ssh with key files

← Prev

Next →

This is an old revision of the document!

← Prev

Start page

Next →

← back

next →

linux, ssh, ssh-keygen

The sudo ssh-key command is used to create ssh key pairs

ssh-keygen

<code> usage: ssh-keygen [-q] [-a rounds] [-b bits] [-C comment] [-f output_keyfile]

                [-m format] [-N new_passphrase] [-O option]
                [-t dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa]
                [-w provider] [-Z cipher]
     ssh-keygen -p [-a rounds] [-f keyfile] [-m format] [-N new_passphrase]
                 [-P old_passphrase] [-Z cipher]
     ssh-keygen -i [-f input_keyfile] [-m key_format]
     ssh-keygen -e [-f input_keyfile] [-m key_format]
     ssh-keygen -y [-f input_keyfile]
     ssh-keygen -c [-a rounds] [-C comment] [-f keyfile] [-P passphrase]
     ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]
     ssh-keygen -B [-f input_keyfile]
     ssh-keygen -D pkcs11
     ssh-keygen -F hostname [-lv] [-f known_hosts_file]
     ssh-keygen -H [-f known_hosts_file]
     ssh-keygen -K [-a rounds] [-w provider]
     ssh-keygen -R hostname [-f known_hosts_file]
     ssh-keygen -r hostname [-g] [-f input_keyfile]
     ssh-keygen -M generate [-O option] output_file
     ssh-keygen -M screen [-f input_file] [-O option] output_file
     ssh-keygen -I certificate_identity -s ca_key [-hU] [-D pkcs11_provider]
                [-n principals] [-O option] [-V validity_interval]
                [-z serial_number] file ...
     ssh-keygen -L [-f input_keyfile]
     ssh-keygen -A [-a rounds] [-f prefix_path]
     ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number]
                file ...
     ssh-keygen -Q [-l] -f krl_file [file ...]
     ssh-keygen -Y find-principals -s signature_file -f allowed_signers_file
     ssh-keygen -Y match-principals -I signer_identity -f allowed_signers_file
     ssh-keygen -Y check-novalidate -n namespace -s signature_file
     ssh-keygen -Y sign -f key_file -n namespace file [-O option] ...
     ssh-keygen -Y verify -f allowed_signers_file -I signer_identity
                -n namespace -s signature_file [-r krl_file] [-O option]

</code)

ssh-keygen creates a SSH key pair. The defaults are:
- home directory /homeuser/.ssh
- public key /home/user/.ssh/id_rsa
- private key /home/user/.ssh/id_rsa.pub

ssh-keygen -f .ssh/key-with-password creates a SSH key with non-default name and location. The defaults are:
- public key /home/user/.ssh/key-with-password
- private key /home/user/.ssh/key-with-password.pub

During further SSH key pair generation, if you do not specify a unique file name, you are prompted for permission to overwrite the existing id_rsa and id_rsa.pub files. If you overwrite the existing id_rsa and id_rsa.pub files, you must then replace the old public key with the new one on ALL of the SSH servers that have your old public key.

Once you have generated the keys, they are stored in the /user/home/.ssh/ directory with the following permissions: