ssh-keygen -t rsa详解

最新推荐文章于 2025-03-27 19:26:52 发布

小崔Bro

最新推荐文章于 2025-03-27 19:26:52 发布

阅读量5.4w

点赞数 14

分类专栏： hadoop

本文链接：https://blog.csdn.net/jsloveyou/article/details/105194274

版权

hadoop 专栏收录该内容

14 篇文章

订阅专栏

SSH-KEYGEN 是一个用于生成、管理和转换认证密钥的工具，支持SSH协议1和2。它可以创建用户和主机密钥，管理密码短语、注释，以及用于SSH连接的身份验证。该命令提供了多种选项，如设置密钥类型（如RSA、DSA等）、位数、密码短语，以及导出和导入不同格式的密钥。SSH-KEYGEN还可用于生成Diffie-Hellman组交换的候选素数，以及管理和更新密钥撤销列表。

摘要生成于 C知道，由 DeepSeek-R1 满血版支持，前往体验 >

ssh-keygen

[-q] 安静模式

[-b bits] 位数

[-t dsa | ecdsa | ed25519 | rsa | rsa1] 加密算法

=====================================

SSH-KEYGEN（1）BSD通用命令手册SSH-KEYGEN（1）

名称
ssh-keygen —身份验证密钥的生成，管理和转换

概要
ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1]
[-N new_passphrase] [-C comment] [-f output_keyfile]
ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]
ssh-keygen -i [-m key_format] [-f input_keyfile]
ssh-keygen -e [-m key_format] [-f input_keyfile]
ssh-keygen -y [-f input_keyfile]
ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]
ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]
ssh-keygen -B [-f input_keyfile]
ssh-keygen -D pkcs11
ssh-keygen -F hostname [-f known_hosts_file] [-l]
ssh-keygen -H [-f known_hosts_file]
ssh-keygen -R hostname [-f known_hosts_file]
ssh-keygen -r hostname [-f input_keyfile] [-g]
ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point]
ssh-keygen -T output_file -f input_file [-v] [-a rounds] [-J num_lines]
[-j start_line] [-K checkpt] [-W generator]
ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals]
[-O option] [-V validity_interval] [-z serial_number] file ...
ssh-keygen -L [-f input_keyfile]
ssh-keygen -A
ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number]
file ...
ssh-keygen -Q -f krl_file file ...

描述
ssh-keygen生成，管理和转换认证密钥
ssh（1）。ssh-keygen可以创建供SSH协议版本使用的密钥1
和2.不应使用协议1，而仅将其用于支持
旧版设备。它遭受了许多加密弱点和
不支持协议2提供的许多高级功能。

使用-t选项指定要生成的密钥的类型。如果
在不带任何参数的情况下调用ssh-keygen会为
在SSH协议2连接中使用。

ssh-keygen还用于生成在Diffie-Hellman中使用的组
群组交换（DH-GEX）。有关详细信息，请参见“模块生成”部分。

最后，ssh-keygen可用于生成和更新密钥吊销
列出并测试给定的密钥是否已被一个撤销。看到
有关详细信息，请参见“关键撤销列表”部分。

通常，每个希望将SSH与公钥身份验证一起使用的用户都会运行
一次在〜/ .ssh / identity中创建身份验证密钥，
〜/ .ssh / id_dsa，〜/ .ssh / id_ecdsa，〜/ .ssh / id_ed25519或〜/ .ssh / id_rsa。
此外，系统管理员可以使用它来生成主机
键，如/ etc / rc中所示。

通常，此程序会生成密钥并要求在其中添加文件
存储私钥。公钥存储在相同的文件中
名称，但附加“ .pub”。该程序还要求输入密码。的
密码短语可能为空，表示没有密码短语（主机密钥必须具有
空密码短语），也可以是任意长度的字符串。一个
密码短语类似于密码，除了它可以是带有
一系列单词，标点，数字，空格或任何字符串
您想要的演员。好的密码短语长度为10-30个字符，不是
简单的句子或其他容易猜测的内容（英语散文仅
每个字符1-2位熵，并提供非常糟糕的密码短语），
并包含大小写字母，数字和非
字母数字字符。稍后可以使用更改密码
-p选项。

无法恢复丢失的密码短语。如果密码丢失
或忘记了，必须生成一个新密钥，并且相应的公共
密钥已复制到其他计算机。

对于RSA1密钥和以较新的OpenSSH格式存储的密钥，还存在
密钥文件中的注释字段，仅用于方便用户
帮助识别钥匙。该注释可以告诉您密钥的用途，或者
任何有用的东西。注释被初始化为“ user @ host”。
密钥已创建，但可以使用-c选项进行更改。

生成密钥后，以下说明详细说明了密钥应在何处
被放置为激活状态。

选项如下：

-A对于以下每种密钥类型（rsa1，rsa，dsa，ecdsa和ed25519）
哪些主机密钥不存在，请使用
默认密钥文件路径，空密码短语，
密钥类型和默认注释。/ etc / rc使用它来生成
吃了新的主机密钥。

-一轮
保存新格式的私钥（例如ed25519密钥或任何其他
设置-o标志时使用SSH协议2密钥），此选项指定-
fies使用的KDF（密钥派生功能）轮数。
数字越大，密码验证越慢，并且
增强对暴力破解密码的抵抗力（
密钥被盗）。

在筛选DH-GEX候选对象时（使用-T命令）。这个
option指定要执行的素数测试的数量。

-B显示指定私钥或公钥的冒泡摘要
文件。

-b位
指定要创建的密钥中的位数。对于RSA密钥，
最小大小为1024位，默认大小为2048位。根
通常，认为2048位就足够了。DSA密钥必须为
完全由FIPS 186-2指定的1024位。对于ECDSA密钥，
-b标志通过从以下一项中选择来确定密钥长度
三个椭圆曲线大小：256、384或521位。试图
对ECDSA密钥使用这三个值以外的其他位长度
失败。Ed25519键的长度是固定的，-b标志为
忽略了。

-C评论
提供新的评论。

-c请求更改私钥和公钥中的注释
文件。仅RSA1密钥和密钥支持此操作
以较新的OpenSSH格式存储。该程序将提示您
包含私钥的文件，如果密码短语为
键有一个，并用于新注释。

-D pkcs11
下载PKCS＃11共享提供的RSA公钥
库pkcs11。与-s组合使用时，此选项
表示CA密钥位于PKCS＃11令牌中（请参阅
有关详细信息，请参见“证书”部分。

-E Fingerprint_hash
指定显示键指时使用的哈希算法-
打印。有效选项为：“ md5”和“ sha256”。默认是
“ sha256”。

-e此选项将读取私有或公共的OpenSSH密钥文件，以及
以-m指定的格式之一打印输出标准密钥
选项。默认导出格式为“ RFC4716”。这个选项
允许导出OpenSSH密钥以供其他程序使用，包括
几种商业SSH实施。

-F主机名
在known_hosts文件中搜索指定的主机名，列出
发现的任何事件。此选项对于查找散列主机很有用
名称或地址，也可以与
-H选项以散列格式打印找到的密钥。

-f文件名
指定密钥文件的文件名。

-G output_file
生成DH-GEX的候选素数。这些素数必须是
使用前进行安全性筛选（使用-T选项）。

-g打印指纹资源记录时使用通用DNS格式
使用-r命令。

-H哈希一个known_hosts文件。这将替换所有主机名并
指定文件中带有哈希表示的地址；
原始内容将移动到后缀为.old的文件中。
ssh和sshd通常可以使用这些哈希，但是它们确实
文件内容应不泄露识别信息
披露。此选项不会修改现有的哈希主机名
因此可以安全地用于混合了散列和非散列的文件
哈希名称。

-h签名密钥时，创建主机证书而不是用户
证书。有关详细信息，请参见“证书”部分。

-I certificate_identity
在签署公共密钥时指定密钥身份。请参见
有关详细信息，请参见“证书”部分。

-i此选项将读取未加密的私有（或公共）密钥文件
以-m选项指定的格式显示并打印OpenSSH
兼容的stdout私钥（或公钥）。该选项允许
从其他软件（包括几种商业软件）导入密钥
SSH实施。默认导入格式为“ RFC4716”。

-J num_lines
执行时在筛选指定的行数后退出
使用-T选项来筛选DH候选对象。

-j start_line
在执行DH时开始在指定的行号上进行筛选
使用-T选项进行候选人筛选。

-K checkpt
执行时将最后处理的行写入文件checkpt
使用-T选项来筛选DH候选对象。这会是
用于跳过输入文件中已经过验证的行
如果重新启动作业，则停止。

-k生成KRL文件。在此模式下，ssh-keygen将生成一个
通过-f标志指定的位置撤消的KRL文件
命令行上显示的每个密钥或证书。
可以通过公钥指定要撤销的密钥/证书
文件或使用“密钥撤销列表”中描述的格式
部分。

-L打印一个或多个证书的内容。

-l显示指定公钥文件的指纹。RSA1私钥
也被支持。对于RSA和DSA密钥，ssh-keygen尝试
找到匹配的公共密钥文件并打印其指纹。如果
与-v结合使用，该键的可视化ASCII艺术表现形式为
随附指纹。

-M内存
指定生成时要使用的内存量（以兆字节为单位）
DH-GEX的候选模数。

-m key_format
为-i（导入）或-e（导出）转换指定密钥格式
sion选项。支持的密钥格式为：“ RFC4716”（RFC
4716 / SSH2公钥或私钥），“ PKCS8”（PEM PKCS8公钥）
或“ PEM”（PEM公钥）。默认转换格式为
“ RFC4716”。

-N new_passphrase
提供新的密码短语。

-n主体
指定一个或多个主体（用户或主机名）作为
签名密钥时包含在证书中。多重原理
可以指定好朋友，以逗号分隔。请看
有关详细信息，请参见“证书”部分。

-O选项
签名密钥时指定证书选项。此选项可能
被多次指定。请参阅“证书”部分
有关详细信息。对用户证书有效的选项
是：

清除清除所有启用的权限。这对于清除-
设置默认的权限集，因此权限可能是
单独添加。

强制命令=命令
强制执行命令而不是任何shell或
证书为用户指定的命令
用于身份验证。

无代理转发
禁用ssh-agent（1）转发（默认情况下允许）。

无端口转发
禁用端口转发（默认情况下允许）。

no-pty禁用PTY分配（默认情况下允许）。

无用户rc
禁止通过sshd（8）执行〜/ .ssh / rc（允许
默认）。

没有x11转发
禁用X11转发（默认情况下允许）。

许可代理转发
允许ssh-agent（1）转发。

许可证端口转发
允许端口转发。

许可
允许PTY分配。

许可用户rc
允许sshd（8）执行〜/ .ssh / rc。

许可x11转发
允许X11转发。

源地址=地址列表
限制证书的源地址
被认为是有效的。address_list是逗号分隔的
CIDR中一个或多个地址/网络掩码对的额定列表
格式。

目前，没有选项对主机密钥有效。

-o使ssh-keygen使用新的OpenSSH for-保存私钥
mat而不是更兼容的PEM格式。新格式
增强了对暴力密码破解的抵抗力，但
6.5之前的OpenSSH版本不支持。ED25519键
始终使用新的私钥格式。

-P密码
提供（旧）密码短语。

-p请求更改私钥文件的密码短语，而不是
创建一个新的私钥。程序将提示您输入文件
包含私钥，用于旧密码，两次用于
新的密码短语。

-Q测试密钥是否已在KRL中撤消。

-q静默ssh-keygen。

-R主机名
从known_hosts文件中删除所有属于主机名的键。
此选项对于删除散列主机很有用（请参阅-H选项
以上）。

-r主机名
打印名为主机名的SSHFP指纹资源记录，用于
指定的公共密钥文件。

-S开始
在生成候选模量时指定起点（以十六进制表示）
DH-GEX。

-s ca_key
使用指定的CA密钥验证（签名）公共密钥。请
有关详细信息，请参见“证书”部分。

生成KRL时，-s指定CA公用密钥的路径
用于通过密钥ID或序列号直接吊销证书的文件
数。有关详细信息，请参见“密钥撤销列表”部分。

-T输出文件
测试DH组交换候选素数（使用-G生成
选项）以确保安全。

-t dsa | ecdsa | ed25519 | rsa | rsa1
指定要创建的密钥的类型。可能的值为
协议版本1的“ rsa1”和“ dsa”，“ ecdsa”，“ ed25519”或
协议版本2的“ rsa”。

-u更新KRL。当用-k指定时，键通过com‐列出
要求行添加到现有的KRL中，而不是新的KRL中
正在创建。

-V有效性间隔
指定签署证书时的有效间隔。一个有效的-
间隔间隔可以包含一个时间，表示
证书从现在开始有效，并在那个时间到期，或者
可能包含两次，中间用冒号隔开，表示
明确的时间间隔。开始时间可以指定为
YYYYMMDD格式的日期，YYYYMMDDHHMMSS格式的时间或
由减号组成的相对时间（相对于当前时间）
后跟相对时间，格式为TIME中所述
sshd_config（5）的FORMATS部分。结束时间可以指定
作为YYYYMMDD日期，YYYYMMDDHHMMSS时间或相对时间
以加号开头。

例如：“ + 52w1d”（从现在起至52周零一天有效
从现在开始），“-4w：+ 4w”（有效期从四周前到四周
从现在开始），“ 20100101123000：20110101123000”（从12:30 PM开始有效，
2010年1月1日至2011年1月1日下午12:30），“-1d：20110101”
（有效期为昨天至2011年1月1日午夜）。

-v详细模式。使ssh-keygen打印调试消息
关于它的进展。这对于调试模数生成很有帮助
tion。多个-v选项增加了详细程度。最大值
是3。

-W发电机
在测试DH-的候选模数时指定所需的发生器
GEX。

-y此选项将读取私有的OpenSSH格式文件并打印
OpenSSH公钥到标准输出。

-z序列号
指定要嵌入到证书中的序列号以
将此证书与同一CA的其他证书区分开来。的
默认序列号为零。

生成KRL时，-z标志用于指定KRL版本-
版本号。

模块生成
ssh-keygen可用于为Diffie-Hellman组生成组
交换（DH-GEX）协议。生成这些组分两个步骤
过程：首先，使用快速但记忆力生成候选素数
密集的过程。然后测试这些候选素数是否适合
ity（CPU密集型进程）。

使用-G选项执行素数的生成。所需
素数的长度可以通过-b选项指定。例如：

＃ssh-keygen -G moduli-2048.candidates -b 2048

默认情况下，素数搜索从所需的随机点开始
长度范围。可以使用-S选项覆盖该选项，该选项指定-
设定一个不同的起点（以十六进制表示）。

生成一组候选人后，必须对其进行筛选
适应性。可以使用-T选项执行此操作。在这种模式下
ssh-keygen将从标准输入（或指定的文件）中读取候选对象
使用-f选项）。例如：

＃ssh-keygen -T moduli-2048 -f moduli-2048.candidates

默认情况下，每个候选人都将接受100次素养测试。
可以使用-a选项覆盖它。DH生成器值将
会自动选择要考虑的素数。如果具体
需要生成器，可以使用-W选项请求生成器。有效
生成器值为2、3和5。

筛选的DH组可以安装在/ etc / ssh / moduli中。这很重要
该文件包含一定范围的位长度的模，并且
连接的两端共享公共模数。

证书
ssh-keygen支持密钥签名以生成可能是
用于用户或主机身份验证。证书由公众组成
密钥，一些身份信息，零个或多个主体（用户或主机）
证书颁发机构签名的名称和一组选项
（CA）键。然后，客户端或服务器可能仅信任CA密钥并进行验证
它在证书上的签名，而不是信任许多用户/主机密钥。
请注意，OpenSSH证书是一种不同且更简单的格式
ssl（8）中使用的X.509证书。

ssh-keygen支持两种类型的证书：用户证书和主机证书。用户证书
验证用户到服务器的身份，而主机证书
向用户验证服务器主机。生成用户证书：

$ ssh-keygen -s / path / to / ca_key -I key_id /path/to/user_key.pub

生成的证书将放置在/path/to/user_key-cert.pub中。
主机证书需要-h选项：

$ ssh-keygen -s / path / to / ca_key -I key_id -h /path/to/host_key.pub

主机证书将输出到/path/to/host_key-cert.pub。

pro-可以使用存储在PKCS＃11令牌中的CA密钥进行签名
使用-D对令牌库进行虚拟化，并通过提供
它的公共部分作为-s的参数：

$ ssh-keygen -s ca_key.pub -D libpkcs11.so -I key_id user_key.pub

在所有情况下，key_id是服务器记录的“密钥标识符”
证书用于身份验证时。

证书可能仅限于一套本金有效
（用户/主机）名称。默认情况下，生成的证书对所有用户有效
用户或主机。为指定的一组原则生成证书
朋友：

$ ssh-keygen -s ca_key -I key_id -n user1，user2 user_key.pub
$ ssh-keygen -s ca_key -I key_id -h -n host.domain host_key.pub

对用户证书的有效性和使用的其他限制可能
通过证书选项指定。证书选项可能会
SSH会话的有效功能，仅当从
特定的源地址或可能会强制使用特定的命令。
有关有效证书选项的列表，请参见-O的文档。
以上选项。

最后，可以使用有效期来定义证书。-V
选项允许指定证书的开始和结束时间。cer‐
在此范围之外的时间提供的证明将不被确认
双方有效。缺省情况下，证书从UNIX Epoch到
遥远的未来。

对于要用于用户或主机身份验证的证书，CA pub‐
lic密钥必须受sshd（8）或ssh（1）信任。请参考那些人
双方页面以获取详细信息。

关键撤销清单
ssh-keygen能够管理OpenSSH格式的密钥吊销列表（KRL）。
这些二进制文件指定要使用的吊销密钥或证书
紧凑格式，如果是，则每个证书只需花费一位
被序列号撤销。

可以使用-k标志生成KRL。此选项读取一个或多个
从命令行下载文件并生成新的KRL。这些文件可能
包含KRL规范（请参阅下文）或公共密钥，列出其中一个
每行。普通公钥通过列出其哈希或con-来撤销
KRL中的帐篷和被序列号或密钥ID撤销的证书（如果
序列号为零或不可用）。

使用KRL规范撤消密钥可以显式控制密钥
用于撤销密钥的记录类型，可以用于直接撤销
没有序列号或密钥ID的完整证书
手头有inal证书。KRL规范包含以下行：
下列指令之一，后接一个冒号和一些指令
专用信息。

序列号：serial_number [-serial_number]
吊销具有指定序列号的证书。序列号
数字是64位值，不包括零，可能是
以十进制，十六进制或八进制表示。如果两个序列号是
指定用连字符分隔，然后是序列号范围
包括和之间的每个被撤销。CA密钥必须是
使用-s选项在ssh-keygen命令行上指定。

id：key_id
撤消具有指定密钥ID字符串的证书。CA
必须已使用以下命令在ssh-keygen命令行上指定了密钥
-s选项。

密钥：public_key
撤消指定的键。如果列出了证书，则该证书
被撤销为普通公钥。

sha1：public_key
通过其SHA1哈希值撤消指定的键。

除-k外，还可以使用-u标志来更新KRL。当这个
指定选项后，通过命令行列出的键将合并到
KRL，再加上已经存在的那些。

给定KRL，也有可能测试它是否撤销了特定
键（或多个键）。-Q标志将查询现有的KRL，测试每个密钥
在命令行上指定。如果命令行上列出的任何键具有
被吊销（或遇到错误），然后ssh-keygen会退出并显示
非零退出状态。如果没有按键，则将返回零退出状态
被撤销了。

档案
〜/ .ssh /身份
包含协议版本1的RSA身份验证标识
用户。该文件只能由以下任何人读取：
用户。生成密码时可以指定密码
键; 该密码将用于加密
此文件使用3DES。该文件不会自动被以下文件访问
ssh-keygen，但它作为private的默认文件提供
键。尝试登录时，ssh（1）将读取此文件。

〜/ .ssh / identity.pub
包含用于身份验证的协议版本1 RSA公钥
tion。该文件的内容应添加到
用户希望在所有计算机上使用〜/ .ssh / authorized_keys
使用RSA身份验证登录。无需保留
此文件秘密的内容。

〜/ .ssh / id_dsa
〜/ .ssh / id_ecdsa
〜/ .ssh / id_ed25519
〜/ .ssh / id_rsa
包含协议版本2 DSA，ECDSA，Ed25519或RSA
用户的身份验证标识。该文件不应为
除用户以外的任何人都可以读取。可以指定一个
生成密钥时的密码短语；该密码将被使用
使用128位AES加密此文件的私有部分。这个
ssh-keygen不会自动访问文件，但是
作为私钥的默认文件提供。ssh（1）将
尝试登录时读取此文件。

〜/ .ssh / id_dsa.pub
〜/ .ssh / id_ecdsa.pub
〜/ .ssh / id_ed25519.pub
〜/ .ssh / id_rsa.pub
包含协议版本2 DSA，ECDSA，Ed25519或RSA public
认证密钥。该文件的内容应为
添加到所有用户所在计算机上的〜/ .ssh / authorized_keys
希望使用公钥身份验证登录。没有
需要将此文件的内容保密。

/ etc / ssh / moduli
包含用于DH-GEX的Diffie-Hellman组。档案格式
在moduli（5）中描述。

环境
SSH_USE_STRONG_RNG
通常完成OpenSSL随机生成器的重新播种
来自/ dev / urandom。如果SSH_USE_STRONG_RNG环境不同
能力设置为非0的值，OpenSSL随机生成器为
从/ dev / random重新播种。读取的字节数已定义
通过SSH_USE_STRONG_RNG值。最小为14个字节。这套
不建议在没有硬件的计算机上使用ting
随机生成器，因为熵不足会导致连接
直到有足够的熵可用为止。

也可以看看
ssh（1），ssh-add（1），ssh-agent（1），moduli（5），sshd（8）

安全外壳（SSH）公钥文件格式，RFC 4716，2006年。

作者
OpenSSH是原始的免费ssh 1.2.12版本的衍生版本，该版本由
塔图·伊洛宁（Tatu Ylonen）。亚伦·坎贝尔，鲍勃·贝克，马库斯·弗里德尔，尼尔斯·普罗沃斯，西奥
de Raadt和Dug Song删除了许多错误，重新添加了新功能并创建了
淘汰了OpenSSH。Markus Friedl贡献了对SSH协议的支持
版本1.5和2.0。

BSD 2020年3月30日BSD
==============================================================
SSH-KEYGEN(1) BSD General Commands Manual SSH-KEYGEN(1)

NAME
ssh-keygen — authentication key generation, management and conversion

SYNOPSIS
ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1]
[-N new_passphrase] [-C comment] [-f output_keyfile]
ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]
ssh-keygen -i [-m key_format] [-f input_keyfile]
ssh-keygen -e [-m key_format] [-f input_keyfile]
ssh-keygen -y [-f input_keyfile]
ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]
ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]
ssh-keygen -B [-f input_keyfile]
ssh-keygen -D pkcs11
ssh-keygen -F hostname [-f known_hosts_file] [-l]
ssh-keygen -H [-f known_hosts_file]
ssh-keygen -R hostname [-f known_hosts_file]
ssh-keygen -r hostname [-f input_keyfile] [-g]
ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point]
ssh-keygen -T output_file -f input_file [-v] [-a rounds] [-J num_lines]
[-j start_line] [-K checkpt] [-W generator]
ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals]
[-O option] [-V validity_interval] [-z serial_number] file ...
ssh-keygen -L [-f input_keyfile]
ssh-keygen -A
ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number]
file ...
ssh-keygen -Q -f krl_file file ...

DESCRIPTION
ssh-keygen generates, manages and converts authentication keys for
ssh(1). ssh-keygen can create keys for use by SSH protocol versions 1
and 2. Protocol 1 should not be used and is only offered to support
legacy devices. It suffers from a number of cryptographic weaknesses and
doesn't support many of the advanced features available for protocol 2.

The type of key to be generated is specified with the -t option. If
invoked without any arguments, ssh-keygen will generate an RSA key for
use in SSH protocol 2 connections.

ssh-keygen is also used to generate groups for use in Diffie-Hellman
group exchange (DH-GEX). See the MODULI GENERATION section for details.

Finally, ssh-keygen can be used to generate and update Key Revocation
Lists, and to test whether given keys have been revoked by one. See the
KEY REVOCATION LISTS section for details.

Normally each user wishing to use SSH with public key authentication runs
this once to create the authentication key in ~/.ssh/identity,
~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 or ~/.ssh/id_rsa.
Additionally, the system administrator may use this to generate host
keys, as seen in /etc/rc.

Normally this program generates the key and asks for a file in which to
store the private key. The public key is stored in a file with the same
name but “.pub” appended. The program also asks for a passphrase. The
passphrase may be empty to indicate no passphrase (host keys must have an
empty passphrase), or it may be a string of arbitrary length. A
passphrase is similar to a password, except it can be a phrase with a
series of words, punctuation, numbers, whitespace, or any string of char‐
acters you want. Good passphrases are 10-30 characters long, are not
simple sentences or otherwise easily guessable (English prose has only
1-2 bits of entropy per character, and provides very bad passphrases),
and contain a mix of upper and lowercase letters, numbers, and non-
alphanumeric characters. The passphrase can be changed later by using
the -p option.

There is no way to recover a lost passphrase. If the passphrase is lost
or forgotten, a new key must be generated and the corresponding public
key copied to other machines.

For RSA1 keys and keys stored in the newer OpenSSH format, there is also
a comment field in the key file that is only for convenience to the user
to help identify the key. The comment can tell what the key is for, or
whatever is useful. The comment is initialized to “user@host” when the
key is created, but can be changed using the -c option.

After a key is generated, instructions below detail where the keys should
be placed to be activated.

The options are as follows:

-A For each of the key types (rsa1, rsa, dsa, ecdsa and ed25519) for
which host keys do not exist, generate the host keys with the
default key file path, an empty passphrase, default bits for the
key type, and default comment. This is used by /etc/rc to gener‐
ate new host keys.

-a rounds
When saving a new-format private key (i.e. an ed25519 key or any
SSH protocol 2 key when the -o flag is set), this option speci‐
fies the number of KDF (key derivation function) rounds used.
Higher numbers result in slower passphrase verification and
increased resistance to brute-force password cracking (should the
keys be stolen).

When screening DH-GEX candidates ( using the -T command). This
option specifies the number of primality tests to perform.

-B Show the bubblebabble digest of specified private or public key
file.

-b bits
Specifies the number of bits in the key to create. For RSA keys,
the minimum size is 1024 bits and the default is 2048 bits. Gen‐
erally, 2048 bits is considered sufficient. DSA keys must be
exactly 1024 bits as specified by FIPS 186-2. For ECDSA keys,
the -b flag determines the key length by selecting from one of
three elliptic curve sizes: 256, 384 or 521 bits. Attempting to
use bit lengths other than these three values for ECDSA keys will
fail. Ed25519 keys have a fixed length and the -b flag will be
ignored.

-C comment
Provides a new comment.

-c Requests changing the comment in the private and public key
files. This operation is only supported for RSA1 keys and keys
stored in the newer OpenSSH format. The program will prompt for
the file containing the private keys, for the passphrase if the
key has one, and for the new comment.

-D pkcs11
Download the RSA public keys provided by the PKCS#11 shared
library pkcs11. When used in combination with -s, this option
indicates that a CA key resides in a PKCS#11 token (see the
CERTIFICATES section for details).

-E fingerprint_hash
Specifies the hash algorithm used when displaying key finger‐
prints. Valid options are: “md5” and “sha256”. The default is
“sha256”.

-e This option will read a private or public OpenSSH key file and
print to stdout the key in one of the formats specified by the -m
option. The default export format is “RFC4716”. This option
allows exporting OpenSSH keys for use by other programs, includ‐
ing several commercial SSH implementations.

-F hostname
Search for the specified hostname in a known_hosts file, listing
any occurrences found. This option is useful to find hashed host
names or addresses and may also be used in conjunction with the
-H option to print found keys in a hashed format.

-f filename
Specifies the filename of the key file.

-G output_file
Generate candidate primes for DH-GEX. These primes must be
screened for safety (using the -T option) before use.

-g Use generic DNS format when printing fingerprint resource records
using the -r command.

-H Hash a known_hosts file. This replaces all hostnames and
addresses with hashed representations within the specified file;
the original content is moved to a file with a .old suffix.
These hashes may be used normally by ssh and sshd, but they do
not reveal identifying information should the file's contents be
disclosed. This option will not modify existing hashed hostnames
and is therefore safe to use on files that mix hashed and non-
hashed names.

-h When signing a key, create a host certificate instead of a user
certificate. Please see the CERTIFICATES section for details.

-I certificate_identity
Specify the key identity when signing a public key. Please see
the CERTIFICATES section for details.

-i This option will read an unencrypted private (or public) key file
in the format specified by the -m option and print an OpenSSH
compatible private (or public) key to stdout. This option allows
importing keys from other software, including several commercial
SSH implementations. The default import format is “RFC4716”.

-J num_lines
Exit after screening the specified number of lines while perform‐
ing DH candidate screening using the -T option.

-j start_line
Start screening at the specified line number while performing DH
candidate screening using the -T option.

-K checkpt
Write the last line processed to the file checkpt while perform‐
ing DH candidate screening using the -T option. This will be
used to skip lines in the input file that have already been pro‐
cessed if the job is restarted.

-k Generate a KRL file. In this mode, ssh-keygen will generate a
KRL file at the location specified via the -f flag that revokes
every key or certificate presented on the command line.
Keys/certificates to be revoked may be specified by public key
file or using the format described in the KEY REVOCATION LISTS
section.

-L Prints the contents of one or more certificates.

-l Show fingerprint of specified public key file. Private RSA1 keys
are also supported. For RSA and DSA keys ssh-keygen tries to
find the matching public key file and prints its fingerprint. If
combined with -v, a visual ASCII art representation of the key is
supplied with the fingerprint.

-M memory
Specify the amount of memory to use (in megabytes) when generat‐
ing candidate moduli for DH-GEX.

-m key_format
Specify a key format for the -i (import) or -e (export) conver‐
sion options. The supported key formats are: “RFC4716” (RFC
4716/SSH2 public or private key), “PKCS8” (PEM PKCS8 public key)
or “PEM” (PEM public key). The default conversion format is
“RFC4716”.

-N new_passphrase
Provides the new passphrase.

-n principals
Specify one or more principals (user or host names) to be
included in a certificate when signing a key. Multiple princi‐
pals may be specified, separated by commas. Please see the
CERTIFICATES section for details.

-O option
Specify a certificate option when signing a key. This option may
be specified multiple times. Please see the CERTIFICATES section
for details. The options that are valid for user certificates
are:

clear Clear all enabled permissions. This is useful for clear‐
ing the default set of permissions so permissions may be
added individually.

force-command=command
Forces the execution of command instead of any shell or
command specified by the user when the certificate is
used for authentication.

no-agent-forwarding
Disable ssh-agent(1) forwarding (permitted by default).

no-port-forwarding
Disable port forwarding (permitted by default).

no-pty Disable PTY allocation (permitted by default).

no-user-rc
Disable execution of ~/.ssh/rc by sshd(8) (permitted by
default).

no-x11-forwarding
Disable X11 forwarding (permitted by default).

permit-agent-forwarding
Allows ssh-agent(1) forwarding.

permit-port-forwarding
Allows port forwarding.

permit-pty
Allows PTY allocation.

permit-user-rc
Allows execution of ~/.ssh/rc by sshd(8).

permit-x11-forwarding
Allows X11 forwarding.

source-address=address_list
Restrict the source addresses from which the certificate
is considered valid. The address_list is a comma-sepa‐
rated list of one or more address/netmask pairs in CIDR
format.

At present, no options are valid for host keys.

-o Causes ssh-keygen to save private keys using the new OpenSSH for‐
mat rather than the more compatible PEM format. The new format
has increased resistance to brute-force password cracking but is
not supported by versions of OpenSSH prior to 6.5. Ed25519 keys
always use the new private key format.

-P passphrase
Provides the (old) passphrase.

-p Requests changing the passphrase of a private key file instead of
creating a new private key. The program will prompt for the file
containing the private key, for the old passphrase, and twice for
the new passphrase.

-Q Test whether keys have been revoked in a KRL.

-q Silence ssh-keygen.

-R hostname
Removes all keys belonging to hostname from a known_hosts file.
This option is useful to delete hashed hosts (see the -H option
above).

-r hostname
Print the SSHFP fingerprint resource record named hostname for
the specified public key file.

-S start
Specify start point (in hex) when generating candidate moduli for
DH-GEX.

-s ca_key
Certify (sign) a public key using the specified CA key. Please
see the CERTIFICATES section for details.

When generating a KRL, -s specifies a path to a CA public key
file used to revoke certificates directly by key ID or serial
number. See the KEY REVOCATION LISTS section for details.

-T output_file
Test DH group exchange candidate primes (generated using the -G
option) for safety.

-t dsa | ecdsa | ed25519 | rsa | rsa1
Specifies the type of key to create. The possible values are
“rsa1” for protocol version 1 and “dsa”, “ecdsa”, “ed25519”, or
“rsa” for protocol version 2.

-u Update a KRL. When specified with -k, keys listed via the com‐
mand line are added to the existing KRL rather than a new KRL
being created.

-V validity_interval
Specify a validity interval when signing a certificate. A valid‐
ity interval may consist of a single time, indicating that the
certificate is valid beginning now and expiring at that time, or
may consist of two times separated by a colon to indicate an
explicit time interval. The start time may be specified as a
date in YYYYMMDD format, a time in YYYYMMDDHHMMSS format or a
relative time (to the current time) consisting of a minus sign
followed by a relative time in the format described in the TIME
FORMATS section of sshd_config(5). The end time may be specified
as a YYYYMMDD date, a YYYYMMDDHHMMSS time or a relative time
starting with a plus character.

For example: “+52w1d” (valid from now to 52 weeks and one day
from now), “-4w:+4w” (valid from four weeks ago to four weeks
from now), “20100101123000:20110101123000” (valid from 12:30 PM,
January 1st, 2010 to 12:30 PM, January 1st, 2011), “-1d:20110101”
(valid from yesterday to midnight, January 1st, 2011).

-v Verbose mode. Causes ssh-keygen to print debugging messages
about its progress. This is helpful for debugging moduli genera‐
tion. Multiple -v options increase the verbosity. The maximum
is 3.

-W generator
Specify desired generator when testing candidate moduli for DH-
GEX.

-y This option will read a private OpenSSH format file and print an
OpenSSH public key to stdout.

-z serial_number
Specifies a serial number to be embedded in the certificate to
distinguish this certificate from others from the same CA. The
default serial number is zero.

When generating a KRL, the -z flag is used to specify a KRL ver‐
sion number.

MODULI GENERATION
ssh-keygen may be used to generate groups for the Diffie-Hellman Group
Exchange (DH-GEX) protocol. Generating these groups is a two-step
process: first, candidate primes are generated using a fast, but memory
intensive process. These candidate primes are then tested for suitabil‐
ity (a CPU-intensive process).

Generation of primes is performed using the -G option. The desired
length of the primes may be specified by the -b option. For example:

# ssh-keygen -G moduli-2048.candidates -b 2048

By default, the search for primes begins at a random point in the desired
length range. This may be overridden using the -S option, which speci‐
fies a different start point (in hex).

Once a set of candidates have been generated, they must be screened for
suitability. This may be performed using the -T option. In this mode
ssh-keygen will read candidates from standard input (or a file specified
using the -f option). For example:

# ssh-keygen -T moduli-2048 -f moduli-2048.candidates

By default, each candidate will be subjected to 100 primality tests.
This may be overridden using the -a option. The DH generator value will
be chosen automatically for the prime under consideration. If a specific
generator is desired, it may be requested using the -W option. Valid
generator values are 2, 3, and 5.

Screened DH groups may be installed in /etc/ssh/moduli. It is important
that this file contains moduli of a range of bit lengths and that both
ends of a connection share common moduli.

CERTIFICATES
ssh-keygen supports signing of keys to produce certificates that may be
used for user or host authentication. Certificates consist of a public
key, some identity information, zero or more principal (user or host)
names and a set of options that are signed by a Certification Authority
(CA) key. Clients or servers may then trust only the CA key and verify
its signature on a certificate rather than trusting many user/host keys.
Note that OpenSSH certificates are a different, and much simpler, format
to the X.509 certificates used in ssl(8).

ssh-keygen supports two types of certificates: user and host. User cer‐
tificates authenticate users to servers, whereas host certificates
authenticate server hosts to users. To generate a user certificate:

$ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub

The resultant certificate will be placed in /path/to/user_key-cert.pub.
A host certificate requires the -h option:

$ ssh-keygen -s /path/to/ca_key -I key_id -h /path/to/host_key.pub

The host certificate will be output to /path/to/host_key-cert.pub.

It is possible to sign using a CA key stored in a PKCS#11 token by pro‐
viding the token library using -D and identifying the CA key by providing
its public half as an argument to -s:

$ ssh-keygen -s ca_key.pub -D libpkcs11.so -I key_id user_key.pub

In all cases, key_id is a "key identifier" that is logged by the server
when the certificate is used for authentication.

Certificates may be limited to be valid for a set of principal
(user/host) names. By default, generated certificates are valid for all
users or hosts. To generate a certificate for a specified set of princi‐
pals:

$ ssh-keygen -s ca_key -I key_id -n user1,user2 user_key.pub
$ ssh-keygen -s ca_key -I key_id -h -n host.domain host_key.pub

Additional limitations on the validity and use of user certificates may
be specified through certificate options. A certificate option may dis‐
able features of the SSH session, may be valid only when presented from
particular source addresses or may force the use of a specific command.
For a list of valid certificate options, see the documentation for the -O
option above.

Finally, certificates may be defined with a validity lifetime. The -V
option allows specification of certificate start and end times. A cer‐
tificate that is presented at a time outside this range will not be con‐
sidered valid. By default, certificates are valid from UNIX Epoch to the
distant future.

For certificates to be used for user or host authentication, the CA pub‐
lic key must be trusted by sshd(8) or ssh(1). Please refer to those man‐
ual pages for details.

KEY REVOCATION LISTS
ssh-keygen is able to manage OpenSSH format Key Revocation Lists (KRLs).
These binary files specify keys or certificates to be revoked using a
compact format, taking as little as one bit per certificate if they are
being revoked by serial number.

KRLs may be generated using the -k flag. This option reads one or more
files from the command line and generates a new KRL. The files may
either contain a KRL specification (see below) or public keys, listed one
per line. Plain public keys are revoked by listing their hash or con‐
tents in the KRL and certificates revoked by serial number or key ID (if
the serial is zero or not available).

Revoking keys using a KRL specification offers explicit control over the
types of record used to revoke keys and may be used to directly revoke
certificates by serial number or key ID without having the complete orig‐
inal certificate on hand. A KRL specification consists of lines contain‐
ing one of the following directives followed by a colon and some direc‐
tive-specific information.

serial: serial_number[-serial_number]
Revokes a certificate with the specified serial number. Serial
numbers are 64-bit values, not including zero and may be
expressed in decimal, hex or octal. If two serial numbers are
specified separated by a hyphen, then the range of serial numbers
including and between each is revoked. The CA key must have been
specified on the ssh-keygen command line using the -s option.

id: key_id
Revokes a certificate with the specified key ID string. The CA
key must have been specified on the ssh-keygen command line using
the -s option.

key: public_key
Revokes the specified key. If a certificate is listed, then it
is revoked as a plain public key.

sha1: public_key
Revokes the specified key by its SHA1 hash.

KRLs may be updated using the -u flag in addition to -k. When this
option is specified, keys listed via the command line are merged into the
KRL, adding to those already there.

It is also possible, given a KRL, to test whether it revokes a particular
key (or keys). The -Q flag will query an existing KRL, testing each key
specified on the command line. If any key listed on the command line has
been revoked (or an error encountered) then ssh-keygen will exit with a
non-zero exit status. A zero exit status will only be returned if no key
was revoked.

FILES
~/.ssh/identity
Contains the protocol version 1 RSA authentication identity of
the user. This file should not be readable by anyone but the
user. It is possible to specify a passphrase when generating the
key; that passphrase will be used to encrypt the private part of
this file using 3DES. This file is not automatically accessed by
ssh-keygen but it is offered as the default file for the private
key. ssh(1) will read this file when a login attempt is made.

~/.ssh/identity.pub
Contains the protocol version 1 RSA public key for authentica‐
tion. The contents of this file should be added to
~/.ssh/authorized_keys on all machines where the user wishes to
log in using RSA authentication. There is no need to keep the
contents of this file secret.

~/.ssh/id_dsa
~/.ssh/id_ecdsa
~/.ssh/id_ed25519
~/.ssh/id_rsa
Contains the protocol version 2 DSA, ECDSA, Ed25519 or RSA
authentication identity of the user. This file should not be
readable by anyone but the user. It is possible to specify a
passphrase when generating the key; that passphrase will be used
to encrypt the private part of this file using 128-bit AES. This
file is not automatically accessed by ssh-keygen but it is
offered as the default file for the private key. ssh(1) will
read this file when a login attempt is made.

~/.ssh/id_dsa.pub
~/.ssh/id_ecdsa.pub
~/.ssh/id_ed25519.pub
~/.ssh/id_rsa.pub
Contains the protocol version 2 DSA, ECDSA, Ed25519 or RSA public
key for authentication. The contents of this file should be
added to ~/.ssh/authorized_keys on all machines where the user
wishes to log in using public key authentication. There is no
need to keep the contents of this file secret.

/etc/ssh/moduli
Contains Diffie-Hellman groups used for DH-GEX. The file format
is described in moduli(5).

ENVIRONMENT
SSH_USE_STRONG_RNG
The reseeding of the OpenSSL random generator is usually done
from /dev/urandom. If the SSH_USE_STRONG_RNG environment vari‐
able is set to value other than 0 the OpenSSL random generator is
reseeded from /dev/random. The number of bytes read is defined
by the SSH_USE_STRONG_RNG value. Minimum is 14 bytes. This set‐
ting is not recommended on the computers without the hardware
random generator because insufficient entropy causes the connec‐
tion to be blocked until enough entropy is available.

SEE ALSO
ssh(1), ssh-add(1), ssh-agent(1), moduli(5), sshd(8)

The Secure Shell (SSH) Public Key File Format, RFC 4716, 2006.

AUTHORS
OpenSSH is a derivative of the original and free ssh 1.2.12 release by
Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
de Raadt and Dug Song removed many bugs, re-added newer features and cre‐
ated OpenSSH. Markus Friedl contributed the support for SSH protocol
versions 1.5 and 2.0.

BSD March 30, 2020 BSD