前言
ssh-keygen命令用于为“ssh”生成、管理和转换认证密钥,它支持RSA和DSA两种认证密钥。
语法
ssh-keygen (选项)
选项
-b:指定密钥长度; -e:读取openssh的私钥或者公钥文件; -C:添加注释; -f:指定用来保存密钥的文件名; -i:读取未加密的ssh-v2兼容的私钥/公钥文件,然后在标准输出设备上显示openssh兼容的私钥/公钥; -l:显示公钥文件的指纹数据; -N:提供一个新密语; -P:提供(旧)密语; -q:静默模式; -t:指定要创建的密钥类型。
实例
设定密钥长度
sh-4.2# ssh-keygen -b 1024 Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:BAeLXuOw0HUpGFhfCtfaxH/6cEkiXanp4G6qPir91Vw root@host-88 The key's randomart image is: +---[RSA 1024]----+ | o+o=++. . | | ...*.B= o | | . + *=.o + | | o =.o+ * o | | o ..S+E= . | | o..+ o | | . ..o + | |. . .. o . | | ..++o.o | +----[SHA256]-----+
静默输出
sh-4.2# ssh-keygen -b 1024 -q Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again:
设定加密类型
sh-4.2# ssh-keygen -b 1024 -q -t dsa Enter file in which to save the key (/root/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: # 目前ssh加密支持rsa与dsa这两种;尽量使用rsa