← 返回命令列表

Linux command

ssh-keygen 命令

网络

需要网络或远程资源。

常用示例

Generate an SSH key pair

ssh-keygen -t ed25519

Generate an RSA key

ssh-keygen -t rsa -b 4096

Generate a key with custom filename

ssh-keygen -t ed25519 -f [~/.ssh/mykey] -C "[user@host]"

Change the passphrase

ssh-keygen -p -f [~/.ssh/id_ed25519]

View the fingerprint

ssh-keygen -l -f [~/.ssh/id_ed25519.pub]

Extract public key

ssh-keygen -y -f [~/.ssh/id_ed25519] > [~/.ssh/id_ed25519.pub]

Generate host keys

sudo ssh-keygen -A

Convert key to different format

ssh-keygen -e -f [~/.ssh/id_rsa.pub] -m [RFC4716]

说明

ssh-keygen generates, manages, and converts authentication keys for SSH. It creates public/private key pairs used for passwordless authentication and host verification. The private key stays on your machine (protected by passphrase), while the public key is copied to servers you want to access. Modern best practice recommends Ed25519 keys for their security and performance, though RSA 4096 remains widely compatible. Keys are stored in ~/.ssh/ by default: private key as id_ed25519 (or id_rsa, etc.) and public key with .pub extension. The public key is copied to ~/.ssh/authorized_keys on remote servers for authentication.

参数

-t _TYPE_
Key type: ed25519 (recommended), rsa, ecdsa, dsa
-b _BITS_
Key size in bits (RSA: 2048-4096, ECDSA: 256/384/521)
-f _FILE_
Output filename for the key
-C _COMMENT_
Comment to embed in key (typically user@host)
-N _PASSPHRASE_
New passphrase for the key
-P _PASSPHRASE_
Old passphrase when changing
-p
Change passphrase of existing key
-l
Show fingerprint of key file
-E _HASH_
Hash algorithm for fingerprint (md5, sha256)
-y
Output public key from private key
-e
Export key to other formats
-i
Import key from other formats
-m _FORMAT_
Key format (RFC4716, PKCS8, PEM)
-A
Generate all missing host key types
-R _HOST_
Remove host from known_hosts
-F _HOST_
Search for host in known_hosts
-q
Quiet mode

FAQ

What is the ssh-keygen command used for?

ssh-keygen generates, manages, and converts authentication keys for SSH. It creates public/private key pairs used for passwordless authentication and host verification. The private key stays on your machine (protected by passphrase), while the public key is copied to servers you want to access. Modern best practice recommends Ed25519 keys for their security and performance, though RSA 4096 remains widely compatible. Keys are stored in ~/.ssh/ by default: private key as id_ed25519 (or id_rsa, etc.) and public key with .pub extension. The public key is copied to ~/.ssh/authorized_keys on remote servers for authentication.

How do I run a basic ssh-keygen example?

Run `ssh-keygen -t ed25519` in a terminal, then adjust file names, paths, flags, or remote targets for your system.

What does -t _TYPE_ do in ssh-keygen?

Key type: ed25519 (recommended), rsa, ecdsa, dsa