This command will create a pair of private and public keys.
It will ask for the location of the key and whether to use a passphrase.
[oren@localhost ~]$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/oren/.ssh/id_rsa): /home/oren/.ssh/id_rsa already exists. Overwrite (y/n)? y Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/oren/.ssh/id_rsa. Your public key has been saved in /home/oren/.ssh/id_rsa.pub. The key fingerprint is: 89:17:86:82:6c:7f:8b:b2:2c:0f:d3:52:30:e0:20:86 firstname.lastname@example.org The key's randomart image is: +--[ RSA 2048]----+ |=. | |E. . . | |o.+ . . o | | + . . o o | | . . o S | | o o o | |+ o . . | |.= o | | o+ | +-----------------+
By default, it creates a key with a strength of 2048 bits.
The two key files are:
~/.ssh/id_rsa this is the private key
~/.ssh/id_rsa.pub this is the public key, you upload this key to the server you want to connect with ssh.
- if we want key stronger than 2048 bits, we can use the -b option.
4096 bits is usually supported by most of the server, we create a key with this strength by running the following:
ssh-keygen -b 4096
- ssh-keygen -p
we can use the -p option to remove or change the passphrase of the key file, as long as we know the passphrase.
- ssh-keygen -l
will display the ssh key fingerprint which is a unique cryptographic identifier.
openssl dhparam <bitSize> -text
find a prime number with the size of bitSize.