Linux 常用工具openssh之ssh-keygen

前言

ssh-keygen命令用于为“ssh”生成、管理和转换认证密钥，它支持RSA和DSA两种认证密钥。

 

语法

ssh-keygen (选项)

 

选项

-b：指定密钥长度；
-e：读取openssh的私钥或者公钥文件；
-C：添加注释；
-f：指定用来保存密钥的文件名；
-i：读取未加密的ssh-v2兼容的私钥/公钥文件，然后在标准输出设备上显示openssh兼容的私钥/公钥；
-l：显示公钥文件的指纹数据；
-N：提供一个新密语；
-P：提供（旧）密语；
-q：静默模式；
-t：指定要创建的密钥类型。
-y：此选项将读取私有 OpenSSH 格式文件并将 OpenSSH 公钥打印到标准输出。

 

实例

设定密钥长度

sh-4.2# ssh-keygen -b 1024 
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:BAeLXuOw0HUpGFhfCtfaxH/6cEkiXanp4G6qPir91Vw root@host-88
The key's randomart image is:
+---[RSA 1024]----+
|   o+o=++.   .   |
|  ...*.B=   o    |
|  . + *=.o +     |
|   o =.o+ * o    |
|    o ..S+E= .   |
|       o..+ o    |
| .    ..o  +     |
|. . ..  o   .    |
| ..++o.o         |
+----[SHA256]-----+

 

静默输出

sh-4.2# ssh-keygen -b 1024 -q
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again:

 

设定加密类型

sh-4.2# ssh-keygen -b 1024 -q -t dsa
Enter file in which to save the key (/root/.ssh/id_dsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 

# 目前ssh加密支持rsa与dsa这两种；尽量使用rsa

 

通过私钥获取公钥信息

sh-4.2# ssh-keygen -y -f ~/.ssh/id_rsa
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDO6F1XXk1/b+IMz6WDWOfKnvSScFlvQjHD6OQNi3V2QctorlbgyaTi3eAYzLre/2hjAFk6db7eBRWtWUsTTCvw9OPM8nGQCTht3y2YmR6WdqF61QsPJqDyv2wQ7FOi29qRMkh6C9V1hAone3dUVxZpLM7WyPBoFnzZ9+ZMvsPHUAL1Wan7MDZKwvByKAJTy4uaG3MeNKbIh31UWONKeJp3nlQFXBZ0DexjJ81miRpx4xSC0uv4NpgHY32Cw2PqE7fCTulIXTB0QUYzQHSruVhBDhVLHKg8GtLWGAZOs6kaC/Gx9MIWw9hA2EEGxqB2d4oJPKZZAEuTwQkf6gG/UjNj