ssh-keygen
From Infogalactic: the planetary knowledge core
ssh-keygen is a Unix utility that is used to generate, manage, and convert authentication keys for ssh authentication. With the help of the ssh-keygen tool, a user can create passphrase keys for both SSH protocol version 1 and version 2. ssh-keygen creates RSA keys for SSH protocol version 1 and RSA or DSA keys for use by SSH protocol version 2. These keys differ from keys used by GNU Privacy Guard.
ssh-keygen command syntax
The syntax of the ssh-keygen file is as follows:
ssh-keygen [options]
Some of the important options of ssh-keygen command are as follows:
ssh-keygen command options | description |
---|---|
-b bits | Specifies the number of bits in the key to create. The minimum bit length is 768 bits and the default length is 2048 bits. |
-C comment | Provides new comment. |
-p | Requests changing the passphrase of a private key file instead of creating a new private key. |
-t | Specifies the type of key to create. |
-q | quiets ssh-keygen. It is used by the /etc/rc file while creating a new key. |
-N | Provides a new Passphrase. |
-F (or -B) | For ssh-keygen2, dumps the key's fingerprint in Bubble Babble format |
Files used by the ssh-keygen utility
The ssh-keygen utility uses various files for storing public and private keys. The files used by ssh-keygen utility are as follows:
- $HOME/.ssh/identity: The $HOME/.ssh/identity file contains the RSA private key when using the SSH protocol version 1.
- $HOME/.ssh/identity.pub: The $HOME/.ssh/identity.pub file contains the RSA public key for authentication when you are using the SSH protocol version 1. A user should copy its contents in the $HOME/.ssh/authorized_keys file of the remote system where a user wants to log in using RSA authentication.
- $HOME/.ssh/id_dsa: The $HOME/.ssh/id_dsa file contains the protocol version 2 DSA authentication identity of the user.
- $HOME/.ssh/id_dsa.pub: The $HOME/.ssh/id_dsa.pub file contains the DSA public key for authentication when you are using the SSH protocol version 2. A user should copy its contents in the $HOME/.ssh/authorized_keys file of the remote system where a user wants to log in using DSA authentication.
- $HOME/.ssh/id_rsa: The $HOME/.ssh/id_rsa file contains the protocol version 2 RSA authentication identity of the user. This file should not be readable by anyone but the user.
- $HOME/.ssh/id_rsa.pub: The $HOME/.ssh/id_rsa.pub file contains the protocol version 2 RSA public key for authentication. The contents of this file should be added to $HOME/.ssh/authorized_keys on all computers where a user wishes to log in using public key authentication.
External links
- Generating ssh keys, a guide from GitHub
- ssh-keygen manual from the OpenBSD project