ssh-keygen Command Line Utility
ssh-keygen - Creation, management, and conversion of keys used for client and server authentication.
ssh-keygen [-b bits] -t type [-N new_passphrase] [-C comment] [-f output_keyfile]
ssh-keygen -B [-f input_keyfile]
ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]
ssh-keygen -e [-f input_keyfile]
ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]
ssh-keygen -i [-f input_keyfile]
ssh-keygen -y [-f input_keyfile]
ssh-keygen -l [-f input_keyfile]
You can use the ssh-keygen command line utility to create RSA and DSA keys for public key authentication, to edit properties of existing keys, and to convert file formats. When no options are specified, ssh-keygen generates a 2048-bit RSA key pair and queries you for a key name and a passphrase to protect the private key. Public keys are created using the same base name as the private key, with an added .pub extension. The key location is displayed when key generation is complete.
Specifies the key size. Up to a point a larger key size improves security. A larger key size slows down the initial connection, but has no effect on the speed of encryption or decryption of the data stream after a successful connection has been made. The length of key you should use depends on many factors, including: the key type, the lifetime of the key, the value of the data being protected, the resources available to a potential attacker, and the size of the symmetric key you use in conjunction with this asymmetric key. To ensure the best choice for your needs, we recommend that you contact your security officer. The default for DSA keys is 1024 bits; for RSA it is 2048 bits.
Shows the MD5 fingerprint and SHA-1 Bubble Babble digest of a private or public key file. You can specify the key file using -f. If you don't specify a file, you are queried for a file name.
Requests a change of the comment in the private and public key files. This operation is only supported for RSA1 keys. The program will prompt for the file containing the private keys, for the passphrase if the key has one, and for the new comment.
Specifies information for the comment field within the key file. Use quotation marks if the string includes spaces. If you do not specify a comment when you create a key, a default comment is created that includes the key type, creator, date, and time.
Uses the specified OpenSSH public or private key to generate a public key in Reflection format. You can specify the key file using -f. If you don't specify a file, you are queried for a file name.
Specifies the file name to be used for the generated private key. (A public key is also created and is always given the same name as the private key, with an added .pub file extension.) This option can also be used in combination with -e, -i, -l, -p, -y, and -B to specify the input file name.
Uses the specified Reflection public or private key to generate a public or private key in OpenSSH format. You can specify the key file using -f. If you don't specify a file, you are queried for a file name.
Show fingerprint of specified public key file. Private RSA1 keys are also supported. For RSA and DSA keys ssh-keygen tries to find the matching public key file and prints its fingerprint.
Provides the new passphrase.
Use this option to change the passphrase of an existing private key. If you use this option alone, the program prompts for the file containing the private key, for the old passphrase, and twice for the new passphrase. You can use it in combination with -f, -P, and -N to change the passphrase non-interactively. For example:
ssh-keygen -p -f keyfile -P oldpassphrase -N newpassphrase
Provides the (old) passphrase.
Specifies the algorithm used for key generation. The possible values are "rsa" or "dsa" for protocol version 2.
Uses the specified private key to derive a new copy of the public key. You can specify the key file using -f. If you don't specify a file, you are queried for a file name.
ssh-keygen returns 0 (zero) if the command completes successfully. Any non-zero value indicates a failure.