Difference between revisions of "Ssh-keygen (command)"

ssh-keygen^[1] is an OpenSSH software command used to generate, manage, and convert authentication keys. It support at least four different key types RSA, DSA, ECDSA and ed25519.

Commands

• ssh-keygen -l -f /etc/ssh/ssh_host_XXXXkey.pub
• ssh-keygen -vF host (-v flag added in OpenSSH 8.1^[2])
• ssh-keygen -t ed25519 (There is no need to set the key size, as all Ed25519 keys are 256 bits) other options: [-t dsa | ecdsa | ed25519 | rsa]

Activities

1. Generate a public private key using ed25519 key format using the following command:

ssh-keygen -t ed25519

1. Solve" "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!" warning:

ssh-keygen -R SERVER_NAME -R Removes all keys belonging to hostname from a known_hosts file

ssh -oStrictHostKeyChecking=no SERVER_NAME Temporarily turning off host key checking

Both solutions have security implications.

1. Understand different key types: dsa, ecdsa, ed25519 and rsa

Related commands: ssh-copy-id

See also

• Certification Authority
• passwd, ssh-keygen, chage, /etc/passwd, Password policy, Passwd (package), mkpasswd, cracklib-check, Password cracking, Phone to sign in, Passkey, htpasswd
• OpenSSH (changelog): /etc/ssh/sshd_config | /etc/ssh/ssh_config | ~/.ssh/ | openSSL | sshd logs | sftp | scp | authorized_keys | ssh-keygen | ssh-keyscan | ssh-add | ssh-agent | ssh | Ssh -O stop | ssh-copy-id | CheckHostIP | UseKeychain, OpenSSF
• Kerberos
• Cisco IOS/Configure public RSA key authentication