVuC/RUWTbCterWX3ogENAYNWGv/83Z9sMCQTr894unhru1LHCmnGouxhtZ0lbWt/OVdsNcONu9RK/GlccDnuOj8THOIVghHJP9/9I6lTS4rX4aXAMaXns1hi5sO5WOGKhUNbUbW6vHTJCdoXjuajL0PJmr2Fa4H8qH0GQzFuhCu82txkjWnQ== mk@rsa4k# ssh-import-id lp:matoken\r\n2016-04-10 19:07:35,698 INFO [1] SSH keys [Authorized]\u3053\u308c\u3082LaunchPad\u306e matoken \u306e\u9375\u3092\u30a4\u30f3\u30dd\u30fc\u30c8
$ ssh-import-id -o - matoken\r\n2016-04-10 19:08:26,513 INFO Authorized key ['4096', 'SHA256:4MQHGaIDjLbnM3kU5rgFSq6cDou3LUYSjSTumL+eFKw', 'mk@rsa4k','(RSA)']\r\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDSnDzGBIHoX20WWjPrqn4JoWIHChE5JNqlnPxL0cSCj8wxQ9Y7AEgZfd9yq2ipXsBoVCi6D6ymk1/fQmEe8vW4U10ajb9VnA7ypy4Rjp1RV2RNyIS7jsJdYCMhGlXW8OlyKcxPbh6z/L/2ZuHbw32shJzMAs58JNNwxERQJDfPiJLq1WWrjOxAPCxtuTWddXfaZFgdxZQIXxW1TpTUqeu/OowQ8v1Mqt27agB2RZNPUOwe8A94cwJDbJNNpS7TIRgyKeApD45TKYc0w7ehbC42nURM//4PguHXBC3Arp1P3/Z4/DGdnLOrXU9fUWe0g+ucyT4aL6pI0on8mOivv2CcnePvTDHIwRIchibp0lPtBLOS4pmQFHf5U5N2SZF+B0dI/3Q4Sd9BC5VmF9owLi1bXRZw17Hqpgj2tOnI3HYTOvbssLt0DQcQBOE4puQ9epc+Lioqw6+SvCtiQl1pGl3b3reQh61q4lhc+FRtYvsUIOrjYHJ+QG0sGTVuC/RUWTbCterWX3ogENAYNWGv/83Z9sMCQTr894unhru1LHCmnGouxhtZ0lbWt/OVdsNcONu9RK/GlccDnuOj8THOIVghHJP9/9I6lTS4rX4aXAMaXns1hi5sO5WOGKhUNbUbW6vHTJCdoXjuajL0PJmr2Fa4H8qH0GQzFuhCu82txkjWnQ== mk@rsa4k# ssh-import-id lp:matoken\r\n2016-04-10 19:08:26,513 INFO [1] SSH keys [Authorized]GitHUB\u306e matoken \u306e\u9375\u3092\u30a4\u30f3\u30dd\u30fc\u30c8\uff0e\u8907\u6570\u3042\u308b\u3068\u5168\u90e8\u30a4\u30f3\u30dd\u30fc\u30c8\u3055\u308c\u308b\u3088\u3046\uff0e
$ ssh-import-id -o - gh:matoken\r\n2016-04-10 19:07:24,965 INFO Authorized key ['256', 'SHA256:B+hArXsApncIXlNlHoHnYxEV3Wfl9WdQLp5TwuTjqjY', 'matoken@github/8506592','(ECDSA)']\r\n2016-04-10 19:07:24,972 INFO Authorized key ['256', 'SHA256:Jv7NHotumFU7z1fCRkJnfKwR0EtAweHWMIrduS4dXeM', 'matoken@github/16598604','(ED25519)']\r\necdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBA0otYIHWIP6/Zt1t3Zj1FBPEiq6dcOUItrxlfwfyvlVAqRRDWqdZQEA5jdYNWU/vSaxZZ6STCKfiEwORdQvqa8= matoken@github/8506592# ssh-import-id gh:matoken\r\nssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPgwY9aZPxN/YoBBzd7TOcCk7EuGO0E9PuUjCHPtTuHP matoken@github/16598604# ssh-import-id gh:matoken\r\n2016-04-10 19:07:24,972 INFO [2] SSH keys [Authorized]LaunchPad\u3068GitHUB\u3092\u540c\u6642\u306b\u30a4\u30f3\u30dd\u30fc\u30c8\uff0e
\n$ ssh-import-id -o ~/tmp/authorized_keys gh:matoken lp:matoken\r\n2016-04-10 19:55:51,043 INFO Authorized key ['256', 'SHA256:B+hArXsApncIXlNlHoHnYxEV3Wfl9WdQLp5TwuTjqjY', 'matoken@github/8506592', '(ECDSA)']\r\n2016-04-10 19:55:51,058 INFO Authorized key ['256', 'SHA256:Jv7NHotumFU7z1fCRkJnfKwR0EtAweHWMIrduS4dXeM', 'matoken@github/16598604', '(ED25519)']\r\n2016-04-10 19:55:53,031 INFO Authorized key ['4096', 'SHA256:4MQHGaIDjLbnM3kU5rgFSq6cDou3LUYSjSTumL+eFKw', 'mk@rsa4k', '(RSA)']\r\n2016-04-10 19:55:53,034 INFO [3] SSH keys [Authorized]\r\n$ cat ~/tmp/authorized_keys\r\necdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBA0otYIHWIP6/Zt1t3Zj1FBPEiq6dcOUItrxlfwfyvlVAqRRDWqdZQEA5jdYNWU/vSaxZZ6STCKfiEwORdQvqa8= matoken@github/8506592 # ssh-import-id gh:matoken\r\nssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPgwY9aZPxN/YoBBzd7TOcCk7EuGO0E9PuUjCHPtTuHP matoken@github/16598604 # ssh-import-id gh:matoken\r\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDSnDzGBIHoX20WWjPrqn4JoWIHChE5JNqlnPxL0cSCj8wxQ9Y7AEgZfd9yq2ipXsBoVCi6D6ymk1/fQmEe8vW4U10ajb9VnA7ypy4Rjp1RV2RNyIS7jsJdYCMhGlXW8OlyKcxPbh6z/L/2ZuHbw32shJzMAs58JNNwxERQJDfPiJLq1WWrjOxAPCxtuTWddXfaZFgdxZQIXxW1TpTUqeu/OowQ8v1Mqt27agB2RZNPUOwe8A94cwJDbJNNpS7TIRgyKeApD45TKYc0w7ehbC42nURM//4PguHXBC3Arp1P3/Z4/DGdnLOrXU9fUWe0g+ucyT4aL6pI0on8mOivv2CcnePvTDHIwRIchibp0lPtBLOS4pmQFHf5U5N2SZF+B0dI/3Q4Sd9BC5VmF9owLi1bXRZw17Hqpgj2tOnI3HYTOvbssLt0DQcQBOE4puQ9epc+Lioqw6+SvCtiQl1pGl3b3reQh61q4lhc+FRtYvsUIOrjYHJ+QG0sGTVuC/RUWTbCterWX3ogENAYNWGv/83Z9sMCQTr894unhru1LHCmnGouxhtZ0lbWt/OVdsNcONu9RK/GlccDnuOj8THOIVghHJP9/9I6lTS4rX4aXAMaXns1hi5sO5WOGKhUNbUbW6vHTJCdoXjuajL0PJmr2Fa4H8qH0GQzFuhCu82txkjWnQ== mk@rsa4k # ssh-import-id lp:matoken-r \u3067\u9375\u306e\u524a\u9664\uff0e
$ ssh-import-id -r -o ~/tmp/authorized_keys gh:matoken\r\n2016-04-10 19:56:08,827 INFO Removed labeled key ['256', 'SHA256:B+hArXsApncIXlNlHoHnYxEV3Wfl9WdQLp5TwuTjqjY', 'matoken@github/8506592', '(ECDSA)']\r\n2016-04-10 19:56:08,837 INFO Removed labeled key ['256', 'SHA256:Jv7NHotumFU7z1fCRkJnfKwR0EtAweHWMIrduS4dXeM', 'matoken@github/16598604', '(ED25519)']\r\n2016-04-10 19:56:08,837 INFO [2] SSH keys [Removed]\r\n$ cat ~/tmp/authorized_keys\r\nssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDSnDzGBIHoX20WWjPrqn4JoWIHChE5JNqlnPxL0cSCj8wxQ9Y7AEgZfd9yq2ipXsBoVCi6D6ymk1/fQmEe8vW4U10ajb9VnA7ypy4Rjp1RV2RNyIS7jsJdYCMhGlXW8OlyKcxPbh6z/L/2ZuHbw32shJzMAs58JNNwxERQJDfPiJLq1WWrjOxAPCxtuTWddXfaZFgdxZQIXxW1TpTUqeu/OowQ8v1Mqt27agB2RZNPUOwe8A94cwJDbJNNpS7TIRgyKeApD45TKYc0w7ehbC42nURM//4PguHXBC3Arp1P3/Z4/DGdnLOrXU9fUWe0g+ucyT4aL6pI0on8mOivv2CcnePvTDHIwRIchibp0lPtBLOS4pmQFHf5U5N2SZF+B0dI/3Q4Sd9BC5VmF9owLi1bXRZw17Hqpgj2tOnI3HYTOvbssLt0DQcQBOE4puQ9epc+Lioqw6+SvCtiQl1pGl3b3reQh61q4lhc+FRtYvsUIOrjYHJ+QG0sGTVuC/RUWTbCterWX3ogENAYNWGv/83Z9sMCQTr894unhru1LHCmnGouxhtZ0lbWt/OVdsNcONu9RK/GlccDnuOj8THOIVghHJP9/9I6lTS4rX4aXAMaXns1hi5sO5WOGKhUNbUbW6vHTJCdoXjuajL0PJmr2Fa4H8qH0GQzFuhCu82txkjWnQ== mk@rsa4k # ssh-import-id lp:matoken\r\n\r\n$ ssh-import-id -r -o ~/tmp/authorized_keys matoken\r\n2016-04-10 19:57:54,852 INFO Removed labeled key ['4096', 'SHA256:4MQHGaIDjLbnM3kU5rgFSq6cDou3LUYSjSTumL+eFKw', 'mk@rsa4k', '(RSA)']\r\n2016-04-10 19:57:54,853 INFO [1] SSH keys [Removed]\r\n$ cat ~/tmp/authorized_keys\u65b0\u898f\u30d5\u30a1\u30a4\u30eb\u3067\u3082\u30d1\u30fc\u30df\u30c3\u30b7\u30e7\u30f3\u306f\u9069\u5207\u306b\u8a2d\u5b9a\u3055\u308c\u3066\u3044\u308b\uff0e
\n$ ls -l ~/tmp/authorized_keys\r\n-rw------- 1 mk mk 0 4\u6708 10 19:57 /home/mk/tmp/authorized_keys\u3061\u306a\u307f\u306b
\n/etc/ssh/ssh_import_id
\n\u3092\u66f8\u304d\u63db\u3048\u308b\u3068\u4efb\u610f\u306e\u30b5\u30fc\u30d0\u3092\u4f7f\u3046\u3053\u3068\u3082\u53ef\u80fd\uff0e
- \"URL\": \"https://launchpad.net/~%s/+sshkeys\"\r\n+ \"URL\": \"https://example.org/~%s/+sshkeys\"\u3053\u308c\u3060\u3068
\n$ ssh-import-id matoken\u3067 https://example.org/~matoken/+sshkeys \u304c\u53d6\u308a\u8fbc\u307e\u308c\u308b\uff0e
\nlp\u306f\u4e0a\u66f8\u304d\u3055\u308c\u3061\u3083\u3046\u611f\u3058?
OpenSSH 7.2\u30ea\u30ea\u30fc\u30b9\u30cd\u30bf\u7d9a\u304d\u3067\u3059\uff0e
\n\u3053\u3053\u3067\u306fssh-keygen\u306e\u65b0\u6a5f\u80fd\u3092\u8a66\u3057\u3066\u307f\u307e\u3059\uff0e
\u5148\u305a\u306f\u9375\u306e\u30b3\u30e1\u30f3\u30c8\u5909\u66f4\uff0e
\n\n\n* ssh-keygen(1): allow ssh-keygen to change the key comment for all
\n
\nsupported formats.
\n\nssh-keygen(1): \u3059\u3079\u3066\u306e\u30b5\u30dd\u30fc\u30c8\u3059\u308b\u5f62\u5f0f\u306b\u3064\u3044\u3066 ssh-keygen \u304c
\n
\n\u9375\u306e\u30b3\u30e1\u30f3\u30c8\u3092\u5909\u66f4\u3067\u304d\u308b\u3088\u3046\u306b\u3059\u308b
man\u3084help\u3092\u898b\u308b\u3068-c\u30aa\u30d7\u30b7\u30e7\u30f3\u306e\u3088\u3046\u3067\u3059\uff0e
\n
\n
\u9069\u5f53\u306a\u9375\u3092\u4f5c\u3063\u3066\u66f8\u304d\u63db\u3048\u3066\u307f\u307e\u3057\u305f\uff0etest comment\u304cchange comment\u306b\u66f8\u304d\u63db\u308f\u308a\u307e\u3057\u305f\uff0e\u624b\u3067\u66f8\u304d\u63db\u3048\u308b\u3068\u30df\u30b9\u3059\u308b\u3053\u3068\u3082\u3042\u308b\u306e\u3067\u3044\u3044\u304b\u3082\u3057\u308c\u307e\u305b\u3093\uff0e
\n
-f\u30aa\u30d7\u30b7\u30e7\u30f3\u306e\u30d5\u30a1\u30a4\u30eb\u306e\u4ee3\u308f\u308a\u306b-\u3092\u6307\u5b9a\u3059\u308b\u3068\u6a19\u6e96\u5165\u529b\u304b\u3089\u9375\u3092\u8aad\u307f\u8fbc\u307f\u307e\u3059\uff0e\u30d5\u30a1\u30a4\u30eb\u6307\u5b9a\u306e\u5834\u5408\u306f\u79d8\u5bc6\u9375\u3082\u516c\u958b\u9375\u3082\u3044\u3051\u307e\u3059\u304c\uff0c\u6a19\u6e96\u5165\u529b\u304b\u3089\u3060\u3068\u516c\u958b\u9375\u306e\u307f\u306e\u3088\u3046\u3067\u3059\uff0e
\n
host\u9375\u5168\u90e8\u3068\u304b\u306f\u3053\u3093\u306a\u611f\u3058\u3067\u884c\u3051\u307e\u3059\u306d\uff0e
\n\n
\n\n* ssh-keygen(1): allow fingerprinting multiple public keys in a
\n
\nfile, e.g. \u201cssh-keygen -lf ~/.ssh/authorized_keys\u201d bz#1319
\n\nssh-keygen(1): \u30d5\u30a1\u30a4\u30eb\u306b\u542b\u307e\u308c\u308b\u8907\u6570\u306e\u516c\u958b\u9375\u306e\u6307\u7d0b\u8868\u793a\u3092
\n
\n\u3067\u304d\u308b\u3088\u3046\u306b\u3059\u308b. \u3064\u307e\u308a
\n\u201cssh-keygen -lf ~/.ssh/authorized_keys\u201d bz#1319
\u3053\u3061\u3089\u306e\u5834\u5408\u3082\u79d8\u5bc6\u9375\u306e\u9375\u6307\u7d0b\u306f\u53d6\u5f97\u3067\u304d\u306a\u3044\u3067\u3059\uff0e\u3061\u306a\u307f\u306b\u30a8\u30e9\u30fc\u306a\u3069\u306f\u51fa\u305a\u30b9\u30ad\u30c3\u30d7\u3055\u308c\u307e\u3059\uff0e
\n\n
\uff03\u898b\u3065\u3089\u3044\u3067\u3059\u306d><
\n-v\u3092\u4ed8\u3051\u308b\u3068\u79d8\u5bc6\u9375\u306e\u3068\u3053\u308d\u3067not a public key\u3068\u8a00\u308f\u308c\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3059\uff0e
\n\n
\n
OpenSSH 7.2\u304c\u30ea\u30ea\u30fc\u30b9\u3055\u308c\u307e\u3057\u305f :)
\n\u3068\u3044\u3046\u3053\u3068\u3067\u6c17\u306b\u306a\u3063\u305f\u4ee5\u4e0b\u306e\u65b0\u6a5f\u80fd\u3092\u8a66\u3057\u3066\u307f\u307e\u3059\uff0e
\n\n\n* sshd(8): add a new authorized_keys option \u201crestrict\u201d that includes
\n
\nall current and future key restrictions (no-*-forwarding, etc.).
\nAlso add permissive versions of the existing restrictions, e.g.
\n\u201cno-pty\u201d -> \u201cpty\u201d. This simplifies the task of setting up
\nrestricted keys and ensures they are maximally-restricted,
\nregardless of any permissions we might implement in the future.
\n\nsshd(8): authorized_keys \u306e\u30aa\u30d7\u30b7\u30e7\u30f3\u306b \u201crestrict\u201d \u3092\u8ffd\u52a0\u3059\u308b.
\n
\n\u3053\u308c\u306f, (no-*-forwarding \u306a\u3069\u306e) \u73fe\u5728\u3068\u5c06\u6765\u306e\u3059\u3079\u3066\u306e\u5236\u9650\u3092\u542b\u3080.
\n\u3055\u3089\u306b, \u73fe\u5728\u306e\u5236\u9650\u306e\u8a31\u53ef\u30d0\u30fc\u30b8\u30e7\u30f3\u3082\u8ffd\u52a0\u3059\u308b. \u3064\u307e\u308a,
\n\u201cno-pty\u201d -> \u201cpty\u201d. \u3053\u308c\u306b\u3088\u308a, \u5236\u9650\u4ed8\u304d\u306e\u9375\u306e\u8a2d\u5b9a\u306e\u30bf\u30b9\u30af\u304c
\n\u5358\u7d14\u5316\u3057, \u5c06\u6765\u5b9f\u88c5\u3059\u308b\u3059\u3079\u3066\u306e\u8a31\u53ef\u306b\u95a2\u4fc2\u306a\u304f
\n\u9375\u304c\u6700\u5927\u306b\u5236\u9650\u3055\u308c\u3066\u3044\u308b\u3053\u3068\u3092\u5703\u5834\u3067\u304d\u308b.
prefix\u4ee5\u5916\u306f\u898f\u5b9a\u5024\u306e\u307e\u307e\u3067buid
\n\n
\u9069\u5f53\u306b7.2\u306e\u30c7\u30fc\u30e2\u30f3\u3092\u8d77\u52d5
\n\n
\u9069\u5f53\u306a\u9375\u3092\u4f5c\u3063\u3066~/.ssh/authorized_keys\u306b\u767b\u9332\u3057\u3066\u30ed\u30b0\u30a4\u30f3\u30c6\u30b9\u30c8\uff0e
\n
authorized_keys\u306e\u8a72\u5f53\u9375\u884c\u306e\u982d\u306b
\n\n
restrict\u3092\u8ffd\u8a18\u3057\u3066
\n
ssh 7.2\u3067\u63a5\u7d9a\u3092\u8a66\u3057\u307e\u3059\uff0e
\n\n
sshd\u5074\u306e\u6a5f\u80fd\u306a\u306e\u3067ssh 7.1\u3067\u7e4b\u3044\u3067\u3082\u5236\u9650\u3055\u308c\u307e\u3059\uff0e
\n\n
restrict,pty \u306e\u3088\u3046\u306bpty\u3092\u8ffd\u8a18\u3057\u3066-X/-Y\u3092\u8a66\u3059\u3068pty\u304c\u4f7f\u3048\u3066X\u306f\u5236\u9650\u3055\u308c\u3066\u3044\u308b\u306e\u304c\u78ba\u8a8d\u3067\u304d\u307e\u3057\u305f\uff0e
\n
\u3053\u308c\u307e\u3067\u306f\u305a\u3089\u305a\u3089\u3068\u5236\u9650\u3092\u66f8\u304f\u5fc5\u8981\u304c\u3063\u305f\u306e\u304c\u30b7\u30f3\u30d7\u30eb\u306b\u66f8\u3051\u308b\u3088\u3046\u306b\u306a\u308a\u305d\u3046\u3067\u3059 :)
\n\u4ee5\u4e0b\u306e\u4ef6\u306f\u5225\u30a8\u30f3\u30c8\u30ea\u306b\u3066
\n
\n
\u3075\u3068\u3042\u308bhost\u306bED25519\u306e\u30b5\u30fc\u30d0\u9375\u304c\u306a\u3044\u306e\u306b\u6c17\u3065\u3044\u305f\u306e\u3067\u4f5c\u308a\u307e\u3057\u305f\uff0e
\n\u30d5\u30a1\u30a4\u30eb\u540d\u3092\u6307\u5b9a\u3057\u3066\u4f5c\u308b\u304b\uff0c
\n\n
ssh-keygen -A\u3067\u8db3\u308a\u306a\u3044\u3082\u306e\u3092\u81ea\u52d5\u751f\u6210\u3057\u3066\u3082\u3089\u3044\u307e\u3059\uff0e-A\u306e\u5834\u5408\u9375\u6307\u7d0b\u304c\u51fa\u3066\u3053\u306a\u3044\u306e\u3067`ssh-keygen -lf\u3068\u304b\u3067\u78ba\u8a8d\u3057\u307e\u3057\u3087\u3046\uff0e
\n
\u898f\u5b9a\u5024\u3067\u6709\u52b9\u306b\u306a\u3063\u3066\u3044\u308b\u3068\u601d\u3046\u3051\u3069\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u306b\u3082\u8a18\u8ff0\u3057\u3066\u30c7\u30fc\u30e2\u30f3\u3092reload\uff0e
\n\n
ed25519\u3067\u5e30\u3063\u3066\u304f\u308b\u304b\u78ba\u8a8d\uff0e
\n\n
\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u5074\u306eknown_hosts\u304b\u3089\u53e4\u3044\u3082\u306e\u3092\u6d88\u3057\u3066\u767b\u9332\u3057\u306a\u304a\u3057\u3066\uff0c
\n\n
\u5f8c\u306fDNS\u306b\u767b\u9332\u3057\u305f\u308a\u2026\u2026\u3063\u3066ed25519\u306f\u30a8\u30e9\u30fc\u306b\u306a\u308b\u307f\u305f\u3044\u3067\u3059\u306d\uff0e
\n\n
\u3061\u306a\u307f\u306bED25519\u306fOpenSSH 6.5p1\u3067\u5165\u308a\u307e\u3057\u305f\uff0e
\n\n", "content_text": "\u3075\u3068\u3042\u308bhost\u306bED25519\u306e\u30b5\u30fc\u30d0\u9375\u304c\u306a\u3044\u306e\u306b\u6c17\u3065\u3044\u305f\u306e\u3067\u4f5c\u308a\u307e\u3057\u305f\uff0e\n\u30d5\u30a1\u30a4\u30eb\u540d\u3092\u6307\u5b9a\u3057\u3066\u4f5c\u308b\u304b\uff0c\n$ sudo ssh-keygen -N '' -f /etc/ssh/ssh_host_ed25519_keyGenerating public/private rsa key pair.Your identification has been saved in ./ssh_host_ed25519_key.Your public key has been saved in ./ssh_host_ed25519_key.pub.The key fingerprint is:f3:55:7f:02:04:92:c3:e0:4c:8c:7a:05:6a:00:28:da root@microThe key's randomart image is:+--[ RSA 2048]----+|= .+oo..... ||o. ..+o +. . ||o.o. .o . . . ||..E . o . || . S . . o|| o . ..|| . || || |+-----------------+\nssh-keygen -A\u3067\u8db3\u308a\u306a\u3044\u3082\u306e\u3092\u81ea\u52d5\u751f\u6210\u3057\u3066\u3082\u3089\u3044\u307e\u3059\uff0e-A\u306e\u5834\u5408\u9375\u6307\u7d0b\u304c\u51fa\u3066\u3053\u306a\u3044\u306e\u3067`ssh-keygen -lf\u3068\u304b\u3067\u78ba\u8a8d\u3057\u307e\u3057\u3087\u3046\uff0e\n$ sudo ssh-keygen -Assh-keygen: generating new host keys: ED25519$ cat /etc/ssh/ssh_host_ed25519_key.pubssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINYCcWp86jHwcb56mvdFMpCjovBH8eAa99OufTUEYycU root@micro$ ssh-keygen -lf /etc/ssh/ssh_host_ed25519_key256 bf:f8:4a:5b:2d:da:72:84:e7:87:25:1b:9d:1c:56:b2 root@micro (ED25519)\n\u898f\u5b9a\u5024\u3067\u6709\u52b9\u306b\u306a\u3063\u3066\u3044\u308b\u3068\u601d\u3046\u3051\u3069\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u306b\u3082\u8a18\u8ff0\u3057\u3066\u30c7\u30fc\u30e2\u30f3\u3092reload\uff0e\n$ grep ed25519 /etc/ssh/sshd_configHostKey /etc/ssh/ssh_host_ed25519_key$ sudo service ssh restart\ned25519\u3067\u5e30\u3063\u3066\u304f\u308b\u304b\u78ba\u8a8d\uff0e\n$ ssh-keyscan -p 2222 -t ed25519 localhost# localhost SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.6localhost ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINYCcWp86jHwcb56mvdFMpCjovBH8eAa99OufTUEYycU\n\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u5074\u306eknown_hosts\u304b\u3089\u53e4\u3044\u3082\u306e\u3092\u6d88\u3057\u3066\u767b\u9332\u3057\u306a\u304a\u3057\u3066\uff0c\n$ ssh-keygen -f ~/.ssh/known_hosts -R [192.168.1.102]:2222$ ssh -o HostKeyAlgorithms=ssh-ed25519 microThe authenticity of host '[192.168.1.102]:2222 ([192.168.1.102]:2222)' can't be established.ED25519 key fingerprint is SHA256:H8TMbIG65XqBAeiST98ThJq/Ux7RHerpMGXnxVJ7EjE.+--[ED25519 256]--+| . . .. E. || . o . .=..o. || o o o o oB+ o ||o = = *o+ = . || + o . %S+.o o || . o X =... || + B .. || o o o || . . |+----[SHA256]-----+Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added '[192.168.1.102]:2222' (ED25519) to the list of known hosts. \n\u5f8c\u306fDNS\u306b\u767b\u9332\u3057\u305f\u308a\u2026\u2026\u3063\u3066ed25519\u306f\u30a8\u30e9\u30fc\u306b\u306a\u308b\u307f\u305f\u3044\u3067\u3059\u306d\uff0e\n$ ssh-keygen -r example.org -f /etc/ssh/ssh_host_ed25519_keyexport_dns_rr: unsupported algorithm and/or digest_type\n\u3061\u306a\u307f\u306bED25519\u306fOpenSSH 6.5p1\u3067\u5165\u308a\u307e\u3057\u305f\uff0e", "date_published": "2016-02-28T01:07:12+09:00", "date_modified": "2016-02-28T04:21:31+09:00", "authors": [ { "name": "matoken", "url": "https://matoken.org/blog/author/matoken/", "avatar": "https://secure.gravatar.com/avatar/38f5f3b575c5eb45cda6aa659bca119ac7a5e16b46565e869d0030e3bd66981d?s=512&d=mm&r=g" } ], "author": { "name": "matoken", "url": "https://matoken.org/blog/author/matoken/", "avatar": "https://secure.gravatar.com/avatar/38f5f3b575c5eb45cda6aa659bca119ac7a5e16b46565e869d0030e3bd66981d?s=512&d=mm&r=g" }, "tags": [ "Linux", "OpenSSH" ] }, { "id": "http://matoken.org/blog/?p=786", "url": "https://matoken.org/blog/2015/03/29/openssh_6-8_6-8p1-fingerprint_algorithm/", "title": "OpenSSH 6.8/6.8p1 \u3067\u9375\u6307\u7d0b\u306e\u30a2\u30eb\u30b4\u30ea\u30ba\u30e0\u306e\u898f\u5b9a\u5024\u304c\u5909\u308f\u3063\u305f\u306e\u3067\u8a66\u3059", "content_html": "![\"openssh\"](\"https://farm8.staticflickr.com/7612/16771103418_d0789f1b03_o.gif\")
OpenSSH 6.8/6.8p1 \u306e\u30ea\u30ea\u30fc\u30b9\u30ce\u30fc\u30c8\u3092\u773a\u3081\u3066\u3044\u3066\u6c17\u306b\u306a\u308b\u70b9\u304c\uff0e
http://www.openssh.com/txt/release-6.8
* Add FingerprintHash option to ssh(1) and sshd(8), and equivalent\r\n command-line flags to the other tools to control algorithm used\r\n for key fingerprints. The default changes from MD5 to SHA256 and\r\n format from hex to base64.\r\n Fingerprints now have the hash algorithm prepended. An example of\r\n the new format: SHA256:mVPwvezndPv/ARoIadVY98vAC0g+P/5633yTC4d/wXE\r\n Please note that visual host keys will also be different.\r\n\u9375\u6307\u7d0b\u306e\u898f\u5b9a\u30a2\u30eb\u30b4\u30ea\u30ba\u30e0\u304cMD5 \u304b\u3089SHA256 \u306b\u5909\u308f\u308a\uff0c\u8868\u793a\u5f62\u5f0f\u3082hex \u304b\u3089base64 \u306b\u306a\u3063\u305f\uff0cvisual host key \u3082\u5909\u308f\u308b\uff0e\u3068\u3044\u3046\u3053\u3068\u3067\u78ba\u8a8d\u3057\u3066\u307f\u307e\u3057\u305f\uff0e
\n\u5f93\u6765\u306e\u30b3\u30de\u30f3\u30c9\u3067\u306e\u9375\u6307\u7d0b\u8868\u793a\uff0eMD5/hex \u304c\u4f7f\u308f\u308c\u308b
\n% ssh-keygen -l -v -f /etc/ssh/ssh_host_ecdsa_key\r\n256 e8:d0:53:e7:34:59:e9:77:3a:e7:8d:8a:a9:f6:91:84 /etc/ssh/ssh_host_ecdsa_key.pub (ECDSA)\r\n+---[ECDSA 256]---+\r\n| .. |\r\n| o. |\r\n| . =. |\r\n| . o = .. . .|\r\n| . + E o . o |\r\n| o . . . o .|\r\n| . o =.|\r\n| . + . o|\r\n| ..o+ .. |\r\n+-----------------+\r\nOpenSSH 6.8/6.8p1 \u306e\u30b3\u30de\u30f3\u30c9\u3067\u306e\u9375\u6307\u7d0b\u8868\u793a\uff0eSHA256/base64\u304c\u4f7f\u308f\u308c\u3066\u9375\u6307\u7d0b\u306e\u982d\u306bSHA256\u304c\u4ed8\u3044\u305f\u308avisual host key \u306e\u898b\u305f\u76ee\u3082\u5909\u308f\u308b\uff0e
\n% /home/mk/usr/local/openssh-6.8p1/bin/ssh-keygen -l -v -f /etc/ssh/ssh_host_ecdsa_key\r\n256 SHA256:pDZReijOXeDXAE0IgYb5E+DHgbyvClEllKCs499RI54 root@x220(ECDSA)\r\n+---[ECDSA 256]---+\r\n|+*+++oo=+ |\r\n|*o*o...=.o |\r\n|.=o+. = = . |\r\n|.o+o o B |\r\n|+ ..o.=oS |\r\n|.o ...+.. |\r\n|... E |\r\n|... . . |\r\n|o . . |\r\n+----[SHA256]-----+\r\n\u3057\u304b\u3057\uff0c-E option \u304c\u63d0\u4f9b\u3055\u308c\u308b\u3088\u3046\u306b\u306a\u3063\u3066\u30a2\u30eb\u30b4\u30ea\u30ba\u30e0\u3092\u6307\u5b9a\u3067\u304d\u308b\u306e\u3067\u3053\u308c\u3067MD5/hex \u3067\u9375\u6307\u7d0b\u306e\u78ba\u8a8d\u304c\u53ef\u80fd\uff0e
\u203bssh-keygen \u2014help \u3088\u308a
ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]\r\n\u203bman \u3088\u308a
\n -E fingerprint_hash\r\n Specifies the hash algorithm used when displaying key fingerprints. Valid options are: \u201cmd5\u201d and \u201csha256\u201d. The default is \u201csha256\u201d.\r\nOpenSSH 6.8/6.8p1 \u306e\u30b3\u30de\u30f3\u30c9\u3067MD5 \u3092\u6307\u5b9a\uff0eMD5/hex \u3067\u9375\u6307\u7d0b\u304c\u8868\u793a\u3055\u308c\u308b\uff0e\u305f\u3060\uff0c\u30a2\u30eb\u30b4\u30ea\u30ba\u30e0\u306eMD5 \u304c\u9375\u6307\u7d0b\u306e\u982d\u306b\u3064\u304f\u3057\u5f8c\u308d\u306bcomment \u3082\u4ed8\u304f\u306e\u3067diff \u3068\u304b\u3092\u4f7f\u3046\u3068\u5dee\u7570\u304c\u51fa\u308b\uff0evisual host key \u3082\u4e0b\u306b[MD5]\u304c\u3064\u304f\u306e\u3067\u540c\u69d8\uff0e
% /home/mk/usr/local/openssh-6.8p1/bin/ssh-keygen -l -v -E md5 -f /etc/ssh/ssh_host_ecdsa_key\r\n256 MD5:e8:d0:53:e7:34:59:e9:77:3a:e7:8d:8a:a9:f6:91:84 root@x220(ECDSA)\r\n+---[ECDSA 256]---+\r\n| .. |\r\n| o. |\r\n| . =. |\r\n| . o = .. . .|\r\n| . + E o . o |\r\n| o . . . o .|\r\n| . o =.|\r\n| . + . o|\r\n| ..o+ .. |\r\n+------[MD5]------+\r\n% ssh-keygen -l -v -f /etc/ssh/ssh_host_ecdsa_key\r\n\u3066\u3053\u3068\u3067\u66ab\u304f\u306fMD5/SHA256\u306e2\u7a2e\u985e\u306e\u9375\u6307\u7d0b\u3092\u63d0\u4f9b\u3057\u305f\u307b\u3046\u304c\u826f\u3055\u305d\u3046\u3067\u3059\u306d\uff0e
\n