ssh-keygen is a command-line utility used to generate, manage, and convert SSH keys, which are used for secure authentication and remote access. It’s a core component of the OpenSSH protocol suite and is found on various Unix-like and Windows systems.
Here’s a breakdown of how it works and its key features:
1. Generating Key Pairs:
ssh-keygenprimarily creates public and private key pairs for authentication.- The private key is kept securely on your local machine, while the public key is placed on the remote server.
- This allows you to authenticate without repeatedly entering passwords, which is useful for automated logins and secure connections.
Key Types and Algorithms:
ssh-keygensupports various key types, including RSA, ECDSA, and Ed25519.- You can specify the key type using the
-toption (e.g.,ssh-keygen -t rsa). - Key length can also be specified (e.g.,
-b 4096for RSA). - The default key type is Ed25519.
3. Managing and Converting Keys:
- Besides generating new keys,
ssh-keygencan also be used to manage existing keys, including: - Changing passphrases.
- Converting key formats.
- Displaying key fingerprints.
- Generating and updating Key Revocation Lists.
4. Passphrases and Security:
- It’s highly recommended to add a passphrase to your private key for added security.
- This prevents unauthorized access to your private key even if it is compromised.
5. Using
ssh-keygen in Windows:- On Windows,
ssh-keygenis available as part of the OpenSSH client package. - You can access it via the Command Prompt or PowerShell.
Generating using algorithm type RSA
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"Generating using algorithm type ED25519 (this is default)
ssh-keygen -t ed25519 -C "your_email@example.com" // use -ted25519-sk -- if not supported by your system