ssh‐keygen ‐ #security - five4nets/Linux-Knowledgebase GitHub Wiki
🔐 Linux ssh-keygen Command Tutorial
The ssh-keygen command is a powerful utility used to generate, manage, and convert SSH key pairs for secure authentication. SSH keys are a more secure alternative to passwords for remote logins and automated access.
📦 Installation
Most Linux distributions include ssh-keygen as part of the OpenSSH package. To ensure it's installed:
Debian/Ubuntu:
sudo apt install openssh-client
Red Hat/CentOS/Fedora:
sudo dnf install openssh
🧰 Basic Syntax
ssh-keygen [options]
By default, it generates a 2048-bit RSA key pair and stores it in ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub.
🔧 Common Options
| Option | Description |
|---|---|
-t |
Specify key type (rsa, ed25519, ecdsa, etc.) |
-b |
Set key size in bits (e.g., 4096 for RSA) |
-C |
Add a comment (e.g., email or purpose) |
-f |
Specify output file name |
-N |
Set a passphrase (empty for no passphrase) |
-q |
Quiet mode (suppress output) |
-y |
Extract public key from a private key |
-p |
Change passphrase of an existing key |
-R |
Remove a host from known_hosts |
🧪 Examples
1. Generate a Default RSA Key Pair
ssh-keygen
2. Generate a 4096-bit RSA Key with a Comment
ssh-keygen -t rsa -b 4096 -C "[email protected]"
3. Generate an Ed25519 Key with a Custom Filename
ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519_custom
4. Generate a Key Without a Passphrase
ssh-keygen -N "" -f ~/.ssh/id_rsa_nopass
5. Change the Passphrase of an Existing Key
ssh-keygen -p -f ~/.ssh/id_rsa
6. Extract the Public Key from a Private Key
ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub
7. Remove a Host from known_hosts
ssh-keygen -R example.com
🧠 Tips
- Use
ssh-copy-idto install your public key on a remote server:ssh-copy-id user@remote_host - Use
ssh-agentandssh-addto manage keys with passphrases. - Store keys in
~/.ssh/and set permissions:chmod 700 ~/.ssh chmod 600 ~/.ssh/id_rsa chmod 644 ~/.ssh/id_rsa.pub
📚 References
- SSH.com: How to Use ssh-keygen
- GeeksforGeeks: ssh-keygen in Linux
- CommandMasters: ssh-keygen Examples
- man7.org: ssh-keygen Manual Page
Happy key crafting! 🔑
Let me know if you'd like a version that includes key-based login setup or integrates with GitHub or remote servers!