ssh-keygen

From Wikipedia, the free encyclopedia
Jump to: navigation, search

ssh-keygen is a Unix utility that is used to generate, manage, and convert authentication keys for ssh authentication. With the help of the ssh-keygen tool, a user can create passphrase keys for both SSH protocol version 1 and version 2. ssh-keygen creates RSA keys for SSH protocol version 1 and RSA or DSA keys for use by SSH protocol version 2. These keys differ from keys used by GNU Privacy Guard.

ssh-keygen command syntax[edit]

The syntax of the ssh-keygen file is as follows:

ssh-keygen [options]

Some of the important options of ssh-keygen command are as follows:

ssh-keygen command options description
-b bits Specifies the number of bits in the key to create. The minimum bit length is 768 bits and the default length is 2048 bits.
-C comment Provides new comment.
-p Requests changing the passphrase of a private key file instead of creating a new private key.
-t Specifies the type of key to create.
-q quiets ssh-keygen. It is used by the /etc/rc file while creating a new key.
-N Provides a new Passphrase.
-F For ssh-keygen2, dumps the key's fingerprint in Bubble Babble format

Files used by the ssh-keygen utility[edit]

The ssh-keygen utility uses various files for storing public and private keys. The files used by ssh-keygen utility are as follows:

  • $HOME/.ssh/identity: The $HOME/.ssh/identity file contains the RSA private key when using the SSH protocol version 1.
  • $HOME/.ssh/identity.pub: The $HOME/.ssh/identity.pub file contains the RSA public key for authentication when you are using the SSH protocol version 1. A user should copy its contents in the $HOME/.ssh/authorized_keys file of the remote system where a user wants to log in using RSA authentication.
  • $HOME/.ssh/id_dsa: The $HOME/.ssh/id_dsa file contains the protocol version 2 DSA authentication identity of the user.
  • $HOME/.ssh/id_dsa.pub: The $HOME/.ssh/id_dsa.pub file contains the DSA public key for authentication when you are using the SSH protocol version 2. A user should copy its contents in the $HOME/.ssh/authorized_keys file of the remote system where a user wants to log in using DSA authentication.
  • $HOME/.ssh/id_rsa: The $HOME/.ssh/id_rsa file contains the protocol version 2 RSA authentication identity of the user. This file should not be readable by anyone but the user.
  • $HOME/.ssh/id_rsa.pub: The $HOME/.ssh/id_rsa.pub file contains the protocol version 2 RSA public key for authentication. The contents of this file should be added to $HOME/.ssh/authorized_keys on all computers where a user wishes to log in using public key authentication.

External links[edit]