Introduction
ssh-keygen command to "ssh" generation, management and conversion certification keys, RSA and DSA to support two authentication keys
Private keys are generated on
ssh-keygen -b 2048 -C milo -f 20190718-milo -t rsa
Description:
- -b specify the key length
- -C: Add comments
- -f: Specifies the file name to save the key
- -t: Specifies the key type to be created
Scenarios
Use git connection mode code version control
linux Log
Usage example (be ca Signed)
ssh-keygen -s /root/ssh/CA/server_ca -I milo -n root -V +52w id_rsa.pub
Description:
- -s: CA certificate private key
- -I: name recognition certificate. When the certificate for authentication, which is used to logging
- -n: identifying certificates associated with this name (host or user)
- -V: valid for the specified certificate. In this case, we will specify a certificate (52 weeks) expires in a year
- -O option: source-address = address_list: allows the user to use the certificate address of the client, a plurality of address with a comma, we set limits to the use of user certificates.
Options
- -b: specify the key length
- -e: read openssh private or public key file
- -C: Add comments
- -f: Specifies the file name to save the key
- -i: reading unencrypted ssh-v2 compatible private / public key file, and then displays openssh compatible private / public key on the standard output device
- -l: Displays the public key fingerprint data files
- -N: a new passphrase
- -P: providing (old) passphrase
- -q: silent mode
- -t: Specifies the key type to be created