Editing Ssh-keygen (command)

Jump to navigation Jump to search

Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
{{lowercase}}
+
<code>ssh-keygen</code><ref>http://man7.org/linux/man-pages/man1/ssh-keygen.1.html</ref> is an [[OpenSSH]] software command used to generate, manage, and convert [[authentication keys]]. It support at least four different key types [[RSA]], [[DSA]], [[ECDSA]] and [[ed25519]].
<code>ssh-keygen</code><ref>http://man7.org/linux/man-pages/man1/ssh-keygen.1.html</ref> is an [[OpenSSH]] software command used to generate, manage, and convert [[authentication keys]]. It support at least four different [[key]] types [[RSA]], [[DSA]], [[ECDSA]] and [[ed25519]].
 
* https://www.man7.org/linux/man-pages/man1/ssh-keygen.1.html
 
 
 
[[~/.ssh/]]
 
 
 
== Commands ==
 
* <code>[[ssh-keygen --help]]</code>
 
* <code>[[ssh-keygen -s]]</code>
 
* <code>[[ssh-keygen -p]]</code>
 
 
 
== Generate a key par ==
 
* <code>[[ssh-keygen]]</code>
 
* <code>[[ssh-keygen -t ed25519]]</code> (There is no need to set the [[key size]], as all [[ed25519]] keys are 256 bits) other options:
 
<code>[-t [[dsa]] | [[ecdsa]] | [[ecdsa-sk]] | [[ed25519]] | [[ed25519-sk]] | [[ssh-keygen -t rsa|rsa]]]</code>
 
 
 
:::::Two files will be generated, one your private key and a second file containing second key (<code>[[.pub]]</code> extension)
 
 
 
* <code>ssh-keygen -t ed25519 -f ~/.ssh/your_new_ed25519_key</code>
 
 
 
* <code>ssh-keygen -t ed25519 -f ~/.ssh/your_new_ed25519_key -C "your_coment_or_email_address</code>
 
 
 
 
 
* <code>[[ssh-keygen -t rsa]]</code>
 
* <code>ssh-keygen -t [[rsa]] -f your_new_rsa_key</code>
 
 
 
* <code>[[ssh-keygen -A]]</code> Generate all (<code>-A</code>) [[rsa]], [[dsa]], [[ecdsa]] and [[ed25519]] key types.
 
 
 
* Generate [[FIDO]] key:
 
*<code>ssh-keygen -t [[ecdsa-sk]] -f ~/.ssh/id_ecdsa_sk</code>
 
*<code>Generating public/private ecdsa-sk key pair.</code>
 
 
 
Generate with [[PEM]] format:
 
* <code>[[ssh-keygen -m]] [[PEM]]</code>
 
* <code>ssh-keygen -m PEM -t rsa -f your_new_rsa_key[[.pem]]</code>
 
 
 
== Convert ==
 
ssh-keygen -e -m [[PEM]] -f private_key_in_ed25519_format
 
do_convert_to_pem: unsupported key type [[ED25519]]
 
 
 
* <code>ssh-keygen -l -f ~/.ssh/ssh_host_XXXXkey.pub</code>
 
* <code>-l      Show [[fingerprint]] of specified public key file.</code>
 
 
 
* <code>.ssh_host_XXXXkey.pub is not a public key file.</code>
 
 
 
===Legacy format===
 
<ref>https://superuser.com/questions/421997/what-is-a-ssh-key-fingerprint-and-how-is-it-generated</ref>
 
* <code>ssh-keygen -l -E [[md5]] -f ~/.ssh/ssh_host_XXXXkey.pub</code>
 
 
 
See also: [[puttygen]] -O [[fingerprint]]
 
  
 +
==Commands==
 +
* <code>ssh-keygen -l -f /etc/ssh/ssh_host_XXXXkey.pub</code>
 
* <code>ssh-keygen -vF host</code> (-v flag added in OpenSSH 8.1<ref>https://www.openssh.com/txt/release-8.1</ref>)
 
* <code>ssh-keygen -vF host</code> (-v flag added in OpenSSH 8.1<ref>https://www.openssh.com/txt/release-8.1</ref>)
 
+
* <code>ssh-keygen -t ed25519</code> (There is no need to set the key size, as all Ed25519 keys are 256 bits) other options: <code>[-t dsa | ecdsa | ed25519 | [[rsa]]]</code>
== Changelog ==
 
* [[OpenSSH 7.8]], released in August 2018 Incompatible changes: ssh-keygen write OpenSSH format private keys by default instead of using [[OpenSSL]]'s [[PEM]] format.
 
  
 
==Activities==
 
==Activities==
* Generate a new [[public private key]] using <code>[[ed25519]]</code> key format using the following command:
+
# Generate a public private key using ed25519 key format using the following command: <code>ssh-keygen -t ed25519</code>
:::<code>ssh-keygen -t ed25519</code>
+
# Solve" "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!" warning:  
* Solve" "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!" warning:  
+
::<code>ssh-keygen -R SERVER_NAME</code> -R Removes all keys belonging to hostname from a known_hosts file
::<code>ssh-keygen -R SERVER_NAME</code> -R Removes all keys belonging to hostname from a <code>[[known_hosts]]</code> file
 
 
::<code>ssh -oStrictHostKeyChecking=no SERVER_NAME</code> Temporarily turning off host key checking
 
::<code>ssh -oStrictHostKeyChecking=no SERVER_NAME</code> Temporarily turning off host key checking
:::Both solutions have security implications.
+
Both solutions have security implications.
* Understand different key types: <code>[[dsa]]</code>, <code>[[ecdsa]]</code>, <code>[[ed25519]]</code> and <code>[[RSA]]</code>
+
# Understand different key types: dsa, ecdsa, ed25519 and [[rsa]]
  
* Change or encrypt private key withouth changing the key: <ref>https://wiki.archlinux.org/index.php/SSH_keys#Changing_the_private_key's_passphrase_without_changing_the_key</ref>
+
== See also ==
<code>[[ssh-keygen -f]] ~/.ssh/id_rsa -p</code>
+
* [[Certification Authority]]
 
+
* [[OpenSSH/OpenSSH versions Release Notes]]/ Changelog
* Generate [[public key]] from [[private key]]:
+
* [[Kerberos]]
::<code>[[ssh-keygen -y]] -f ~/.ssh/id_rsa > ~./.ssh/[[id_rsa.pub]]</code>
 
* Generate a key par with old [[PEM]] format using:
 
::<code>[[ssh-keygen -m]] [[PEM]]</code>
 
 
 
* Changing the private key's passphrase without changing the key<ref>https://wiki.archlinux.org/index.php/SSH_keys#Changing_the_private_key's_passphrase_without_changing_the_key</ref>
 
<code>ssh-keygen -f ~/.ssh/[[id_rsa]] -p</code>
 
: <code>-p</code> change the passphrase of a private key file
 
 
 
* Generate [[fingerprint]] or ID of a key
 
[[ssh-keygen -lf]] your_key.pub
 
2048 SHA256:u6IaFqRcwp0QX0nPBa/HHB2k/g73tH+YkoaE0riGRAT NAME@XX (RSA)
 
 
 
ssh-keygen -lf your_key
 
your_key is not a key file.
 
 
 
== Related terms ==
 
* <code>[[ssh-copy-id]]</code>
 
* <code>[[openssl]]</code>: <code>[[openssl rsa]]</code>, <code>[[openssl genrsa]]</code>, <code>[[openssl req]]</code>
 
* <code>[[puttygen]]</code> ([[PuTTY]])
 
* [[0600]]
 
 
* [[Cisco IOS/Configure public RSA key authentication]]
 
* [[Cisco IOS/Configure public RSA key authentication]]
* [[Terraform resource]]: <code>[[Terraform resource: tls private key|tls_private_key]]</code>
 
* <code>[[aws ec2 create-key-pair]]</code>
 
* <code>[[gcloud iam service-accounts keys create]]</code>
 
* <code>[[gcloud kms keys create]]</code>
 
* <code>[[gpg --gen-key]]</code>
 
* Terraform: <code>[[aws_key_pair]]</code>
 
* Create new [[x509]] certificate: <code>[[Create new x509 certificate: openssl req -x509 -newkey|openssl req -x509 -newkey]]</code>
 
* [[geth account new]]
 
 
== See also ==
 
* {{ssh-keygen}}
 
* {{OpenSSH}}
 
* {{Kerberos}}
 
* {{key}}
 
 
  
[[Category:OpenSSH]]
+
[[Category:Server administration]]
 
[[Category:Cryptography]]
 
[[Category:Cryptography]]
[[Category:ssh-keygen]]
 
 
[[Category:Security]]
 
[[Category:Security]]

Please note that all contributions to wikieduonline may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see Wikieduonline:Copyrights for details). Do not submit copyrighted work without permission!

Cancel Editing help (opens in new window)

Templates used on this page:

Retrieved from "https://www.wikieduonline.com/wiki/Ssh-keygen_(command)"

Advertising: