blob: 9f3dde2bcf353d7f29a97b78676fd38f04262690 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
|
SSH Setup & Key Management
==========================
## Refs
- [Insane answer about key formats](https://stackoverflow.com/a/29707204/4415884)
## Create New Ssh Key
Create "path/to/key" and "path/to/key.pub" as a 2048 bit RSA with
"your comment" as comment (you can skip "-C comment" if you dont care).
```sh
ssh-keygen -t rsa -b 2048 -f path/to/key -C "your comment"
```
Create "path/to/key" and "path/to/key.pub" as an elliptic curve.
```sh
ssh-keygen -t ed25519 -f path/to/key -C "your comment"
```
## Change Passphrase
```sh
ssh-keygen -p -f path/to/key
```
NOTE: Just hitting enter when asked for the new one will remove the passphrase.
## Inspect keys
Print public key hash:
```sh
ssh-keygen -l -f path/to/key.pub
```
Print public key hash as md5:
```sh
ssh-keygen -E md5 -l -f path/to/key.pub
```
```sh
ssh-keygen -y -f path/to/key > path/to/key.pub
```
Print detailed DER file content:
openssl x509 -in dumpcertfile -inform DER -text
## Export pub key in misc formats
ssh-keygen -e -f path/to/ssh2pub-or-privKey -m PKCS8
openssl rsa -in path/to/ssh2pub-or-privKey -outform DER
SPKI to PKCS1:
openssl rsa -pubin -in path/to/spki -RSAPublicKey_out
PKCS1 to SPKI:
openssl rsa -RSAPublicKey_in -in path/to/pkcs1 -pubout
TODO to PKCS8:
ssh-keygen -i -f path/to/key.pub -e -m PKCS8 > path/to/pub.pem
## Remove obsolete entry from known_hosts
ssh-keygen -f path/to/known_hosts -R "example.com"
## TODO
-e This option will read a private or public OpenSSH key file
and print to stdout a public key in one of the formats
specified by the -m option. The default export format is
“RFC4716”. This option allows exporting OpenSSH keys for
use by other programs, including several commercial SSH
implementations.
|