|
Size: 1321
Comment:
|
← Revision 9 as of 2023-04-06 16:23:38 ⇥
Size: 1348
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| ## page was renamed from Encryption/SSHKeys = SSH Keys = |
= SSH KeyGen = |
| Line 4: | Line 3: |
| '''SSH Keys''' are used for password-less authentication. These carry a greater degree of security than password authentication, especially with careful control of your identity files. | '''`ssh-keygen(1)`''' is used to generate public-private keypairs. |
| Line 14: | Line 13: |
| `ssh-keygen(1)` is bundled with `openssl`. ---- == Usage == |
|
| Line 22: | Line 29: |
| ---- | |
| Line 24: | Line 30: |
== Usage == === Server Configuration === |
|
| Line 48: | Line 49: |
| ---- == See also == [[https://man.archlinux.org/man/core/openssh/ssh-keygen.1.en|ssh-keygen(1)]] [[Encryption/OpenSSH|OpenSSH]] [[Encryption/SSH|SSH]] |
SSH KeyGen
ssh-keygen(1) is used to generate public-private keypairs.
Installation
ssh-keygen(1) is bundled with openssl.
Usage
To generate a new SSH key, try:
ssh-keygen -t rsa -b 4096 -C "[email protected]"
Note that standards are always shifting. In the past, Github recommended a 2048 bits long key. Github now recommends the ed25519 algorithm, instead of rsa.
Legacy Format
OpenSSH 7.8+ uses a new format of SSH keys, which begin with -----BEGIN OPENSSH PRIVATE KEY-----. Some software are not prepared to parse this key format.
To generate a new key using the old format, add the -m PEM option.
To convert an existing key to the old format, try:
ssh-keygen -p -f ~/.ssh/id_rsa -m pem -P "" -N ""
Commercial Services
Github and Gitlab both allow SSH key authentication.