SSH Keygen
The ssh-keygen command is a powerful utility for
creating, managing, and converting authentication keys for SSH
(Secure Shell). It's essential for secure remote access and
authentication to servers and services.
Generate SSH Keys
This section covers the basic commands to generate different types of SSH keys.
Generate a standard RSA SSH key
ssh-keygen -t rsaGenerate a 4096-bit RSA SSH key
Using a longer key length enhances security.
ssh-keygen -t rsa -b 4096Generate a FIDO/U2F token-backed key
For hardware security keys.
ssh-keygen -t ed25519-skGenerate a FIDO2 resident key
Allows the authenticator to store the key and respond to challenges without the private key leaving the device.
ssh-keygen -t ed25519-sk -O residentManage SSH Key Passphrases
Protecting your private keys with a passphrase is a crucial security practice.
Update a passphrase on an existing SSH key
ssh-keygen -p -P <old-passphrase> -N <new-passphrase> -f <keyfile>Remove a passphrase from an SSH key
Use with caution, as this reduces the security of your private key.
ssh-keygen -p -P <old-passphrase> -N '' -f <keyfile>Advanced SSH Key Generation Options
Combine options for more specific key generation needs.
Generate a 4096-bit RSA key with a passphrase and comment
Includes the user and hostname in the key's comment field.
ssh-keygen -t rsa -b 4096 -C "$USER@$HOSTNAME" -P <passphrase>View SSH Key Information
Inspect your SSH keys and their properties.
Print the fingerprint of a public key
Displays the key's unique identifier.
ssh-keygen -lf <keyfile>Print the Github-style (MD5) fingerprint of a public key
Useful for compatibility with certain platforms.
ssh-keygen -E md5 -lf <keyfile>FIDO2 Authenticator Operations
Interact with FIDO2 security keys.
Download resident keys from a FIDO2 authenticator
ssh-keygen -KExtract Public Key from Private Key
Obtain the public key component from a private key file.
ssh-keygen -y -f <private-key-file> > <public-key-file>Example:
ssh-keygen -y -f ~/.ssh/private-key > ~/.ssh/public-key.pub