ssh key generation
ssh-keygen -t rsa -b 2048 -C "Email address identification"
- -a trials The
number of basic tests to be performed when using -T to safely screen DH-GEX candidate primes. - -B Display the bubblebabble summary of the specified public / private key file.
- -b bits
specifies the key length. For RSA keys, a minimum of 768 bits is required, and the default is 2048 bits. The DSA key must be exactly 1024 bits (required by the FIPS 186-2 standard). - -C comment
provides a new comment - -c Request to modify the comments in the private key and public key files. This option only supports RSA1 keys.
The program will prompt for the private key file name, cipher language (if it exists), and a new comment. - -D reader
downloads the RSA public key stored in the smart card reader. - -e Read OpenSSH private key or public key file, and display it on stdout in RFC 4716 SSH public key file format.
This option can export keys for various commercial versions of SSH. - -F hostname
searches for the specified hostname in the known_hosts file and lists all matches.
This option is mainly used to find the hashed host name / ip address, and can also be used with the -H option to print the hash value of the public key found. - -f filename
specifies the key file name. - -G output_file
generates candidate primes for DH-GEX. These prime numbers must be safely screened using the -T option before use. - -g When using -r to print fingerprint resource records, use the common DNS format.
- -H Perform hash calculation on the known_hosts file. This will replace all hostnames / ip addresses in the file with corresponding hash values.
The contents of the original file will be added with a ".old" suffix and saved. These hash values can only be used by ssh and sshd.
This option does not modify the hashed host name / ip address, so it can be used safely on files where some public keys have been hashed. - -i Read the unencrypted SSH-2 compatible private / public key file, and then display the OpenSSH compatible private / public key on stdout.
This option is mainly used to import keys from various commercial versions of SSH. - -l Display the fingerprint data of the public key file. It also supports RSA1's private key.
For RSA and DSA keys, it will look for the corresponding public key file and then display its fingerprint data. - -M memory
specifies the maximum memory usage (MB) when generating DH-GEXS candidate primes. - -N new_passphrase
provides a new passphrase. - -P passphrase
provides (old) passphrase. - -p Request to change the secret key of a private key file without rebuilding the private key. The program will prompt you to enter the file name of the private key, the original passphrase, and the new passphrase twice.
- -q Quiet mode. Used to create a new key in / etc / rc.
- -R hostname
deletes all keys belonging to hostname from the known_hosts file.
This option is mainly used to delete the key of the hashed host (see -H option). - -r hostname
Print the SSHFP fingerprint resource record of the public key file named hostname. - -S start
specifies the starting point (hexadecimal) when generating DH-GEX candidate modulus. - -T output_file
tests the security of Diffie-Hellman group exchange candidate primes (generated by -G option). - -t type
specifies the type of key to be created. Can use: "rsa1" (SSH-1) "rsa" (SSH-2) "dsa" (SSH-2) - -U reader
uploads the existing RSA private key to the smart card reader - -v Verbose mode. ssh-keygen will output detailed debugging information of the processing process. Commonly used to debug the generation process of modulus.
Repeated use of multiple -v options will increase the level of detail (up to 3 times). - -W generator
specifies the generator you want to use when testing candidate modulus for DH-GEX - -y Read the public key file in OpenSSH proprietary format and display the OpenSSH public key on stdout.
Check ~ / .ssh to see the key