Commonly used: [B]ssh-keygen-i-F Public Key name >> authorized_keys[/b]
Syntax Detailed introduction
[Code]ssh-keygen [-Q] [-B bits]-t type [-n new_passphrase] [-c comment] [-foutput_keyfile]
Ssh-keygen-p[-p Old_passphrase] [-N new_passphrase] [-F keyfile]
Ssh-keygen-i[-f Input_keyfile]
Ssh-keygen-e[-f Input_keyfile]
Ssh-keygen-y[-f Input_keyfile]
Ssh-keygen-c[-p passphrase] [-c comment] [-f keyfile]
Ssh-keygen-l[-f Input_keyfile]
Ssh-keygen-b[-f Input_keyfile]
Ssh-keygen-dreader
Ssh-keygen-fhostname [-F Known_hosts_file]
Ssh-keygen-h[-f Known_hosts_file]
Ssh-keygen-rhostname [-F Known_hosts_file]
Ssh-keygen-ureader [-F Input_keyfile]
Ssh-keygen-rhostname [-F Input_keyfile] [-g]
Ssh-keygen-goutput_file [-v] [-B bits] [-M memory] [-s start_point]
Ssh-keygen-toutput_file-f Input_file [-v] [-a num_trials] [-W Generator][/code]
Describe
The Ssh-keygen is used to generate, manage, and convert authentication keys for SSH (1), including RSA and DSA two keys.
The key type can be specified with the-t option. If not specified, the RSA key for SSH-2 is generated by default.
Ssh-keygen can also be used to generate prime modulus used in Diffie-hellman Group Exchange (Dh-gex).
See Modulus and generation subsections.
In general, if you want to use RSA or DSA authentication, you should run this program at least once,
Create the required keys for authentication in ~/.ssh/identity, ~/.SSH/ID_DSA, or ~/.ssh/id_rsa files.
In addition, the system administrator can also use it to generate the host key.
Typically, this program generates a key pair and requires that a file be specified to hold the private key, while the public key is stored in a file with the same name appended with the ". Pub" suffix.
The program also requires the input of a cipher string (passphrase), which indicates that there is no passphrase (the secret of the master key must be empty).
The Passphrase and password (password) are very similar, but the secret word can be a sentence with words, punctuation marks, numbers, spaces, or any character you want.
Good secret words to more than 30 characters, difficult to guess, by the size of letters, letters, numbers, non-letter mixed composition. The passphrase can be modified with the-P option.
The lost passphrase cannot be restored. If the passphrase is lost or forgotten, the user must generate a new key and then distribute the corresponding public key to other machines.
The RSA1 key file has a "comment" field that allows the user to identify the key, indicate the purpose of the key, or other useful information.
When the key is created, the comment domain is initialized to "[[email Protected]][email protected][/email]" and can be modified later with the-C option.
After the key is generated, the following command describes how the key is disposed and activated. The available options are:
-A trials
The number of basic tests that need to be performed when using-T to safely filter the Dh-gex candidate primes.
-B Displays the bubblebabble summary for the specified public/private key file.
-B Bits
Specifies the key length. For RSA keys, the minimum requirement is 768 bits, which is 2048 bits by default. The DSA key must be exactly 1024 bits (required by the FIPS186-2 standard).
-C Comment
Provide a new comment
-C requires that comments in the private key and public key file be modified. This option only supports RSA1 keys.
The program will prompt for a private key file name, a passphrase (if present), and a new comment.
-D Reader
Download the RSA public key stored in the smart card reader.
-e reads the private key or public key file of the OpenSSH and is displayed on the stdout in the RFC 4716 SSH public key file format.
This option enables you to output keys for multiple commercial versions of SSH.
-F hostname
Searches for the specified hostname in the known_hosts file and lists all occurrences.
This option is primarily used to find hashed hostname/IP addresses, and can also be used with the-H option to print the hash value of the public key found.
-F filename
Specifies the key file name.
-G output_file
Generates a candidate prime number for Dh-gex. These primes must be safely filtered using the-t option before use.
-G uses a common DNS format when printing fingerprint resource records using-R.
-h hashes the known_hosts file. This replaces all host name/IP addresses in the file with the corresponding hash values.
The contents of the original file will be saved after an ". old" suffix is added. These hash values can only be used by SSH and sshd.
This option does not modify an already hashed hostname/IP address, so it can be used safely on files that have been hashed by some public key.
-I reads the unencrypted SSH-2-compatible private key/public key file, and then displays the OpenSSH-compatible private key/public key in stdout.
This option is primarily used to import keys from multiple commercial versions of SSH.
-L Displays the thumbprint data of the public key file. It also supports RSA1 's private key.
For RSA and DSA keys, the corresponding public key file is looked up and its thumbprint data is displayed.
-M memory
Specifies the maximum memory usage (in megabytes) when generating the Dh-gexs candidate Prime.
-nnew_passphrase
Provide a new passphrase.
-P Passphrase
Provide (old) secret words.
-P requires changing the passphrase of a private key file without rebuilding the private key. The program will prompt for the private key file name, the original passphrase, and two input Xinmi language.
-Q Quiet mode. Used to create a new key in/ETC/RC.
-R hostname
Removes all keys belonging to hostname from the known_hosts file.
This option is primarily used to remove the key from the hashed host (see-H option).
-R hostname
Prints the SSHFP thumbprint resource record for the public key file named hostname.
-S Start
Specifies the starting point (16 binary) when generating the Dh-gex candidate modulus.
-T Output_file
Tests the security of the Diffie-hellman Group Exchange candidate prime number (generated by the-G option).
-T type
Specifies the type of key to create. Can be used: "RSA1" (SSH-1) "RSA" (SSH-2) "DSA" (SSH-2)
-U Reader
Upload the existing RSA private key to the smart card reader
-v Verbose mode. The Ssh-keygen will output detailed debugging information for the processing process. Often used in the production of debug modulus.
Reusing multiple-v options will increase the verbosity of the information (up to 3 times).
-W Generator
Specifies the generator that you want to use when testing candidate modulus for Dh-gex
-Y reads the public key file in the OpenSSH proprietary format and displays the OpenSSH public key on the stdout.
Note:
1. We usually use the following commands to generate SSH keys and private keys.
Ssh-keygen-t dsa–c user.email–f ~/.ssh/user.email
1>-T DSA uses DAS encryption of the public key/private key pair, the first Das and RAS mode.
2>-c User.email A note and a description of this public key/private key pair, usually in lieu of personal mail.
3>-f Specifies the file name and path of the key file.
If not specifically stated, the public key/private key pair will be stored in the. SSH directory
Ssh-keygen-Generate, manage, and convert authentication keys