| algorithm | command | key pair | complement |
|---|---|---|---|
| RSA1 (ssh version1) | ssh-keygen -t rsa1 -C "comment" | Private Key : ~/.ssh/identity Publick Key : ~/.ssh/identity.pub | |
| RSA (ssh version2) | ssh-keygen -t rsa -C "comment" | Private Key : ~/.ssh/id_rsa Publick Key : ~/.ssh/id_rsa.pub | recommendation |
| DSA (ssh version2) | ssh-keygen -t dsa -C "comment" | Private Key : ~/.ssh/id_dsa Publick Key : ~/.ssh/id_dsa.pub | AWS does not support |
$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/user1/.ssh/id_rsa): id_rsa_test Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in id_rsa_test. Your public key has been saved in id_rsa_test.pub. The key fingerprint is: 83:ef:2d:29:2b:54:b8:9a:e0:74:04:e5:b0:xx:xx:xx test $ $ ls id_rsa_test id_rsa_test.pub $
ssh-keygen -t rsa -b 2048 -C "$user" -N "" -f ${OUTFILE}
-t type
Specifies the type of key to create. The possible values are “rsa1” for protocol version 1 and “dsa”,
“ecdsa”, “ed25519”, or “rsa” for protocol version 2.
$ cd # change home directory $ chmod 700 .ssh $ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys $ chmod 600 ~/.ssh/authorized_keys $ rm ~/.ssh/id_rsa.pub
ssh-copy-id ${USER}@${target_host}
ssh-copy-id -i key ${USER}@${target_host}
$ ssh-copy-id 192.168.0.37 /bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/user1/.ssh/id_rsa.pub" /bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys user1@192.168.0.37's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh '192.168.0.37'" and check to make sure that only the key(s) you wanted were added. $
$ cat ~/.ssh/id_rsa.pub | ssh USER@x.x.x.x "mkdir -p ~/.ssh; cat >> ~/.ssh/authorized_keys"
ssh-keygen -p -P OLD_PASSPHRASE -N NEW_PASSPHRASE -f PRIVATE_KEY
nopassphrase
ssh-keygen -p -P OLD_PASSPHRASE -N "" -f PRIVATE_KEY
-p Requests changing the passphrase of a private key file instead of creating a new private key.
ssh-keygen -i -f id_rsa_putty.pub > id_rsa.pub
-i This option will read an unencrypted private (or public) key file in the format specified by the -m option
and print an OpenSSH compatible private (or public) key to stdout.
-f filename Specifies the filename of the key file.
ssh-keygen -y -f ~/.ssh/id_rsa > id_rsa.pub -y This option will read a private OpenSSH format file and print an OpenSSH public key to stdout. -f filename Specifies the filename of the key file.