Difference between revisions of "Ssh-keygen (command)"
Jump to navigation
Jump to search
↑ http://man7.org/linux/man-pages/man1/ssh-keygen.1.html
↑ https://superuser.com/questions/421997/what-is-a-ssh-key-fingerprint-and-how-is-it-generated
↑ https://www.openssh.com/txt/release-8.1
↑ https://wiki.archlinux.org/index.php/SSH_keys#Changing_the_private_key's_passphrase_without_changing_the_key
↑ https://wiki.archlinux.org/index.php/SSH_keys#Changing_the_private_key's_passphrase_without_changing_the_key
(6 intermediate revisions by the same user not shown) | |||
Line 2: | Line 2: | ||
<code>ssh-keygen</code><ref>http://man7.org/linux/man-pages/man1/ssh-keygen.1.html</ref> is an [[OpenSSH]] software command used to generate, manage, and convert [[authentication keys]]. It support at least four different [[key]] types [[RSA]], [[DSA]], [[ECDSA]] and [[ed25519]]. | <code>ssh-keygen</code><ref>http://man7.org/linux/man-pages/man1/ssh-keygen.1.html</ref> is an [[OpenSSH]] software command used to generate, manage, and convert [[authentication keys]]. It support at least four different [[key]] types [[RSA]], [[DSA]], [[ECDSA]] and [[ed25519]]. | ||
* https://www.man7.org/linux/man-pages/man1/ssh-keygen.1.html | * https://www.man7.org/linux/man-pages/man1/ssh-keygen.1.html | ||
+ | |||
+ | [[~/.ssh/]] | ||
== Commands == | == Commands == | ||
Line 15: | Line 17: | ||
:::::Two files will be generated, one your private key and a second file containing second key (<code>[[.pub]]</code> extension) | :::::Two files will be generated, one your private key and a second file containing second key (<code>[[.pub]]</code> extension) | ||
− | * <code>ssh-keygen -t ed25519 -f your_new_ed25519_key</code> | + | * <code>ssh-keygen -t ed25519 -f ~/.ssh/your_new_ed25519_key</code> |
− | * <code>ssh-keygen -t ed25519 -f your_new_ed25519_key -C "your_coment_or_email_address</code> | + | * <code>ssh-keygen -t ed25519 -f ~/.ssh/your_new_ed25519_key -C "your_coment_or_email_address</code> |
Line 93: | Line 95: | ||
* <code>[[gpg --gen-key]]</code> | * <code>[[gpg --gen-key]]</code> | ||
* Terraform: <code>[[aws_key_pair]]</code> | * Terraform: <code>[[aws_key_pair]]</code> | ||
− | * <code>[[openssl req -x509]]</code> | + | * Create new [[x509]] certificate: <code>[[Create new x509 certificate: openssl req -x509 -newkey|openssl req -x509 -newkey]]</code> |
+ | * [[geth account new]] | ||
== See also == | == See also == |
Latest revision as of 15:46, 8 May 2024
ssh-keygen
[1] is an OpenSSH software command used to generate, manage, and convert authentication keys. It support at least four different key types RSA, DSA, ECDSA and ed25519.
~/.ssh/
Contents
Commands[edit]
Generate a key par[edit]
ssh-keygen
ssh-keygen -t ed25519
(There is no need to set the key size, as all ed25519 keys are 256 bits) other options:
[-t dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa]
- Two files will be generated, one your private key and a second file containing second key (
.pub
extension)
- Two files will be generated, one your private key and a second file containing second key (
ssh-keygen -t ed25519 -f ~/.ssh/your_new_ed25519_key
ssh-keygen -t ed25519 -f ~/.ssh/your_new_ed25519_key -C "your_coment_or_email_address
ssh-keygen -t rsa
ssh-keygen -t rsa -f your_new_rsa_key
ssh-keygen -A
Generate all (-A
) rsa, dsa, ecdsa and ed25519 key types.
- Generate FIDO key:
ssh-keygen -t ecdsa-sk -f ~/.ssh/id_ecdsa_sk
Generating public/private ecdsa-sk key pair.
Generate with PEM format:
ssh-keygen -m PEM
ssh-keygen -m PEM -t rsa -f your_new_rsa_key.pem
Convert[edit]
ssh-keygen -e -m PEM -f private_key_in_ed25519_format do_convert_to_pem: unsupported key type ED25519
ssh-keygen -l -f ~/.ssh/ssh_host_XXXXkey.pub
-l Show fingerprint of specified public key file.
.ssh_host_XXXXkey.pub is not a public key file.
Legacy format[edit]
ssh-keygen -l -E md5 -f ~/.ssh/ssh_host_XXXXkey.pub
See also: puttygen -O fingerprint
ssh-keygen -vF host
(-v flag added in OpenSSH 8.1[3])
Changelog[edit]
- OpenSSH 7.8, released in August 2018 Incompatible changes: ssh-keygen write OpenSSH format private keys by default instead of using OpenSSL's PEM format.
Activities[edit]
- Generate a new public private key using
ed25519
key format using the following command:
ssh-keygen -t ed25519
- Solve" "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!" warning:
ssh-keygen -R SERVER_NAME
-R Removes all keys belonging to hostname from aknown_hosts
filessh -oStrictHostKeyChecking=no SERVER_NAME
Temporarily turning off host key checking- Both solutions have security implications.
- Change or encrypt private key withouth changing the key: [4]
ssh-keygen -f ~/.ssh/id_rsa -p
- Generate public key from private key:
ssh-keygen -y -f ~/.ssh/id_rsa > ~./.ssh/id_rsa.pub
- Generate a key par with old PEM format using:
- Changing the private key's passphrase without changing the key[5]
ssh-keygen -f ~/.ssh/id_rsa -p
-p
change the passphrase of a private key file
- Generate fingerprint or ID of a key
ssh-keygen -lf your_key.pub 2048 SHA256:u6IaFqRcwp0QX0nPBa/HHB2k/g73tH+YkoaE0riGRAT NAME@XX (RSA)
ssh-keygen -lf your_key your_key is not a key file.
Related terms[edit]
ssh-copy-id
openssl
:openssl rsa
,openssl genrsa
,openssl req
puttygen
(PuTTY)- 0600
- Cisco IOS/Configure public RSA key authentication
- Terraform resource:
tls_private_key
aws ec2 create-key-pair
gcloud iam service-accounts keys create
gcloud kms keys create
gpg --gen-key
- Terraform:
aws_key_pair
- Create new x509 certificate:
openssl req -x509 -newkey
- geth account new
See also[edit]
ssh-keygen
[-R
,-t
|-p
|-i
|-y | -f | ~/.ssh/id_rsa
|--help ] ~/.ssh/known_hosts
- OpenSSH (changelog):
/etc/ssh/sshd_config
|/etc/ssh/ssh_config
|~/.ssh/
|openSSL | sshd logs
|sftp
|scp
|authorized_keys
|ssh-keygen
|ssh-keyscan
|ssh-add
|ssh-agent
|ssh
|Ssh -O stop
|ssh-copy-id
|CheckHostIP
|UseKeychain
, OpenSSF - AAA, Kerberos, KDC,
kinit, klist, ktutil, /etc/krb5.conf, krb5-workstation, pam_krb5
- Public key cryptography,
private key
,public key
,key length
,ssh-keygen
,ssh-keyscan
, Root certificate, KEX, Generate a key
Advertising: