海运的博客

ssh生成私钥格式可选择PKCS8/PEM/SSH2，使用ssh-keygen生成PEM格式私钥：

ssh-keygen -t rsa -P "passwd" -b 4096 -C Haiyun -m PEM -f ~/.ssh/id_rsa

转换私钥格式为PKCS8或SSH2：

ssh-keygen -P "passwd" -N "passwd" -e -p -m PKCS8 -f ~/.ssh/id_rsa
ssh-keygen -P "passwd" -N "passwd" -e -p -m SSH2 -f ~/.ssh/id_rsa

从ssh私钥生成openssl可识别的公钥：

ssh-keygen -e -m PKCS8 -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub.pkcs8
openssl rsa -in ~/.ssh/id_rsa -pubout -outform PEM > ~/.ssh/id_rsa.pub.pkcs8

openssl使用公私钥加解密：

openssl rsautl -encrypt -pubin -inkey ~/.ssh/id_rsa.pub.pkcs8 -ssl -in test.txt -out test.enc
openssl rsautl -decrypt -inkey ~/.ssh/id_rsa -in test.enc -out test.dec

删除qemu-guest-agent软件包：

systemctl stop qemu-guest-agent     
apt-get autoremove --purge qemu-guest-agent -y 

qemu-guest-agent通过virtio_console内核模块建立的虚拟设备和服务器交互：

/dev/virtio-ports/org.qemu.guest_agent.0
/dev/vport1p1

卸载并禁用virtio_console模块：

rmmod virtio_console 
echo "blacklist virtio_console" >> /etc/modprobe.d/blacklist.conf

登录ssh时将agent sock链接到固定文件：

cat << EOF > ~/.ssh/rc 
#!/bin/bash
if [ -S "\$SSH_AUTH_SOCK" ]; then
    ln -sf \$SSH_AUTH_SOCK ~/.ssh/ssh_auth_sock
fi
EOF
chmod +x ~/.ssh/rc 

tmux更新SSH_AUTH_SOCK变量：

cat << EOF >> ~/.tmux.conf 
#先删除SSH_AUTH_SOCK变量，不然设置无效
set -g -u update-environment[3]
setenv -g 'SSH_AUTH_SOCK' ~/.ssh/ssh_auth_sock
EOF

dropbear可使用此方法：

alias ssh='[ -n "$TMUX" ] && [ -n $SSH_AUTH_SOCK ] && eval $(tmux showenv -s SSH_AUTH_SOCK); /usr/bin/ssh'
alias scp='[ -n "$TMUX" ] && [ -n $SSH_AUTH_SOCK ] && eval $(tmux showenv -s SSH_AUTH_SOCK); /usr/bin/scp'

https://stackoverflow.com/questions/21378569/how-to-auto-update-ssh-agent-environment-variables-when-attaching-to-existing-tm