In case the URL is lost, copy the backup. Copy Source Ssh-keygen parameter description
Ssh-keygen-Generate, manage, and convert authentication keys
Ssh-keygen[- Q] [- bbits]- Ttype[- NNew_passphrase] [- CComment] [- FOutput_keyfile]
ssh-keygen-p[-POld_passphrase] [-NNew_passphrase] [-Fkeyfile]
ssh-keygen-i[-FInput_keyfile]
ssh-keygen-e[-FInput_keyfile]
ssh-keygen-y[-FInput_keyfile]
ssh-keygen-c[-PPassphrase] [-CComment] [-Fkeyfile]
ssh-keygen-l[-FInput_keyfile]
Ssh-keygen-b[-FInput_keyfile]
ssh-keygen-dReader
ssh-keygen-fhostname[-FKnown_hosts_file]
ssh-keygen-h[-FKnown_hosts_file]
Ssh-keygen-rhostname[-FKnown_hosts_file]
ssh-keygen-uReader[-FInput_keyfile]
Ssh-keygen-rhostname[-FInput_keyfile] [-G]
ssh-keygen-goutput_file[-V] [-Bbits] [-MMemory] [-SStart_point]
ssh-keygen-toutput_file-FInput_file[-V] [-Anum_trials] [-WGenerator]
Ssh-keygenUsed to
Generate, manage, and convert authentication keys, including RSA and DSA two keys.
The key type can be used- Toption is specified. If not specified, the RSA key for SSH-2 is generated by default.
Ssh-keygenIt can also be used to generate prime modulus used in Diffie-hellman Group Exchange (Dh-gex).
SeemodulusAndBuildSection.
In general, if you want to use RSA or DSA authentication, you should run this program at least once,
In~/.ssh/identity,~/.SSH/ID_DSAOr~/.ssh/id_rsaThe key that is required to create the authentication in the file.
In addition, the system administrator can also use it to generate the host key.
Typically, this program generates a key pair and requires that a file be specified to hold the private key, while the public key is stored in a file with the same name appended with the ". Pub" suffix.
The program also requires the input of a cipher string (passphrase), which indicates that there is no passphrase (the secret of the master key must be empty).
The Passphrase and password (password) are very similar, but the secret word can be a sentence with words, punctuation marks, numbers, spaces, or any character you want.
Good secret words to more than 30 characters, difficult to guess, by the size of letters, letters, numbers, non-letter mixed composition. The secret word can be used- Poption to modify.
The lost passphrase cannot be restored. If the passphrase is lost or forgotten, the user must generate a new key and then distribute the corresponding public key to other machines.
The RSA1 key file has a "comment" field that allows the user to identify the key, indicate the purpose of the key, or other useful information.
When creating the key, the comment domain is initialized to "[email protected]" and can be used later- Coption to modify.
After the key is generated, the following command describes how the key is disposed and activated. The available options are:
-ATrials
When using- TThe number of basic tests required to perform a security screening of Dh-gex candidate primes.
- bDisplays the bubblebabble summary of the specified public/private key file.
- bbits
Specifies the key length. For RSA keys, the minimum requirement is 768 bits, which is 2048 bits by default. The DSA key must be exactly 1024 bits (required by the FIPS 186-2 standard).
- CComment
Provide a new comment
- CRequires that comments in the private key and public key file be modified. This option only supports RSA1 keys.
The program will prompt for a private key file name, a passphrase (if present), and a new comment.
- DReader
Download stored in smart cardReaderRSA Public Key in the
- eRead the OpenSSH private key or public key file and display it in the RFC 4716 SSH public key file format on stdout.
This option enables you to output keys for multiple commercial versions of SSH.
- Fhostname
Inknown_hostsFile to search for the specifiedhostname, and lists all the matches.
This option is primarily used to find the hashed hostname/IP address, and to- HThe hash value of the public key found by the print option.
- Ffilename
Specifies the key file name.
- Goutput_file
Generates a candidate prime number for Dh-gex. These primes must be used before use- Toption for security filtering.
- GWhen using- RUse a common DNS format when printing fingerprint resource records.
- HRightknown_hostsFile for hash calculation. This replaces all host name/IP addresses in the file with the corresponding hash values.
The contents of the original file will be saved after an ". old" suffix is added. These hash values can only beSSHAndsshdUse.
This option does not modify an already hashed hostname/IP address, so it can be used safely on files that have been hashed by some public key.
- I.Read the unencrypted SSH-2-compatible private key/public key file, and then display the OpenSSH-compatible private key/public key in stdout.
This option is primarily used to import keys from multiple commercial versions of SSH.
- LDisplays the thumbprint data for the public key file. It also supports RSA1 's private key.
For RSA and DSA keys, the corresponding public key file is looked up and its thumbprint data is displayed.
- MMemory
Specifies the maximum memory usage (in megabytes) when generating the Dh-gexs candidate Prime.
- NNew_passphrase
Provide a new passphrase.
- PPassphrase
Provide (old) secret words.
- PRequires changing the passphrase of a private key file without rebuilding the private key. The program will prompt for the private key file name, the original passphrase, and two input Xinmi language.
- QQuiet mode. Used in/ETC/RCWhen creating a new key in the
- Rhostname
Fromknown_hostsDelete all of the files that belong tohostname's key.
This option is primarily used to remove hashed hosts (see- Hoption) is the key.
- Rhostname
Print the namehostnameThe SSHFP fingerprint resource record for the public key file.
- SStart
Specifies the starting point (16 binary) when generating the Dh-gex candidate modulus.
- Toutput_file
Test Diffie-hellman Group Exchange candidate primes (by- GThe security of the option generation).
- Ttype
Specifies the type of key to create. Can be used: "RSA1" (SSH-1) "RSA" (SSH-2) "DSA" (SSH-2)
- uReader
Upload the existing RSA private key to the smart cardReader
- vVerbose mode.Ssh-keygenThe detailed debugging information for the process is output. Often used in the production of debug modulus.
Re-use multiple- voption will increase the detail level of the information (up to 3 times).
- WGenerator
Specifies the generator that you want to use when testing candidate modulus for Dh-gex
- yReads the public key file in the OpenSSH proprietary format and displays the OpenSSH public key on the stdout.
Ssh-keygenYou can generate groups for the Diffie-hellman Group Exchange (dh-gex) protocol.
The build process is divided into two steps:
First, some candidate primes are generated using a fast and memory-intensive method. These primes are then tested for suitability (consuming more CPU).
can use- GOption to generate the candidate prime number while using the- boption to set its number of digits. For example:
# SSH-KEYGEN-G Moduli-2048.candidates-b 2048
The default is to search for primes from a random point within the specified number of digits, but you can use the- Soption to specify this random point (16 binary).
After you generate a set of candidates, you need to use the- TOptions for adaptive testing.
At this timeSsh-keygenThe candidate primes will be read from stdin (or- FOption to read a file), for example:
# ssh-keygen-t Moduli-2048-f moduli-2048.candidates
Each candidate prime number is passed through 100 basic tests by default (which can be -AOption modified).
The value of DH generator is automatically selected, but you can also- WOption to force the specified. Valid values can be: 2, 3, 5
After the selected DH groups can be stored in/etc/ssh/moduliIt's inside.
It is important that the file must include a modulus of varying lengths, and that both parties share the same modulus.
~/.ssh/identity
The user's default RSA1 authentication private key (SSH-1). The permissions for this file should be limited to "600" at least.
The key can be generated by specifying a passphrase to encrypt the private key (3DES).
This file will be read at the time of login.
~/.ssh/identity.pub
The user's default RSA1 authentication public key (SSH-1). This file is not confidential.
The contents of this file should be added to all RSA1 target hosts.~/.ssh/authorized_keysFile.
~/.ssh/id_dsa
The user's default DSA authentication private key (SSH-2). The permissions for this file should be limited to "600" at least.
The key can be generated by specifying a passphrase to encrypt the private key (3DES).
This file will be read at the time of login.
~/.ssh/id_dsa.pub
The user's default DSA authentication public key (SSH-2). This file is not confidential.
The contents of this file should be added to all the DSA target hosts~/.ssh/authorized_keysFile.
~/.ssh/id_rsa
The user's default RSA authentication private key (SSH-2). The permissions for this file should be limited to "600" at least.
The key can be generated by specifying a passphrase to encrypt the private key (3DES).
This file will be read at the time of login.
~/.ssh/id_rsa.pub
The user's default RSA authentication public key (SSH-2). This file is not confidential.
The contents of this file should be added to the ~/.ssh/authorized_keys file of all RSA target hosts.
/etc/ssh/moduli
Contains the Diffie-hellman groups for Dh-gex. The format of the file is
SOURCE http://linux.chinaunix.net/techdoc/beginner/2010/01/12/1153509.shtml
Ssh-keygen parameter Description