ssh-keygen

dev@java-master:~# ssh-keygen --help

-b:指定密钥长度;
-e:读取openssh的私钥或者公钥文件;
-C:添加注释;
-f:指定用来保存密钥的文件名;
-i:读取未加密的ssh-v2兼容的私钥/公钥文件,然后在标准输出设备上显示openssh兼容的私钥/公钥;
-l:显示公钥文件的指纹数据;
-N:提供一个新密语;
-P:提供(旧)密语;
-q:静默模式;
-t:指定要创建的密钥类型。
  • -t 指定要创建的密钥类型,如: -t dsa | ecdsa | ed25519 | rsa | rsa1
dev@java-master:~#  ssh-keygen -t ecdsa
Generating public/private ecdsa key pair.
Enter file in which to save the key (/c/Users/Administrator/.ssh/id_ecdsa):
  • -b bits 指定密钥长度。对于 RSA 密钥,最小要求 768 位,默认是 2048 位
dev@java-master:~#  ssh-keygen -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/c/Users/Administrator/.ssh/id_rsa):
  • -C comment 提供一个注释。生成git密钥的时候都会要求注释中写入邮箱名字
  • -P '' 表示空密码
dev@java-master:~# ssh-keygen -t rsa -b 4096 -C "your_email@example.com"  -P ''
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): # 如果需要指定生成的文件名,就输入,否则就回车
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:rBgsYgbYi9WPG1jEw1BB5l3Emh6anxj+MDd5H2Lcoak hi@xyzla.com
The key's randomart image is:
+---[RSA 4096]----+
|  .**. oo        |
|.. =+. ..        |
|o o +..o         |
|.o = o+.         |
|oo+ =+..S .      |
|o. .+=.+ + .     |
|   .=+=.B o      |
|    o+o= o .     |
|     .E   .      |
+----[SHA256]-----+
  • -f filename 指定密钥路径及文件名
  • -l 显示公钥文件的指纹数据。它也支持 RSA1 的私钥。对于 RSA 和 DSA 密钥,将会寻找对应的公钥文件,然后显示其指纹数据。
dev@java-master:~# ssh-keygen -lf id_rsa.pub
4096 SHA256:rBgsYgbYi9WPG1jEw1BB5l3Emh6anxj+MDd5H2Lcoak hi@xyzla.com (RSA)
  • -E 用 md5 的方式查看指纹数据
dev@java-master:~# ssh-keygen -E md5 -lf id_rsa.pub
4096 MD5:9d:80:27:08:ff:37:35:29:19:ea:25:b6:b8:9c:ae:ef hi@xyzla.com (RSA)

Example

  • ssh-keygen -t rsa -b 4096 -C "your_email@example.com" -P ''

  • ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

  • ssh-keygen -m PEM -t rsa -b 4096 -C "your_email@example.com"

上一篇:ssh-copy-id 下一篇:ssh