ssh-keygen is a Unix utility that is used to generate, manage, and convert authentication keys for ssh authentication. With the help of the ssh-keygen tool, a user can create passphrase keys for both SSH protocol version 1 and version 2. ssh-keygen creates RSA keys for SSH protocol version 1 and RSA or DSA keys for use by SSH protocol version 2. These keys differ from keys used by GNU Privacy Guard.
ssh-keygen command syntax
The syntax of the ssh-keygen file is as follows:
Some of the important options of ssh-keygen command are as follows:
|ssh-keygen command options||description|
|-b bits||Specifies the number of bits in the key to create. The minimum bit length is 768 bits and the default length is 2048 bits.|
|-C comment||Provides new comment.|
|-p||Requests changing the passphrase of a private key file instead of creating a new private key.|
|-t||Specifies the type of key to create.|
|-q||quiets ssh-keygen. It is used by the /etc/rc file while creating a new key.|
|-N||Provides a new Passphrase.|
|-F (or -B)||For ssh-keygen2, dumps the key's fingerprint in Bubble Babble format|
Files used by the ssh-keygen utility
The ssh-keygen utility uses various files for storing public and private keys. The files used by ssh-keygen utility are as follows:
- $HOME/.ssh/identity: The $HOME/.ssh/identity file contains the RSA private key when using the SSH protocol version 1.
- $HOME/.ssh/identity.pub: The $HOME/.ssh/identity.pub file contains the RSA public key for authentication when you are using the SSH protocol version 1. A user should copy its contents in the $HOME/.ssh/authorized_keys file of the remote system where a user wants to log in using RSA authentication.
- $HOME/.ssh/id_dsa: The $HOME/.ssh/id_dsa file contains the protocol version 2 DSA authentication identity of the user.
- $HOME/.ssh/id_dsa.pub: The $HOME/.ssh/id_dsa.pub file contains the DSA public key for authentication when you are using the SSH protocol version 2. A user should copy its contents in the $HOME/.ssh/authorized_keys file of the remote system where a user wants to log in using DSA authentication.
- $HOME/.ssh/id_rsa: The $HOME/.ssh/id_rsa file contains the protocol version 2 RSA authentication identity of the user. This file should not be readable by anyone but the user.
- $HOME/.ssh/id_rsa.pub: The $HOME/.ssh/id_rsa.pub file contains the protocol version 2 RSA public key for authentication. The contents of this file should be added to $HOME/.ssh/authorized_keys on all computers where a user wishes to log in using public key authentication.