These primes must be screened for safety (using the -T option) before use. This option is useful to find hashed host names orĪddresses and may also be used in conjunction with the -H option to print found keys in a hashed format. Search for the specified hostname in a known_hosts file, listing any occurrences found. This option allowsĮxporting keys for use by several commercial SSH implementations. e' This option will read a private or public OpenSSH key file and print the key in RFC 4716 SSH Public Key File Format to stdout. The file containing the private keys, for the passphrase if the key has one, and for the new comment.ĭownload the RSA public key stored in the smartcard in reader. This operation is only supported for RSA1 keys. c' Requests changing the comment in the private and public key files. DSA keys must be exactly 1024 bits as specified by FIPS 186-2. For RSA keys, the minimum size is 768 bits and the default is 2048 bits. Specifies the number of bits in the key to create. B' Show the bubblebabble digest of specified private or public key file. a trials Specifies the number of primality tests to perform when screening DH-GEX candidates using the -T command. The comment is initialized to when the key is created, but can be changed using the -c option.Īfter a key is generated, instructions below detail where the keys should be placed to be activated. If the passphrase is lost or forgotten, a new key must be generated and copied to the corresponding public keyįor RSA1 keys, there is also a comment field in the key file that is only for convenience to the user to help identify the key. There is no way to recover a lost passphrase. The passphrase can be changed later by using the -p option. Prose has only 1-2 bits of entropy per character, and provides very bad passphrases), and contain a mix of upper and lowercase letters, numbers, and Good passphrases are 10-30 characters long, are not simple sentences or otherwise easily guessable (English Whitespace, or any string of characters you want.
A passphrase is similar to a password, except it can be a phrase with a series of words, punctuation, numbers, The passphrase may be empty to indicate no passphrase (host keys must have an empty passphrase), or
The public key is stored in a file with the same name but Normally this program generates the key and asks for a file in which to store the private key. Additionally, the system administrator may use this to generate host keys, as seen in /etc/rc. Normally each user wishing to use SSH with RSA or DSA authentication runs this once to create the authentication key in ~/.ssh/identity, See the MODULI GENERATION section for details. Ssh-keygen is also used to generate groups for use in Diffie-Hellman group exchange (DH-GEX). If invoked without anyĪrguments, ssh-keygen will generate an RSA key for use in SSH protocol 2 connections. The type of key to be generated is specified with the -t option. ssh-keygen can create RSA keys for use by SSH protocol version 1Īnd RSA or DSA keys for use by SSH protocol version 2. Ssh-keygen generates, manages and converts authentication keys for ssh(1).