Difference between revisions of "Ssh-keygen (command)"

From wikieduonline
Jump to navigation Jump to search
Tags: Mobile web edit, Mobile edit
Tags: Mobile web edit, Mobile edit
Line 46: Line 46:
 
:::<code>ssh-keygen -t ed25519</code>
 
:::<code>ssh-keygen -t ed25519</code>
 
* Solve" "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!" warning:  
 
* Solve" "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!" warning:  
::<code>ssh-keygen -R SERVER_NAME</code> -R Removes all keys belonging to hostname from a known_hosts file
+
::<code>ssh-keygen -R SERVER_NAME</code> -R Removes all keys belonging to hostname from a <code>[[known_hosts]]</code> file
 
::<code>ssh -oStrictHostKeyChecking=no SERVER_NAME</code> Temporarily turning off host key checking
 
::<code>ssh -oStrictHostKeyChecking=no SERVER_NAME</code> Temporarily turning off host key checking
 
:::Both solutions have security implications.
 
:::Both solutions have security implications.

Revision as of 06:22, 18 April 2021

ssh-keygen[1] is an OpenSSH software command used to generate, manage, and convert authentication keys. It support at least four different key types RSA, DSA, ECDSA and ed25519.

Commands

ssh-keygen --help

Generate a keypar:

  • ssh-keygen
  • ssh-keygen -t ed25519 (There is no need to set the key size, as all Ed25519 keys are 256 bits) other options:

[-t dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa]

Two files will be generated, one your private key and a second file containing second key (.pub extension)
  • ssh-keygen -t ed25519 -f your_new_ed25519_key
  • ssh-keygen -t rsa -f your_new_rsa_key
 ssh-keygen -t ecdsa-sk -f ~/.ssh/id_ecdsa_sk
 Generating public/private ecdsa-sk key pair.


  • Convert:
ssh-keygen -e -m PEM -f private_key_in_ed25519_format
do_convert_to_pem: unsupported key type ED25519
  • ssh-keygen -l -f ~/.ssh/ssh_host_XXXXkey.pub
 -l      Show fingerprint of specified public key file.
.ssh_host_XXXXkey.pub is not a public key file.

Legacy format: [2]

  • ssh-keygen -l -E md5 -f ~/.ssh/ssh_host_XXXXkey.pub

See also: puttygen -O fingerprint

  • ssh-keygen -vF host (-v flag added in OpenSSH 8.1[3])

Changelog

  • OpenSSH 7.8, released in August 2018 Incompatible changes: ssh-keygen write OpenSSH format private keys by default instead of using OpenSSL's PEM format.


Activities

ssh-keygen -t ed25519
  • Solve" "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!" warning:
ssh-keygen -R SERVER_NAME -R Removes all keys belonging to hostname from a known_hosts file
ssh -oStrictHostKeyChecking=no SERVER_NAME Temporarily turning off host key checking
Both solutions have security implications.
  • Change or encrypt private key withouth changing the key: [4]
ssh-keygen -f ~/.ssh/id_rsa -p


ssh-keygen -y -f ~/.ssh/id_rsa > ~./.ssh/id_rsa.pub
  • Generate a key par with old PEM format using:
ssh-keygen -m PEM
  • Changing the private key's passphrase without changing the key[5]

ssh-keygen -f ~/.ssh/id_rsa -p

-p change the passphrase of a private key file
  • Generate fingerprint or ID of a key
ssh-keygen -lf your_key.pub
2048 SHA256:u6IaFqRcwp0QX0nPBa/HHB2k/g73tH+YkoaE0riGRAT NAME@XX (RSA)
ssh-keygen -lf your_key
your_key is not a key file.

Related commands

See also

  • http://man7.org/linux/man-pages/man1/ssh-keygen.1.html
  • https://superuser.com/questions/421997/what-is-a-ssh-key-fingerprint-and-how-is-it-generated
  • https://www.openssh.com/txt/release-8.1
  • https://wiki.archlinux.org/index.php/SSH_keys#Changing_the_private_key's_passphrase_without_changing_the_key
  • https://wiki.archlinux.org/index.php/SSH_keys#Changing_the_private_key's_passphrase_without_changing_the_key
  • Advertising: