Skip to content

ssh-keygen

To generate an SSH key

ssh-keygen -t rsa

To generate a 4096-bit SSH key

ssh-keygen -t rsa -b 4096

To generate a FIDO/U2F token-backed key

ssh-keygen -t ed25519-sk

To generate a FIDO2 resident key

ssh-keygen -t ed25519-sk -O resident

To update a passphrase on a key

ssh-keygen -p -P <old-passphrase> -N <new-passphrase> -f <keyfile>

To remove a passphrase on a key

ssh-keygen -p -P <old-passphrase> -N '' -f <keyfile>

To generate a 4096 bit RSA key with a passphase and comment containing the user and hostname

ssh-keygen -t rsa -b 4096 -C "$USER@$HOSTNAME" -P <passphrase>

To print the fingerprint of a public key

ssh-keygen -lf <keyfile>

To print the Github-style (MD5) fingerprint of a public key

ssh-keygen -E md5 -lf <keyfile>

To download resident keys from a FIDO2 authenticator to the current directory

ssh-keygen -K

To view the public key associated with a private key

ssh-keygen -y -f <private-key-file> > <public-key-file>
ssh-keygen -y -f ~/.ssh/private-key > ~/.ssh/public-key.pub
 tldr:ssh-keygen 

ssh-keygen

Generate ssh keys used for authentication, password-less logins, and other things. More information: https://man.openbsd.org/ssh-keygen. Generate a key interactively:

ssh-keygen

Specify file in which to save the key

ssh-keygen -f ~/.ssh/filename

Generate an ed25519 key with 100 key derivation function rounds

ssh-keygen -t ed25519 -a 100

Generate an RSA 4096-bit key with email as a comment

ssh-keygen -t dsa|ecdsa|ed25519|rsa -b 4096 -C "comment|email"

Remove the keys of a host from the known_hosts file (useful when a known host has a new key)

ssh-keygen -R remote_host

Retrieve the fingerprint of a key in MD5 Hex

ssh-keygen -l -E md5 -f ~/.ssh/filename

Change the password of a key

ssh-keygen -p -f ~/.ssh/filename

Change the type of the key format (for example from OPENSSH format to PEM), the file will be rewritten in-place

ssh-keygen -p -N "" -m PEM -f ~/.ssh/OpenSSH_private_key

Generate ssh service key to change identity

ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N "" && sudo systemctl restart ssh && sudo systemctl restart sshd