N days to learn the Ssh-keygen of a Linux command

Source: Internet
Author: User

Use

The keys used to generate the SSH encryption algorithm and the management and transformation

Usage
     Ssh-keygen [-Q] [-B bits]-t type [-n new_passphrase] [-c comment] [-f Output_keyfile] ssh-keygen-p [-P Old_pass Phrase] [-n new_passphrase] [-F keyfile] ssh-keygen-i [-F Input_keyfile] ssh-keygen-e [-F input_keyfile] ssh -keygen-y [-F Input_keyfile] ssh-keygen-c [-P passphrase] [-c comment] [-f keyfile] ssh-keygen-l [-F INPUT_KEYF     Ile] Ssh-keygen-b [-F Input_keyfile] ssh-keygen-d PKCS11 ssh-keygen-f hostname [-f known_hosts_file] [-l] Ssh-keygen-h [-F Known_hosts_file] ssh-keygen-r hostname [-f known_hosts_file] ssh-keygen-r hostname [-F INP Ut_keyfile] [-G] ssh-keygen-g output_file [-v] [-B bits] [-M memory] [-s start_point] ssh-keygen-t output_file- f Input_file [-v] [-a num_trials] [-W generator] Ssh-keygen [-n] [-D smartcard] ssh-keygen-s ca_key-i certificat e_identity [-h] [-Z principals] [-o-option] [-v validity_interval] [-z serial_number] file ... ssh-keyg En-l [-F Input_keyfile] 
Common options

-B
Bubblebabble summary showing the key file

-B Bits
Secret key length, the longer the length, the more secure encryption, the default is 2048 bits

-C Comment
Setting comments

-C
Request to modify comments, only support the RSA1 algorithm key file, if the file set a password, will prompt for a password

-D PKCS11
Download the RSA public key stored in the PKCS11

-E
Read the contents of the OpenSSH public key file, convert it to RFC 4716, SSH publicly key, file format, and output to stdout

-F hostname
Find hostname from known_hosts file, no file specified, ~/.ssh/known_hosts is found by default. Only the domain name can be found, IP query not.

-F filename
Specify the full path to the key file

-G output_file
(Generate candidate primes for Dh-gex. These primes must is screened for safety (using THE-T option) before use.)

-G
(Use generic DNS format when printing fingerprint resource records using THE-R command.)

-H
(Hash a known_hosts file.) This replaces all hostnames and addresses with hashed representations within the specified file; The original content is moved to a file with an. old suffix. These hashes may is used normally by SSH and sshd, but they does not reveal identifying information should the file ' s Conten TS be disclosed. This option would not modify existing hashed hostnames and was therefore safe to use on files that mix hashed and non-hashed Names.)

-H
(When signing a key, create a host certificate instead of a user certificate.)

-I.
(Specify the key identity when signing a public key.)

-I.
(this option would read a unencrypted private (or public) key file in ssh2-compatible format and print an OpenSSH Compatib Le private (or public) key to stdout.)

-L
Content of the output certificate

-L
Show Public Key fingerprint

-M memory
(Specify the amount of memory to use (in megabytes) when generating candidate moduli for Dh-gex.)

-N
(Extract the public key from smartcard.)

-N New_passphrase
Set File password

-P Passphrase
(provides the (old) passphrase.)

-P
Request to modify file password

-Q
Quiet mode

-R hostname
(Removes all keys belonging to hostname from a known_hosts file.)

-R hostname
(Print the SSHFP fingerprint resource record named hostname for the specified public key file.)

-S Ca_key
(Certify) A public key using the specified CA key.)

-T type
Sets the type of secret key created.
(The possible values is "RSA1" for protocol version 1 and "DSA", "ECDSA" or "RSA" for Protocol version 2.)

-V
Debug mode

-Y
(this option would read a private OpenSSH format file and print an OpenSSH public key to stdout.)

Practice

1 extracting a public key that conforms to the standard format

[[email protected] ssh]# ssh-keygen -e -f ssh_host_rsa_key---- BEGIN SSH2 PUBLIC KEY ----Comment: "2048-bit RSA, converted from OpenSSH by [email protected]"AAAAB3NzaC1yc2EAAAABIwAAAQEAvF/iYFaWAMBMdAA4888pq1uxL34ptaEci/H0aG21eWeloNtM/QPx8DiSTOcF7rT/i0BLMBAzNKdSZOZHBdG8Apf5VWsfNyKQ6a5qEfV26lr6CKg8zPgdLoA8bQYarjN+LKrYWT9xteafVw9TLAtQAAdZFePkUkIKBMVhn48kM95HHOF6hcua99TcJ0AyvcFof+ebLyGznXKxrf2sliAHwaCWwO7rHhuIRJvCyDmrzh4NffozRqVfJEm2c90H3397Nd6seCOHOUVNRz2l69hfYWOPuuvlS2aQicbU9touw5f4ZvDTFxpyn2ZvqGaZzvBril/QF/qbEsKYsCVCWaUYMQ==---- END SSH2 PUBLIC KEY ----

2 Find github.com host key information

[[email protected] ssh]# ssh-keygen -H -F github.com# Host github.com found: line 5 type RSA|1|+31fGJzfnYKj7Mzk9ncYS2pZ7sI=|C0orBfR1oH2VQ9ij2gRz9QBOAyk= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg733www+wC604ydGXA8VJiS5ap43JXiUFFAaQ==

3 Displaying the public key fingerprint

[[email protected] ssh]# ssh-keygen -l -f ./ssh_host_rsa_key.pub2048 90:05:de:31:8c:ff:ba:5a:2b:b3:80:b5:61:68:52:52 ./ssh_host_rsa_key.pub (RSA)

4 Generating the RSA public key

[[email protected] ~]# ssh-keygen -v -b 2048  -t rsa -C "rsa key file ,just a test" -f ./test_keyGenerating public/private rsa key pair.Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in ./test_key.Your public key has been saved in ./test_key.pub.The key fingerprint is:f0:66:15:6d:cd:cb:e7:d2:b9:ce:b5:dc:44:ff:97:f0 rsa key file ,just a testThe key's randomart image is:+--[ RSA 2048]----+|          .. o   ||           .o o  ||      .   .. . . ||       o .    o .||        S      +o||       o     ..o+||              o.*||              oE*||              .=+|+-----------------+
Resources

"1" Man Ssh-keygen

N days to learn the Ssh-keygen of a Linux command

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.