How to use ssh-keygen to generate a key

Source: Internet
Author: User
Tags modulus

How to use ssh-keygen to generate key ssh-keygen-generate, manage, and convert authentication keys is usually used: [B] ssh-keygen-I-f public key name> authorized_keys [/B] syntax details [code] ssh-keygen [-q] [-B bits]-t type [-N new_passphrase] [-C comment] [-foutput_keyfile] ssh-keygen-p [-P old_passphrase] [-N new_passphrase] [-f keyfile] ssh-keygen-I [-f input_keyfile] ssh-keygen-e [-f input_keyfile] ssh-keygen-y [-f input_keyfile] ssh-keygen-c [-P passphrase] [-C comment] [-f key File] ssh-keygen-l [-f input_keyfile] ssh-keygen-B [-f input_keyfile] ssh-keygen-Dreaderssh-keygen-Fhostname [-f known_hosts_file] ssh-keygen- H [-f known_hosts_file] ssh-keygen-Rhostname [-f known_hosts_file] ssh-keygen-Ureader [-f input_keyfile] ssh-keygen-rhostname [-f input_keyfile] [-g] ssh-keygen-Goutput_file [-v] [-B bits] [-M memory] [-S start_point] ssh-keygen-Toutput_file-f input_file [-v] [-A num_trials] [-W generator] [/code] Description ssh-keygen is used to generate, manage, and convert authentication keys for ssh (1), including RSA and DSA. You can use the-t option to specify the key type. If not specified, the RSA key for the SSH-2 is generated by default. Ssh-keygen can also be used to generate a prime modulus used in Diffie-Hellman group exchange (DH-GEX. See the module and generation section. Generally, if you want to use RSA or DSA authentication, you should run the program at least once ~ /. Ssh/identity ,~ /. Ssh/id_dsa or ~ Create the key required for authentication in the/. ssh/id_rsa file. In addition, the system administrator can use it to generate a host key. Generally, this program generates a key pair and requires you to specify a file to store the private key, and store the public key in a file with the same name appended with the ". pub" suffix. The program also requires the input of a cipher string (passphrase). null indicates that there is no cipher language (the cipher language of the host key must be empty ). Passwords are very similar to passwords, but they can be a single sentence, containing words, punctuation marks, numbers, spaces, or any character you want. A good password should contain more than 30 characters, which are hard to guess. It may consist of uppercase/lowercase letters, digits, and non-letters. You can use the-p option to modify the password. Lost passwords cannot be recovered. If you lose or forget the secret, you must generate a new key and then distribute the corresponding public key to other machines. The key file of RSA1 contains a "comment" field, which allows you to easily identify the key and indicate its purpose or other useful information. When creating a key, the Comment field is initialized to "[email = user @ host] user @ host [/email]". You can use the-c option to modify it later. After the key is generated, the following command describes how to process and activate the key. Available options are:-a trials the number of basic tests to be executed when using-T to perform a secure screening of the DH-GEX candidate prime number. -B: displays the bubblebabble Summary of the specified public/private key file. -B bits indicates the key length. For RSA keys, the minimum value is 768 bits. The default value is 2048 bits. The DSA key must be exactly 1024 bits (required by the FIPS186-2 standard ). -C comment provides a new comment-c requires that the comment in the private key and public key files be modified. This option only supports RSA1 keys. The program prompts you to enter the private key file name, password (if any), and new comments. -D reader downloads the RSA public key stored in the smart card reader. -E reads the private key or public key file of OpenSSH and displays it on stdout in RFC 4716 SSH public key file format. This option can output keys for multiple commercial versions of SSH. -F hostname: Search for the specified hostname in the known_hosts file and list all matching items. This option is mainly used to find the host name/IP address that has been hashed. You can also use the-H option to print the hashed value of the public key. -F filename: Specifies the key file name. -G output_file is the candidate prime number for the DH-GEX. These prime numbers must be safely filtered using the-T option before use. -G uses the General DNS format when using-r to print fingerprint resource records. -H: Calculate the hash of the known_hosts file. This will replace all host names/IP addresses in the file with corresponding hash values. The original file content will be added with a ". old" suffix and saved. These hash values can only be used by ssh and sshd. This option does not modify the host name/IP address that has been hashed, so it can be used securely on files that have been hashed by some public keys. -I read the private/public key file compatible with the unencrypted SSH-2, and then the OpenSSH-compatible Private/Public Key is displayed in stdout. This option is mainly used to import keys from multiple commercial versions of SSH. -L displays the fingerprint data of the public key file. It also supports the private key of rsa1. For RSA and DSA keys, the corresponding public key file is searched and Its fingerprint data is displayed. -M memory specifies the maximum memory usage (MB) when the DH-GEXS candidate prime number is generated ). -Nnew_passphrase provides a new secret language. -P passphrase provides the (old) cipher language. -P requires you to change the secret of a private key file without recreating the private key. The program prompts you to enter the private key file name, the original password, and two new passwords. -Q quiet mode. Used to create a key in/etc/rc. -R hostname: delete all hostname keys from the known_hosts file. This option is mainly used to delete the key of the hash host (see the-H option. -R hostname: print the SSHFP fingerprint Resource Record of the public key file named hostname. -S start specifies the starting point (hexadecimal) when the DH-GEX candidate modulus is generated ). -T output_file tests the security of the Diffie-Hellman group exchange candidate prime number (generated by the-G option. -T type specifies the key type to be created. You can use: "rsa1" (SSH-1) "rsa" (SSH-2) "dsa" (SSH-2)-U reader to upload an existing RSA private key to the Smart Card reader-v detail mode. Ssh-keygen will output detailed debugging information for the processing process. It is often used to debug the module generation process. Repeated use of multiple-v options will increase the details of the information (up to 3 times ). -W generator specifies the generator-y you want to use to read the public key file in OpenSSH proprietary format when testing candidate Modulus for the DH-GEX and display the OpenSSH Public Key on stdout. Note: 1. Generally, we use the following command to generate an ssh public key and private key. Ssh-keygen-t dsa-C user. email-f ~ /. Ssh/user. email1>-t dsa adopts the public/private key pair encrypted by das, and the new das also has the ras mode. 2>-C user. email refers to a comment and description on the public/private key pair, which is generally replaced by a personal email. 3>-f specifies the file name and path of the key file. Otherwise, the public/private key pair is stored in the. ssh directory.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.