Difference between revisions of "Ssh-keygen (command)"
Jump to navigation
Jump to search
↑ http://man7.org/linux/man-pages/man1/ssh-keygen.1.html
↑ https://www.openssh.com/txt/release-8.1
↑ https://wiki.archlinux.org/index.php/SSH_keys#Changing_the_private_key's_passphrase_without_changing_the_key
Tags: Mobile web edit, Mobile edit |
Tags: Mobile web edit, Mobile edit |
||
| Line 19: | Line 19: | ||
.ssh_host_XXXXkey.pub is not a public key file. | .ssh_host_XXXXkey.pub is not a public key file. | ||
| + | See also: [[puttygen]] -O fingerprint | ||
* <code>ssh-keygen -vF host</code> (-v flag added in OpenSSH 8.1<ref>https://www.openssh.com/txt/release-8.1</ref>) | * <code>ssh-keygen -vF host</code> (-v flag added in OpenSSH 8.1<ref>https://www.openssh.com/txt/release-8.1</ref>) | ||
Revision as of 12:56, 7 May 2020
ssh-keygen[1] is an OpenSSH software command used to generate, manage, and convert authentication keys. It support at least four different key types RSA, DSA, ECDSA and ed25519.
Commands
Generate a keypar:
ssh-keygen -t ed25519(There is no need to set the key size, as all Ed25519 keys are 256 bits) other options:[-t dsa | ecdsa | ed25519 | rsa]
- Two files will be generated, one your private key and a second file containing second key (
.pubextension)
- Two files will be generated, one your private key and a second file containing second key (
ssh-keygen -t ed25519 -f your_new_ed25519_key
ssh-keygen -t rsa -f your_new_rsa_key
- Convert:
ssh-keygen -e -m PEM -f private_key_in_ed25519_format do_convert_to_pem: unsupported key type ED25519
ssh-keygen -l -f /etc/ssh/ssh_host_XXXXkey.pub
-l Show fingerprint of specified public key file.
.ssh_host_XXXXkey.pub is not a public key file.
See also: puttygen -O fingerprint
ssh-keygen -vF host(-v flag added in OpenSSH 8.1[2])
Activities
- Generate a new public private key using
ed25519key format using the following command:
ssh-keygen -t ed25519
- Solve" "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!" warning:
ssh-keygen -R SERVER_NAME-R Removes all keys belonging to hostname from a known_hosts filessh -oStrictHostKeyChecking=no SERVER_NAMETemporarily turning off host key checking
Both solutions have security implications.
- Understand different key types: dsa, ecdsa, ed25519 and rsa
- Generate public key from private key:
ssh-keygen -y -f ~/.ssh/id_rsa > ~./.ssh/id_rsa.pub
- Generate a key par with old PEM format using:
ssh-keygen -m PEM
- Changing the private key's passphrase without changing the key[3]
ssh-keygen -f ~/.ssh/id_rsa -p
-pchange the passphrase of a private key file
Related commands
See also
- Certification Authority
passwd,ssh-keygen,chage,/etc/passwd, Password policy, Passwd (package),mkpasswd,cracklib-check, Password cracking, Phone to sign in, Passkey,htpasswd- OpenSSH (changelog):
/etc/ssh/sshd_config|/etc/ssh/ssh_config|~/.ssh/|openSSL | sshd logs|sftp|scp|authorized_keys|ssh-keygen|ssh-keyscan|ssh-add|ssh-agent|ssh|Ssh -O stop|ssh-copy-id|CheckHostIP|UseKeychain, OpenSSF - Kerberos
- Cisco IOS/Configure public RSA key authentication
Advertising:
