本文共 4168 字，大约阅读时间需要 13 分钟。

00. 目录

01. 命令概述

ssh-keygen命令用于为“ssh”生成、管理和转换认证密钥，它支持RSA和DSA两种认证密钥。

02. 命令格式

语法     ssh-keygen [-q] [-b bits] -t type [-N new_passphrase] [-C comment] [-f output_keyfile]     ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]     ssh-keygen -i [-f input_keyfile]     ssh-keygen -e [-f input_keyfile]     ssh-keygen -y [-f input_keyfile]     ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]     ssh-keygen -l [-f input_keyfile]     ssh-keygen -B [-f input_keyfile]     ssh-keygen -D reader     ssh-keygen -F hostname [-f known_hosts_file]     ssh-keygen -H [-f known_hosts_file]     ssh-keygen -R hostname [-f known_hosts_file]     ssh-keygen -U reader [-f input_keyfile]     ssh-keygen -r hostname [-f input_keyfile] [-g]     ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point]     ssh-keygen -T output_file -f input_file [-v] [-a num_trials] [-W generator]

03. 常用选项

-b：指定密钥长度；-e：读取openssh的私钥或者公钥文件；-C：添加注释；-f：指定用来保存密钥的文件名；-i：读取未加密的ssh-v2兼容的私钥/公钥文件，然后在标准输出设备上显示openssh兼容的私钥/公钥；-l：显示公钥文件的指纹数据；-N：提供一个新密语；-P：提供（旧）密语；-q：静默模式；-t：指定要创建的密钥类型。

04. 参考示例

4.1 创建一个默认密钥

[root@localhost ~]# ssh-keygen Generating public/private rsa key pair.Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa.Your public key has been saved in /root/.ssh/id_rsa.pub.The key fingerprint is:SHA256:QfclO+AvXZ/O6vGNfzo4P2pftiHRoKG2fgc5p9bvu1o root@localhost.localdomainThe key's randomart image is:+---[RSA 2048]----+|        . o . .  ||       . o o +   ||        . ..+..  ||         ..oooo..||        So..+. o.||        . .= .+  ||         .  *+ Eo||        .  ++oO+=||         .o.+OO%*|+----[SHA256]-----+[root@localhost ~]#

4.2 指定要创建的密钥类型

[root@localhost ~]# ssh-keygen -t rsaGenerating public/private rsa key pair.Enter file in which to save the key (/root/.ssh/id_rsa): /root/.ssh/id_rsa already exists.Overwrite (y/n)? yEnter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa.Your public key has been saved in /root/.ssh/id_rsa.pub.The key fingerprint is:SHA256:nTaoqOxlG6IQQ2zDTMvSk2EON+4tLrYqPy7IBrstoy4 root@localhost.localdomainThe key's randomart image is:+---[RSA 2048]----+|..=              ||*B.+             ||.X*              ||+..o     o .     ||o o .   S =      ||.+ . . . . .     ||*oo = .          ||EBo= o           ||%@B..            |+----[SHA256]-----+[root@localhost ~]#

4.3 使用-t参数创建一个指定密钥的类型并添加注释

[root@localhost ~]# ssh-keygen -t rsa -C "deng@qq.com"Generating public/private rsa key pair.Enter file in which to save the key (/root/.ssh/id_rsa): /root/.ssh/id_rsa already exists.Overwrite (y/n)? yEnter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa.Your public key has been saved in /root/.ssh/id_rsa.pub.The key fingerprint is:SHA256:Wx3MWwj36fwhcnb6hjdIIJ3SUggCLcmFq62Earqy2E0 deng@qq.comThe key's randomart image is:+---[RSA 2048]----+|  ..*o .. o .    ||   = ..  . * o . ||    o     + * +  ||   .     + * *   ||. o     S =.++oo ||.o .     o  +.+..||o . E   .   ..o .||++ o         o.+ ||Oo. .         o..|+----[SHA256]-----+[root@localhost ~]#

4.4 读取openssh的私钥或者公钥文件

[root@localhost ~]# ssh-keygen -eEnter file in which the key is (/root/.ssh/id_rsa): ---- BEGIN SSH2 PUBLIC KEY ----Comment: "2048-bit RSA, converted by root@localhost.localdomain from O"AAAAB3NzaC1yc2EAAAADAQABAAABAQCyQ/iZYPZHH7+4Gcfq259xChnidsf25piKsnRi+o/XZcD0s9QL8oX24OuX5pPQcmfD6Rw6sQCrTy66LrSw2NmPpKc0XdUbXEkLYBN4d3SY+ZLT3Ot8L6jaDmwgXsBu8lTXzAEWLm+16RXAZAB/27ohi48PfcIDYyeJ1JDpieCJ1/a/KrR9V4erWVBt/ZE8KoC0MTQlUn7H3oABVS9O6sdY4dYc/T9l33EbqZMc2feYZnuWtrPdrYfz37C+kzg3ZrDojGXtiWk1p/PG5KoAH6GzuYYIuMtrUTnadRv4wZo29RF+n5Ty8HEeYqSceHWWvwJjqnpqj9cgeNQvq6E3PJbD---- END SSH2 PUBLIC KEY ----[root@localhost ~]#

4.5 安静模式生成密钥对

[root@localhost ~]# ssh-keygen -q -t rsaEnter file in which to save the key (/root/.ssh/id_rsa): /root/.ssh/id_rsa already exists.Overwrite (y/n)? yEnter passphrase (empty for no passphrase): Enter same passphrase again: [root@localhost ~]#

05. 附录

参考：

转载地址：https://dengjin.blog.csdn.net/article/details/100045563 如侵犯您的版权，请留言回复原文章的地址，我们会给您删除此文章，给您带来不便请您谅解！