Creating an Identity
Most SSH implementations include a program for creating key pairs. We cover ssh-keygen from OpenSSH and Tectia.
6.2.1 Generating Keys for OpenSSH
OpenSSH uses the program ssh-keygen to create key pairs. [2.4.2] Let’s go into more detail about this program for creating new keys or modifying existing keys.
6.2.1.1 Creating OpenSSH keys
When creating a new key, you must indicate the key type (DSA or RSA) using the -t flag:
$ ssh-keygen -t dsa
You may also specify these options for creating keys:
The number of bits in the key, using -b; the default is 1024 bits:
$ ssh-keygen -t dsa -b 2048
The name of the private-key file to be generated, using -f. The name is relative to your current directory. Recall that the public-key file is named after the private one with .pub appended.
$ ssh-keygen -t dsa -f mykey Creates mykey and mykey.pub
If you omit the -f option, you are prompted for the information:
$ ssh-keygen -t dsa ... Enter file in which to save the key (/home/barrett/.ssh/id_dsa):
mykey
The default filename for DSA keys is ~/.ssh/id_dsa, and for RSA keys it’s ~/.ssh/id_rsa.
The passphrase to decode the key, using -N:
$ ssh-keygen -t dsa -N secretword
If you omit this option, you’ll be prompted for the information:
$ ssh-keygen -t dsa ... Enter passphrase: [nothing is echoed] Enter the same passphrase again: [nothing is echoed]
A textual comment associated with the key, using -C. If you omit this option, the comment is
username
@host
, whereusername
is your username and ...
Get SSH, The Secure Shell: The Definitive Guide, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.