Home > Network Management > ssh-keygen

ssh-keygen: Generate and Manage SSH Key Pairs

ssh-keygen is a utility used to generate, manage, and convert OpenSSH authentication key pairs (public and private keys). It is a core tool for securely connecting to remote servers via SSH or authenticating with services like Git.

Overview

ssh-keygen is an essential command for generating and managing cryptographic keys used in the SSH protocol. It allows for secure server access without passwords and authentication for services like Git.

Key Features

  • Generate various types of SSH key pairs, such as RSA, ED25519
  • Change the passphrase of existing keys
  • Extract public keys from private keys
  • Check key fingerprints
  • Convert key formats

Key Options

The ssh-keygen command provides various options for key generation and management.

Key Generation Options

Key Management Options

Generated command:

Try combining the commands.

Description:

`ssh-keygen` Executes the command.

Combine the above options to virtually execute commands with AI.

Usage Examples

Learn how to generate and manage SSH keys through various usage examples of ssh-keygen.

Generate Default RSA Key Pair

ssh-keygen

The most common usage, generating an RSA key pair in the default path (~/.ssh/id_rsa). You will be prompted to enter a passphrase.

Generate ED25519 Key Pair with Comment

ssh-keygen -t ed25519 -C "your_email@example.com"

Generates an ED25519 type key and adds an email address as a comment to the public key.

Generate Key Pair with a Specific Filename

ssh-keygen -f ~/.ssh/my_custom_key

Generates key files with a name other than the default. (e.g., ~/.ssh/my_custom_key)

Change Passphrase of an Existing Key

ssh-keygen -p -f ~/.ssh/id_rsa

Changes the passphrase of an already generated private key file. You will be interactively prompted for the old and new passphrases.

Extract Public Key from Private Key

ssh-keygen -y -f ~/.ssh/id_rsa

Extracts the public key from the private key file (id_rsa) and displays it to standard output. You can save this output to the `id_rsa.pub` file.

Tips & Precautions

Tips and precautions for using SSH keys safely and efficiently.

Using a Passphrase

Setting a passphrase for your private key enhances security by preventing unauthorized use even if the key is compromised. Using it with `ssh-agent` allows for convenient use across multiple sessions without repeated passphrase entry.

  • **Enhanced Security**: Provides an additional layer of protection if your private key is leaked.
  • **Convenience**: Can be used with `ssh-agent` for single authentication across multiple sessions.

Setting Key File Permissions

Private key files must have permissions set so that only the owner can read and write them. It is crucial to use `chmod 600` to prevent other users from accessing them.

  • **Private Key**: `chmod 600 ~/.ssh/id_rsa` (Owner read/write only)
  • **Public Key**: `chmod 644 ~/.ssh/id_rsa.pub` (Owner read/write, group/others read)

Recommended Key Types

For modern security standards, using ED25519 or RSA 4096-bit keys is recommended.

  • **ED25519**: Faster, more secure, and results in smaller key sizes.
  • **RSA 4096**: Widely compatible and still provides strong security.

Same category commands

curl

The Complete Guide to the Curl Command

dig

dig: DNS Information Lookup Tool

ftp

ftp: File Transfer Protocol Client

host

host: Simple DNS Information Lookup Tool

http

Mastering the HTTPie Command