Editing Ssh-keygen (command)
Jump to navigation
Jump to search
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 1: | Line 1: | ||
− | + | <code>ssh-keygen</code><ref>http://man7.org/linux/man-pages/man1/ssh-keygen.1.html</ref> is an [[OpenSSH]] software command used to generate, manage, and convert [[authentication keys]]. It support at least four different key types [[RSA]], [[DSA]], [[ECDSA]] and [[ed25519]]. | |
− | <code>ssh-keygen</code><ref>http://man7.org/linux/man-pages/man1/ssh-keygen.1.html</ref> is an [[OpenSSH]] software command used to generate, manage, and convert [[authentication keys]]. It support at least four different | ||
− | |||
− | + | ==Commands== | |
+ | Generate a keypar: | ||
+ | * <code>ssh-keygen -t [[ed25519]]</code> (There is no need to set the key size, as all Ed25519 keys are 256 bits) other options: | ||
+ | <code>[-t [[dsa]] | [[ecdsa]] | [[ecdsa-sk]] | [[ed25519]] | [[ed25519-sk]] | [[rsa]]]</code> | ||
− | + | :::::Two files will be generated, one your private key and a second file containing second key (<code>.pub</code> extension) | |
− | |||
− | |||
− | |||
− | + | * <code>ssh-keygen -t ed25519 -f your_new_ed25519_key</code> | |
− | * <code> | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
* <code>ssh-keygen -t [[rsa]] -f your_new_rsa_key</code> | * <code>ssh-keygen -t [[rsa]] -f your_new_rsa_key</code> | ||
− | * <code> | + | * <code>ssh-keygen -A</code> Generate all (<code>-A</code>) [[rsa]], [[dsa]], [[ecdsa]] and [[ed25519]] key types. |
* Generate [[FIDO]] key: | * Generate [[FIDO]] key: | ||
− | + | ssh-keygen -t [[ecdsa-sk]] -f ~/.ssh/id_ecdsa_sk | |
− | + | Generating public/private ecdsa-sk key pair. | |
− | |||
− | |||
− | |||
− | + | * Convert: | |
ssh-keygen -e -m [[PEM]] -f private_key_in_ed25519_format | ssh-keygen -e -m [[PEM]] -f private_key_in_ed25519_format | ||
do_convert_to_pem: unsupported key type [[ED25519]] | do_convert_to_pem: unsupported key type [[ED25519]] | ||
* <code>ssh-keygen -l -f ~/.ssh/ssh_host_XXXXkey.pub</code> | * <code>ssh-keygen -l -f ~/.ssh/ssh_host_XXXXkey.pub</code> | ||
− | + | -l Show [[fingerprint]] of specified public key file. | |
− | + | .ssh_host_XXXXkey.pub is not a public key file. | |
− | + | Legacy format: <ref>https://superuser.com/questions/421997/what-is-a-ssh-key-fingerprint-and-how-is-it-generated</ref> | |
− | <ref>https://superuser.com/questions/421997/what-is-a-ssh-key-fingerprint-and-how-is-it-generated</ref> | ||
* <code>ssh-keygen -l -E [[md5]] -f ~/.ssh/ssh_host_XXXXkey.pub</code> | * <code>ssh-keygen -l -E [[md5]] -f ~/.ssh/ssh_host_XXXXkey.pub</code> | ||
− | See also: [[puttygen]] -O | + | See also: [[puttygen]] -O fingerprint |
* <code>ssh-keygen -vF host</code> (-v flag added in OpenSSH 8.1<ref>https://www.openssh.com/txt/release-8.1</ref>) | * <code>ssh-keygen -vF host</code> (-v flag added in OpenSSH 8.1<ref>https://www.openssh.com/txt/release-8.1</ref>) | ||
Line 54: | Line 37: | ||
== Changelog == | == Changelog == | ||
* [[OpenSSH 7.8]], released in August 2018 Incompatible changes: ssh-keygen write OpenSSH format private keys by default instead of using [[OpenSSL]]'s [[PEM]] format. | * [[OpenSSH 7.8]], released in August 2018 Incompatible changes: ssh-keygen write OpenSSH format private keys by default instead of using [[OpenSSL]]'s [[PEM]] format. | ||
+ | |||
==Activities== | ==Activities== | ||
Line 59: | Line 43: | ||
:::<code>ssh-keygen -t ed25519</code> | :::<code>ssh-keygen -t ed25519</code> | ||
* Solve" "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!" warning: | * Solve" "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!" warning: | ||
− | ::<code>ssh-keygen -R SERVER_NAME</code> -R Removes all keys belonging to hostname from a | + | ::<code>ssh-keygen -R SERVER_NAME</code> -R Removes all keys belonging to hostname from a known_hosts file |
::<code>ssh -oStrictHostKeyChecking=no SERVER_NAME</code> Temporarily turning off host key checking | ::<code>ssh -oStrictHostKeyChecking=no SERVER_NAME</code> Temporarily turning off host key checking | ||
:::Both solutions have security implications. | :::Both solutions have security implications. | ||
* Understand different key types: <code>[[dsa]]</code>, <code>[[ecdsa]]</code>, <code>[[ed25519]]</code> and <code>[[RSA]]</code> | * Understand different key types: <code>[[dsa]]</code>, <code>[[ecdsa]]</code>, <code>[[ed25519]]</code> and <code>[[RSA]]</code> | ||
− | |||
− | |||
− | |||
* Generate [[public key]] from [[private key]]: | * Generate [[public key]] from [[private key]]: | ||
− | ::<code> | + | ::<code>ssh-keygen -y -f ~/.ssh/id_rsa > ~./.ssh/id_rsa.pub</code> |
* Generate a key par with old [[PEM]] format using: | * Generate a key par with old [[PEM]] format using: | ||
− | ::<code> | + | ::<code>ssh-keygen -m [[PEM]]</code> |
* Changing the private key's passphrase without changing the key<ref>https://wiki.archlinux.org/index.php/SSH_keys#Changing_the_private_key's_passphrase_without_changing_the_key</ref> | * Changing the private key's passphrase without changing the key<ref>https://wiki.archlinux.org/index.php/SSH_keys#Changing_the_private_key's_passphrase_without_changing_the_key</ref> | ||
− | <code>ssh-keygen -f ~/.ssh/ | + | <code>ssh-keygen -f ~/.ssh/id_rsa -p</code> |
: <code>-p</code> change the passphrase of a private key file | : <code>-p</code> change the passphrase of a private key file | ||
− | * Generate | + | * Generate fingerprint or ID of a key |
− | + | ssh-keygen -lf your_key.pub | |
2048 SHA256:u6IaFqRcwp0QX0nPBa/HHB2k/g73tH+YkoaE0riGRAT NAME@XX (RSA) | 2048 SHA256:u6IaFqRcwp0QX0nPBa/HHB2k/g73tH+YkoaE0riGRAT NAME@XX (RSA) | ||
Line 83: | Line 64: | ||
your_key is not a key file. | your_key is not a key file. | ||
− | == Related | + | == Related commands == |
* <code>[[ssh-copy-id]]</code> | * <code>[[ssh-copy-id]]</code> | ||
− | * <code>[[openssl]]</code>: <code>[[ | + | * <code>[[openssl]]</code>: <code>openssl [[rsa]] -in mykey.pem -pubout > mykey.pub</code>, <code>[[openssl genrsa]]</code> |
* <code>[[puttygen]]</code> ([[PuTTY]]) | * <code>[[puttygen]]</code> ([[PuTTY]]) | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
== See also == | == See also == | ||
− | * {{ssh | + | * {{CA}} |
+ | * {{ssh}} | ||
+ | * {{passwd}} | ||
* {{OpenSSH}} | * {{OpenSSH}} | ||
− | * | + | * [[Kerberos]] |
− | * | + | * [[Cisco IOS/Configure public RSA key authentication]] |
− | |||
− | [[Category: | + | [[Category:Server administration]] |
[[Category:Cryptography]] | [[Category:Cryptography]] | ||
− | |||
[[Category:Security]] | [[Category:Security]] |
Advertising: