ssh-keygen
To generate a 4096-bit SSH key
ssh-keygen -t rsa -b 4096
To generate a FIDO/U2F token-backed key
To generate a FIDO2 resident key
ssh-keygen -t ed25519-sk -O resident
To update a passphrase on a key
ssh-keygen -p -P <old-passphrase> -N <new-passphrase> -f <keyfile>
To remove a passphrase on a key
ssh-keygen -p -P <old-passphrase> -N '' -f <keyfile>
To generate a 4096 bit RSA key with a passphase and comment containing the user and hostname
ssh-keygen -t rsa -b 4096 -C " $USER @ $HOSTNAME " -P <passphrase>
To print the fingerprint of a public key
To print the Github-style (MD5) fingerprint of a public key
ssh-keygen -E md5 -lf <keyfile>
To download resident keys from a FIDO2 authenticator to the current directory
To view the public key associated with a private key
ssh-keygen -y -f <private-key-file> > <public-key-file>
ssh-keygen -y -f ~/.ssh/private-key > ~/.ssh/public-key.pub
tldr:ssh-keygen
ssh-keygen
Generate ssh keys used for authentication, password-less logins, and other things.
More information: https://man.openbsd.org/ssh-keygen .
Generate a key interactively:
Specify file in which to save the key
ssh-keygen -f ~/.ssh/filename
Generate an ed25519 key with 100 key derivation function rounds
ssh-keygen -t ed25519 -a 100
Generate an RSA 4096-bit key with email as a comment
ssh-keygen -t dsa| ecdsa| ed25519| rsa -b 4096 -C "comment|email"
Remove the keys of a host from the known_hosts file (useful when a known host has a new key)
ssh-keygen -R remote_host
Retrieve the fingerprint of a key in MD5 Hex
ssh-keygen -l -E md5 -f ~/.ssh/filename
Change the password of a key
ssh-keygen -p -f ~/.ssh/filename
Change the type of the key format (for example from OPENSSH format to PEM), the file will be rewritten in-place
ssh-keygen -p -N "" -m PEM -f ~/.ssh/OpenSSH_private_key
Generate ssh service key to change identity
ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N "" && sudo systemctl restart ssh && sudo systemctl restart sshd
ssh