For RSA keys, the minimum size is 768 bits and the default is 2048 bits. Specifies the number of bits in the key to create. B' Show the bubblebabble digest of specified private or public key file. a trials Specifies the number of primality tests to perform when screening DH-GEX candidates using the -T command. The comment is initialized to when the key is created, but can be changed using the -c option.Īfter a key is generated, instructions below detail where the keys should be placed to be activated. If the passphrase is lost or forgotten, a new key must be generated and copied to the corresponding public keyįor RSA1 keys, there is also a comment field in the key file that is only for convenience to the user to help identify the key. There is no way to recover a lost passphrase. The passphrase can be changed later by using the -p option. Prose has only 1-2 bits of entropy per character, and provides very bad passphrases), and contain a mix of upper and lowercase letters, numbers, and Good passphrases are 10-30 characters long, are not simple sentences or otherwise easily guessable (English Whitespace, or any string of characters you want.
A passphrase is similar to a password, except it can be a phrase with a series of words, punctuation, numbers, The passphrase may be empty to indicate no passphrase (host keys must have an empty passphrase), or The public key is stored in a file with the same name but Normally this program generates the key and asks for a file in which to store the private key. Additionally, the system administrator may use this to generate host keys, as seen in /etc/rc. Normally each user wishing to use SSH with RSA or DSA authentication runs this once to create the authentication key in ~/.ssh/identity, See the MODULI GENERATION section for details. Ssh-keygen is also used to generate groups for use in Diffie-Hellman group exchange (DH-GEX). If invoked without anyĪrguments, ssh-keygen will generate an RSA key for use in SSH protocol 2 connections. The type of key to be generated is specified with the -t option. ssh-keygen can create RSA keys for use by SSH protocol version 1Īnd RSA or DSA keys for use by SSH protocol version 2. Ssh-keygen generates, manages and converts authentication keys for ssh(1).