Linux ssh-keygen and openssl commands

by The full stack developer, posted in Linux
  • ssh-keygen
    This command will create a pair of private and public keys.
    It will ask for the location of the key and whether to use a passphrase.

    
[oren@localhost ~]$ ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/home/oren/.ssh/id_rsa): 
/home/oren/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/oren/.ssh/id_rsa.
Your public key has been saved in /home/oren/.ssh/id_rsa.pub.
The key fingerprint is:
89:17:86:82:6c:7f:8b:b2:2c:0f:d3:52:30:e0:20:86 oren@localhost.localdomain
The key's randomart image is:
+--[ RSA 2048]----+
|=.               |
|E. .   .         |
|o.+ . . o        |
| + . . o o       |
|  . . o S        |
| o   o o         |
|+ o . .          |
|.= o             |
| o+              |
+-----------------+

    By default, it creates a key with a strength of 2048 bits.
    The two key files are:
    ~/.ssh/id_rsa  this is the private key
    ~/.ssh/id_rsa.pub this is the public key, you upload this key to the server you want to connect with ssh.

  • if we want key stronger than 2048 bits, we can use the -b option.
    4096 bits is usually supported by most of the server, we create a key with this strength by running the following:

    ssh-keygen -b 4096
  • ssh-keygen -p
    we can use the -p option to remove or change the passphrase of the key file, as long as we know the passphrase.
  • ssh-keygen -l
    will display the ssh key fingerprint which is a unique cryptographic identifier.
  • openssl dhparam <bitSize> -text 
    find a prime number with the size of bitSize.

2 thoughts on “Linux ssh-keygen and openssl commands

Leave a comment