2025516星期五 12:55pm

【Linux】一步一步学Linux——ssh-keygen命令(178)

00. 目录

文章目录

01. 命令概述

ssh-keygen命令用于为“ssh”生成、管理和转换认证密钥,它支持RSA和DSA两种认证密钥。

02. 命令格式

语法
     ssh-keygen [-q] [-b bits] -t type [-N new_passphrase] [-C comment] [-f output_keyfile]
     ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]
     ssh-keygen -i [-f input_keyfile]
     ssh-keygen -e [-f input_keyfile]
     ssh-keygen -y [-f input_keyfile]
     ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]
     ssh-keygen -l [-f input_keyfile]
     ssh-keygen -B [-f input_keyfile]
     ssh-keygen -D reader
     ssh-keygen -F hostname [-f known_hosts_file]
     ssh-keygen -H [-f known_hosts_file]
     ssh-keygen -R hostname [-f known_hosts_file]
     ssh-keygen -U reader [-f input_keyfile]
     ssh-keygen -r hostname [-f input_keyfile] [-g]
     ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point]
     ssh-keygen -T output_file -f input_file [-v] [-a num_trials] [-W generator]


  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18

03. 常用选项

-b:指定密钥长度;
-e:读取openssh的私钥或者公钥文件;
-C:添加注释;
-f:指定用来保存密钥的文件名;
-i:读取未加密的ssh-v2兼容的私钥/公钥文件,然后在标准输出设备上显示openssh兼容的私钥/公钥;
-l:显示公钥文件的指纹数据;
-N:提供一个新密语;
-P:提供(旧)密语;
-q:静默模式;
-t:指定要创建的密钥类型。

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10

04. 参考示例

4.1 创建一个默认密钥

[root@localhost ~]# ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:QfclO+AvXZ/O6vGNfzo4P2pftiHRoKG2fgc5p9bvu1o root@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
|        . o . .  |
|       . o o +   |
|        . ..+..  |
|         ..oooo..|
|        So..+. o.|
|        . .= .+  |
|         .  *+ Eo|
|        .  ++oO+=|
|         .o.+OO%*|
+----[SHA256]-----+
[root@localhost ~]# 

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22

4.2 指定要创建的密钥类型

[root@localhost ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:nTaoqOxlG6IQQ2zDTMvSk2EON+4tLrYqPy7IBrstoy4 root@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
|..=              |
|*B.+             |
|.X*              |
|+..o     o .     |
|o o .   S =      |
|.+ . . . . .     |
|*oo = .          |
|EBo= o           |
|%@B..            |
+----[SHA256]-----+
[root@localhost ~]# 

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24

4.3 使用-t参数创建一个指定密钥的类型并添加注释

[root@localhost ~]# ssh-keygen -t rsa -C "deng@qq.com"
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Wx3MWwj36fwhcnb6hjdIIJ3SUggCLcmFq62Earqy2E0 deng@qq.com
The key's randomart image is:
+---[RSA 2048]----+
|  ..*o .. o .    |
|   = ..  . * o . |
|    o     + * +  |
|   .     + * *   |
|. o     S =.++oo |
|.o .     o  +.+..|
|o . E   .   ..o .|
|++ o         o.+ |
|Oo. .         o..|
+----[SHA256]-----+
[root@localhost ~]# 

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24

4.4 读取openssh的私钥或者公钥文件

[root@localhost ~]# ssh-keygen -e
Enter file in which the key is (/root/.ssh/id_rsa): 
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "2048-bit RSA, converted by root@localhost.localdomain from O"
AAAAB3NzaC1yc2EAAAADAQABAAABAQCyQ/iZYPZHH7+4Gcfq259xChnidsf25piKsnRi+o
/XZcD0s9QL8oX24OuX5pPQcmfD6Rw6sQCrTy66LrSw2NmPpKc0XdUbXEkLYBN4d3SY+ZLT
3Ot8L6jaDmwgXsBu8lTXzAEWLm+16RXAZAB/27ohi48PfcIDYyeJ1JDpieCJ1/a/KrR9V4
erWVBt/ZE8KoC0MTQlUn7H3oABVS9O6sdY4dYc/T9l33EbqZMc2feYZnuWtrPdrYfz37C+
kzg3ZrDojGXtiWk1p/PG5KoAH6GzuYYIuMtrUTnadRv4wZo29RF+n5Ty8HEeYqSceHWWvw
Jjqnpqj9cgeNQvq6E3PJbD
---- END SSH2 PUBLIC KEY ----
[root@localhost ~]# 

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12

4.5 安静模式生成密钥对

[root@localhost ~]# ssh-keygen -q -t rsa
Enter file in which to save the key (/root/.ssh/id_rsa): 
/root/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
[root@localhost ~]# 

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7

05. 附录

参考:【Linux】一步一步学Linux系列教程汇总

注:本文转载自blog.csdn.net的沧海一笑-dj的文章"https://blog.csdn.net/dengjin20104042056/article/details/100045563"。版权归原作者所有,此博客不拥有其著作权,亦不承担相应法律责任。如有侵权,请联系我们删除。
复制链接
相关推荐
发表评论

评论记录:

未查询到任何数据!