Editing Ssh-keygen (command)

Jump to navigation Jump to search

Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
{{lowercase}}
+
<code>ssh-keygen</code><ref>http://man7.org/linux/man-pages/man1/ssh-keygen.1.html</ref> is an [[OpenSSH]] software command used to generate, manage, and convert [[authentication keys]]. It support at least four different key types [[RSA]], [[DSA]], [[ECDSA]] and [[ed25519]].
<code>ssh-keygen</code><ref>http://man7.org/linux/man-pages/man1/ssh-keygen.1.html</ref> is an [[OpenSSH]] software command used to generate, manage, and convert [[authentication keys]]. It support at least four different [[key]] types [[RSA]], [[DSA]], [[ECDSA]] and [[ed25519]].
 
* https://www.man7.org/linux/man-pages/man1/ssh-keygen.1.html
 
  
[[~/.ssh/]]
+
==Commands==
 +
Generate a keypar:
 +
* <code>ssh-keygen -t [[ed25519]]</code> (There is no need to set the key size, as all Ed25519 keys are 256 bits) other options:
 +
<code>[-t [[dsa]] | [[ecdsa]] | [[ecdsa-sk]] | [[ed25519]] | [[ed25519-sk]] | [[rsa]]]</code>
  
== Commands ==
+
:::::Two files will be generated, one your private key and a second file containing second key (<code>.pub</code> extension)
* <code>[[ssh-keygen --help]]</code>
 
* <code>[[ssh-keygen -s]]</code>
 
* <code>[[ssh-keygen -p]]</code>
 
  
== Generate a key par ==
+
* <code>ssh-keygen -t ed25519 -f your_new_ed25519_key</code>
* <code>[[ssh-keygen]]</code>
 
* <code>[[ssh-keygen -t ed25519]]</code> (There is no need to set the [[key size]], as all [[ed25519]] keys are 256 bits) other options:
 
<code>[-t [[dsa]] | [[ecdsa]] | [[ecdsa-sk]] | [[ed25519]] | [[ed25519-sk]] | [[ssh-keygen -t rsa|rsa]]]</code>
 
  
:::::Two files will be generated, one your private key and a second file containing second key (<code>[[.pub]]</code> extension)
 
 
* <code>ssh-keygen -t ed25519 -f ~/.ssh/your_new_ed25519_key</code>
 
 
* <code>ssh-keygen -t ed25519 -f ~/.ssh/your_new_ed25519_key -C "your_coment_or_email_address</code>
 
 
 
* <code>[[ssh-keygen -t rsa]]</code>
 
 
* <code>ssh-keygen -t [[rsa]] -f your_new_rsa_key</code>
 
* <code>ssh-keygen -t [[rsa]] -f your_new_rsa_key</code>
  
* <code>[[ssh-keygen -A]]</code> Generate all (<code>-A</code>) [[rsa]], [[dsa]], [[ecdsa]] and [[ed25519]] key types.
+
* <code>ssh-keygen -A</code> Generate all (<code>-A</code>) [[rsa]], [[dsa]], [[ecdsa]] and [[ed25519]] key types.
  
 
* Generate [[FIDO]] key:
 
* Generate [[FIDO]] key:
*<code>ssh-keygen -t [[ecdsa-sk]] -f ~/.ssh/id_ecdsa_sk</code>
+
  ssh-keygen -t [[ecdsa-sk]] -f ~/.ssh/id_ecdsa_sk
*<code>Generating public/private ecdsa-sk key pair.</code>
+
  Generating public/private ecdsa-sk key pair.
  
Generate with [[PEM]] format:
 
* <code>[[ssh-keygen -m]] [[PEM]]</code>
 
* <code>ssh-keygen -m PEM -t rsa -f your_new_rsa_key[[.pem]]</code>
 
  
== Convert ==
+
* Convert:
 
  ssh-keygen -e -m [[PEM]] -f private_key_in_ed25519_format
 
  ssh-keygen -e -m [[PEM]] -f private_key_in_ed25519_format
 
  do_convert_to_pem: unsupported key type [[ED25519]]
 
  do_convert_to_pem: unsupported key type [[ED25519]]
  
 
* <code>ssh-keygen -l -f ~/.ssh/ssh_host_XXXXkey.pub</code>
 
* <code>ssh-keygen -l -f ~/.ssh/ssh_host_XXXXkey.pub</code>
* <code>-l      Show [[fingerprint]] of specified public key file.</code>
+
  -l      Show [[fingerprint]] of specified public key file.
  
* <code>.ssh_host_XXXXkey.pub is not a public key file.</code>
+
.ssh_host_XXXXkey.pub is not a public key file.
  
===Legacy format===
+
Legacy format: <ref>https://superuser.com/questions/421997/what-is-a-ssh-key-fingerprint-and-how-is-it-generated</ref>
<ref>https://superuser.com/questions/421997/what-is-a-ssh-key-fingerprint-and-how-is-it-generated</ref>
 
 
* <code>ssh-keygen -l -E [[md5]] -f ~/.ssh/ssh_host_XXXXkey.pub</code>
 
* <code>ssh-keygen -l -E [[md5]] -f ~/.ssh/ssh_host_XXXXkey.pub</code>
  
See also: [[puttygen]] -O [[fingerprint]]
+
See also: [[puttygen]] -O fingerprint
  
 
* <code>ssh-keygen -vF host</code> (-v flag added in OpenSSH 8.1<ref>https://www.openssh.com/txt/release-8.1</ref>)
 
* <code>ssh-keygen -vF host</code> (-v flag added in OpenSSH 8.1<ref>https://www.openssh.com/txt/release-8.1</ref>)
Line 54: Line 37:
 
== Changelog ==
 
== Changelog ==
 
* [[OpenSSH 7.8]], released in August 2018 Incompatible changes: ssh-keygen write OpenSSH format private keys by default instead of using [[OpenSSL]]'s [[PEM]] format.
 
* [[OpenSSH 7.8]], released in August 2018 Incompatible changes: ssh-keygen write OpenSSH format private keys by default instead of using [[OpenSSL]]'s [[PEM]] format.
 +
  
 
==Activities==
 
==Activities==
Line 59: Line 43:
 
:::<code>ssh-keygen -t ed25519</code>
 
:::<code>ssh-keygen -t ed25519</code>
 
* Solve" "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!" warning:  
 
* Solve" "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!" warning:  
::<code>ssh-keygen -R SERVER_NAME</code> -R Removes all keys belonging to hostname from a <code>[[known_hosts]]</code> file
+
::<code>ssh-keygen -R SERVER_NAME</code> -R Removes all keys belonging to hostname from a known_hosts file
 
::<code>ssh -oStrictHostKeyChecking=no SERVER_NAME</code> Temporarily turning off host key checking
 
::<code>ssh -oStrictHostKeyChecking=no SERVER_NAME</code> Temporarily turning off host key checking
 
:::Both solutions have security implications.
 
:::Both solutions have security implications.
 
* Understand different key types: <code>[[dsa]]</code>, <code>[[ecdsa]]</code>, <code>[[ed25519]]</code> and <code>[[RSA]]</code>
 
* Understand different key types: <code>[[dsa]]</code>, <code>[[ecdsa]]</code>, <code>[[ed25519]]</code> and <code>[[RSA]]</code>
 
* Change or encrypt private key withouth changing the key: <ref>https://wiki.archlinux.org/index.php/SSH_keys#Changing_the_private_key's_passphrase_without_changing_the_key</ref>
 
<code>[[ssh-keygen -f]] ~/.ssh/id_rsa -p</code>
 
  
 
* Generate [[public key]] from [[private key]]:
 
* Generate [[public key]] from [[private key]]:
::<code>[[ssh-keygen -y]] -f ~/.ssh/id_rsa > ~./.ssh/[[id_rsa.pub]]</code>
+
::<code>ssh-keygen -y -f ~/.ssh/id_rsa > ~./.ssh/id_rsa.pub</code>
 
* Generate a key par with old [[PEM]] format using:  
 
* Generate a key par with old [[PEM]] format using:  
::<code>[[ssh-keygen -m]] [[PEM]]</code>
+
::<code>ssh-keygen -m [[PEM]]</code>
  
 
* Changing the private key's passphrase without changing the key<ref>https://wiki.archlinux.org/index.php/SSH_keys#Changing_the_private_key's_passphrase_without_changing_the_key</ref>
 
* Changing the private key's passphrase without changing the key<ref>https://wiki.archlinux.org/index.php/SSH_keys#Changing_the_private_key's_passphrase_without_changing_the_key</ref>
<code>ssh-keygen -f ~/.ssh/[[id_rsa]] -p</code>
+
<code>ssh-keygen -f ~/.ssh/id_rsa -p</code>
 
: <code>-p</code> change the passphrase of a private key file
 
: <code>-p</code> change the passphrase of a private key file
  
* Generate [[fingerprint]] or ID of a key
+
* Generate fingerprint or ID of a key
  [[ssh-keygen -lf]] your_key.pub
+
  ssh-keygen -lf your_key.pub
 
  2048 SHA256:u6IaFqRcwp0QX0nPBa/HHB2k/g73tH+YkoaE0riGRAT NAME@XX (RSA)
 
  2048 SHA256:u6IaFqRcwp0QX0nPBa/HHB2k/g73tH+YkoaE0riGRAT NAME@XX (RSA)
  
Line 83: Line 64:
 
  your_key is not a key file.
 
  your_key is not a key file.
  
== Related terms ==
+
== Related commands ==
 
* <code>[[ssh-copy-id]]</code>
 
* <code>[[ssh-copy-id]]</code>
* <code>[[openssl]]</code>: <code>[[openssl rsa]]</code>, <code>[[openssl genrsa]]</code>, <code>[[openssl req]]</code>
+
* <code>[[openssl]]</code>: <code>openssl [[rsa]] -in mykey.pem -pubout > mykey.pub</code>, <code>[[openssl genrsa]]</code>
 
* <code>[[puttygen]]</code> ([[PuTTY]])
 
* <code>[[puttygen]]</code> ([[PuTTY]])
* [[0600]]
 
* [[Cisco IOS/Configure public RSA key authentication]]
 
* [[Terraform resource]]: <code>[[Terraform resource: tls private key|tls_private_key]]</code>
 
* <code>[[aws ec2 create-key-pair]]</code>
 
* <code>[[gcloud iam service-accounts keys create]]</code>
 
* <code>[[gcloud kms keys create]]</code>
 
* <code>[[gpg --gen-key]]</code>
 
* Terraform: <code>[[aws_key_pair]]</code>
 
* Create new [[x509]] certificate: <code>[[Create new x509 certificate: openssl req -x509 -newkey|openssl req -x509 -newkey]]</code>
 
* [[geth account new]]
 
  
 
== See also ==
 
== See also ==
* {{ssh-keygen}}
+
* {{CA}}
 +
* {{ssh}}
 +
* {{passwd}}
 
* {{OpenSSH}}
 
* {{OpenSSH}}
* {{Kerberos}}
+
* [[Kerberos]]
* {{key}}
+
* [[Cisco IOS/Configure public RSA key authentication]]
 
 
  
[[Category:OpenSSH]]
+
[[Category:Server administration]]
 
[[Category:Cryptography]]
 
[[Category:Cryptography]]
[[Category:ssh-keygen]]
 
 
[[Category:Security]]
 
[[Category:Security]]

Please note that all contributions to wikieduonline may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see Wikieduonline:Copyrights for details). Do not submit copyrighted work without permission!

Cancel Editing help (opens in new window)

Templates used on this page:

Retrieved from "https://www.wikieduonline.com/wiki/Ssh-keygen_(command)"

Advertising: