Use
The keys used to generate the SSH encryption algorithm and the management and transformation
Usage
Ssh-keygen [-Q] [-B bits]-t type [-n new_passphrase] [-c comment] [-f Output_keyfile] ssh-keygen-p [-P Old_pass Phrase] [-n new_passphrase] [-F keyfile] ssh-keygen-i [-F Input_keyfile] ssh-keygen-e [-F input_keyfile] ssh -keygen-y [-F Input_keyfile] ssh-keygen-c [-P passphrase] [-c comment] [-f keyfile] ssh-keygen-l [-F INPUT_KEYF Ile] Ssh-keygen-b [-F Input_keyfile] ssh-keygen-d PKCS11 ssh-keygen-f hostname [-f known_hosts_file] [-l] Ssh-keygen-h [-F Known_hosts_file] ssh-keygen-r hostname [-f known_hosts_file] ssh-keygen-r hostname [-F INP Ut_keyfile] [-G] ssh-keygen-g output_file [-v] [-B bits] [-M memory] [-s start_point] ssh-keygen-t output_file- f Input_file [-v] [-a num_trials] [-W generator] Ssh-keygen [-n] [-D smartcard] ssh-keygen-s ca_key-i certificat e_identity [-h] [-Z principals] [-o-option] [-v validity_interval] [-z serial_number] file ... ssh-keyg En-l [-F Input_keyfile]
Common options
-B
Bubblebabble summary showing the key file
-B Bits
Secret key length, the longer the length, the more secure encryption, the default is 2048 bits
-C Comment
Setting comments
-C
Request to modify comments, only support the RSA1 algorithm key file, if the file set a password, will prompt for a password
-D PKCS11
Download the RSA public key stored in the PKCS11
-E
Read the contents of the OpenSSH public key file, convert it to RFC 4716, SSH publicly key, file format, and output to stdout
-F hostname
Find hostname from known_hosts file, no file specified, ~/.ssh/known_hosts is found by default. Only the domain name can be found, IP query not.
-F filename
Specify the full path to the key file
-G output_file
(Generate candidate primes for Dh-gex. These primes must is screened for safety (using THE-T option) before use.)
-G
(Use generic DNS format when printing fingerprint resource records using THE-R command.)
-H
(Hash a known_hosts file.) This replaces all hostnames and addresses with hashed representations within the specified file; The original content is moved to a file with an. old suffix. These hashes may is used normally by SSH and sshd, but they does not reveal identifying information should the file ' s Conten TS be disclosed. This option would not modify existing hashed hostnames and was therefore safe to use on files that mix hashed and non-hashed Names.)
-H
(When signing a key, create a host certificate instead of a user certificate.)
-I.
(Specify the key identity when signing a public key.)
-I.
(this option would read a unencrypted private (or public) key file in ssh2-compatible format and print an OpenSSH Compatib Le private (or public) key to stdout.)
-L
Content of the output certificate
-L
Show Public Key fingerprint
-M memory
(Specify the amount of memory to use (in megabytes) when generating candidate moduli for Dh-gex.)
-N
(Extract the public key from smartcard.)
-N New_passphrase
Set File password
-P Passphrase
(provides the (old) passphrase.)
-P
Request to modify file password
-Q
Quiet mode
-R hostname
(Removes all keys belonging to hostname from a known_hosts file.)
-R hostname
(Print the SSHFP fingerprint resource record named hostname for the specified public key file.)
-S Ca_key
(Certify) A public key using the specified CA key.)
-T type
Sets the type of secret key created.
(The possible values is "RSA1" for protocol version 1 and "DSA", "ECDSA" or "RSA" for Protocol version 2.)
-V
Debug mode
-Y
(this option would read a private OpenSSH format file and print an OpenSSH public key to stdout.)
Practice
1 extracting a public key that conforms to the standard format
[[email protected] ssh]# ssh-keygen -e -f ssh_host_rsa_key---- BEGIN SSH2 PUBLIC KEY ----Comment: "2048-bit RSA, converted from OpenSSH by [email protected]"AAAAB3NzaC1yc2EAAAABIwAAAQEAvF/iYFaWAMBMdAA4888pq1uxL34ptaEci/H0aG21eWeloNtM/QPx8DiSTOcF7rT/i0BLMBAzNKdSZOZHBdG8Apf5VWsfNyKQ6a5qEfV26lr6CKg8zPgdLoA8bQYarjN+LKrYWT9xteafVw9TLAtQAAdZFePkUkIKBMVhn48kM95HHOF6hcua99TcJ0AyvcFof+ebLyGznXKxrf2sliAHwaCWwO7rHhuIRJvCyDmrzh4NffozRqVfJEm2c90H3397Nd6seCOHOUVNRz2l69hfYWOPuuvlS2aQicbU9touw5f4ZvDTFxpyn2ZvqGaZzvBril/QF/qbEsKYsCVCWaUYMQ==---- END SSH2 PUBLIC KEY ----
2 Find github.com host key information
[[email protected] ssh]# ssh-keygen -H -F github.com# Host github.com found: line 5 type RSA|1|+31fGJzfnYKj7Mzk9ncYS2pZ7sI=|C0orBfR1oH2VQ9ij2gRz9QBOAyk= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg733www+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
3 Displaying the public key fingerprint
[[email protected] ssh]# ssh-keygen -l -f ./ssh_host_rsa_key.pub2048 90:05:de:31:8c:ff:ba:5a:2b:b3:80:b5:61:68:52:52 ./ssh_host_rsa_key.pub (RSA)
4 Generating the RSA public key
[[email protected] ~]# ssh-keygen -v -b 2048 -t rsa -C "rsa key file ,just a test" -f ./test_keyGenerating public/private rsa key pair.Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in ./test_key.Your public key has been saved in ./test_key.pub.The key fingerprint is:f0:66:15:6d:cd:cb:e7:d2:b9:ce:b5:dc:44:ff:97:f0 rsa key file ,just a testThe key's randomart image is:+--[ RSA 2048]----+| .. o || .o o || . .. . . || o . o .|| S +o|| o ..o+|| o.*|| oE*|| .=+|+-----------------+
Resources
"1" Man Ssh-keygen
N days to learn the Ssh-keygen of a Linux command