Table of Contents

How to create/change ssh key (ssh-keygen)




SSH Algorithm

algorithm command key pair complement
RSA1 (ssh version1) ssh-keygen -t rsa1 -C "comment" Private Key : ~/.ssh/identity
Publick Key : ~/.ssh/identity.pub
RSA (ssh version2) ssh-keygen -t rsa -C "comment" Private Key : ~/.ssh/id_rsa
Publick Key : ~/.ssh/id_rsa.pub
recommendation
DSA (ssh version2) ssh-keygen -t dsa -C "comment" Private Key : ~/.ssh/id_dsa
Publick Key : ~/.ssh/id_dsa.pub
AWS does not support


How to Create a Public/Private Key Pair

$  ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user1/.ssh/id_rsa): id_rsa_test
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in id_rsa_test.
Your public key has been saved in id_rsa_test.pub.
The key fingerprint is:
83:ef:2d:29:2b:54:b8:9a:e0:74:04:e5:b0:xx:xx:xx test
$
$ ls
id_rsa_test  id_rsa_test.pub
$
ssh-keygen -t rsa -b 2048 -C "$user"  -N "" -f ${OUTFILE}
     -t type
             Specifies the type of key to create.  The possible values are “rsa1” for protocol version 1 and “dsa”,
             “ecdsa”, “ed25519”, or “rsa” for protocol version 2.


Traget Server Configuration

Method 1 (manual)
$ cd              # change home directory
$ chmod 700 .ssh
$ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
$ chmod 600 ~/.ssh/authorized_keys
$ rm ~/.ssh/id_rsa.pub
Method 2 (ssh-copy-id)

ssh-copy-id ${USER}@${target_host}
ssh-copy-id -i key ${USER}@${target_host}

$ ssh-copy-id 192.168.0.37
/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/home/user1/.ssh/id_rsa.pub"
/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
user1@192.168.0.37's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '192.168.0.37'"
and check to make sure that only the key(s) you wanted were added.

$
Method 3 (one liner)
$ cat ~/.ssh/id_rsa.pub | ssh USER@x.x.x.x "mkdir -p ~/.ssh; cat >> ~/.ssh/authorized_keys"


Changing a private key passphrase

ssh-keygen -p   -P OLD_PASSPHRASE   -N NEW_PASSPHRASE   -f PRIVATE_KEY

nopassphrase

ssh-keygen -p   -P OLD_PASSPHRASE   -N ""   -f PRIVATE_KEY
-p      Requests changing the passphrase of a private key file instead of creating a new private key.


Change the format of a private key

Convert from putty private key to the OpenSSH format

ssh-keygen -i -f id_rsa_putty.pub > id_rsa.pub

-i      This option will read an unencrypted private (or public) key file in the format specified by the -m option
        and print an OpenSSH compatible private (or public) key to stdout.

-f filename      Specifies the filename of the key file.


Convert from the OpenSSH format to putty private key

  1. Start “puttygen”
  2. [Load] for Load an existing private key file
  3. [Save private key]




Create a public key from a private key

ssh-keygen -y -f ~/.ssh/id_rsa > id_rsa.pub

-y      This option will read a private OpenSSH format file and print an OpenSSH public key to stdout.
-f filename      Specifies the filename of the key file.




SSH