ssh-keygen まとめ
はじめに
ssh-keygen のよく使うオプションをまとめてみた。
作成
オプションなし
特にオプションなしでも作れる。この場合、OpenSSHのバージョン依存で bitや鍵の種類が決まるのであまりお勧めはしない。
[centos@ip-172-31-3-100 ~]$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/centos/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/centos/.ssh/id_rsa. Your public key has been saved in /home/centos/.ssh/id_rsa.pub. The key fingerprint is: fb:f2:a0:05:3b:62:cf:cf:42:3a:87:c6:16:53:e4:a1 centos@ip-172-31-3-100 The key's randomart image is: +--[ RSA 2048]----+ | | | o | | + . | | E o | | .. S | | o .o . | | .o*o + | | .B+o=.o | | o o+oooo | +-----------------+ [centos@ip-172-31-3-100 ~]$
bit 指定
-b でbit 指定。今なら 2048bit 以上が推奨。
[centos@ip-172-31-3-100 ~]$ ssh-keygen -b 4096 Generating public/private rsa key pair. Enter file in which to save the key (/home/centos/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/centos/.ssh/id_rsa. Your public key has been saved in /home/centos/.ssh/id_rsa.pub. The key fingerprint is: da:02:a4:c1:7b:2b:d7:f7:19:1c:15:7f:bf:00:79:06 centos@ip-172-31-3-100 The key's randomart image is: +--[ RSA 4096]----+ | E. | | . oo | | o . o.o. .| | = .+ ..| | o o S . . .| | . + o . . . .| | . o + o o . | | o o . o | | o | +-----------------+ [centos@ip-172-31-3-100 ~]$
鍵の種類の指定
SSH1 しか使えないような環境であれば、rsa1 を指定*1。それ以外であれば、rsa で問題なし。
[centos@ip-172-31-3-100 ~]$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/centos/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/centos/.ssh/id_rsa. Your public key has been saved in /home/centos/.ssh/id_rsa.pub. The key fingerprint is: 68:d2:72:a3:65:33:dd:16:1f:59:82:a2:5c:33:f0:a6 centos@ip-172-31-3-100 The key's randomart image is: +--[ RSA 2048]----+ | .. .. . | | .= . + | | . oo+. o | | .o= . o . | | o E S o . | | O + . | | . | | | | | +-----------------+ [centos@ip-172-31-3-100 ~]$
ワンライナー
-q で標準出力無効、-f で鍵の保存場所、-N でパスフレーズを指定出来る。
[centos@ip-172-31-3-100 ~]$ ssh-keygen -q -f /home/centos/.ssh/id_rsa -N hogehoge [centos@ip-172-31-3-100 ~]$
管理
パスワード変更
既存の鍵ファイルのパスワード変更。-f で古い秘密鍵ファイルを指定していますが、指定なければ対話式でファイルパスを入力します。
[centos@ip-172-31-3-100 ~]$ ssh-keygen -p -f /home/centos/.ssh/id_rsa. Enter old passphrase: Key has comment '/home/centos/.ssh/id_rsa.' Enter new passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved with the new passphrase. [centos@ip-172-31-3-100 ~]$
公開鍵の再生成
秘密鍵から公開鍵を再生成する。-f オプションがなくした場合はファイルパスを聞かれます。
[centos@ip-172-31-3-100 ~]$ ssh-keygen -y -f /home/centos/.ssh/id_rsa ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtzibgUiUJs/MOO/Jl1Xt3ZcEhcHdQWJ8pv4WV1/WYXTMZYS7pEE+PmnegefV3Nf/3wgRePJf7Ac2myheTeFe8hnzw6UT8Hzs8Ijg8XB0YKeUFh2vSKnK1cTTW6ZgA9GA3KEm1EMqakgXCMgQjdCtM2Vn+eTIUvY7WHOyzrOrRmP+l4OWOOc6Y7tagiEdMAymcW5DQl4FU0kk7HQBHTC05naw1Rz7DkcYVdZ74od5lfMlqgfAlTZwqOIPSt5y7paxbRzhjci1CqEyf8JAjvH7AiPudpDTR/eT4hZtmlMuM8XM4kZDMhBu5Y9umzdyuIpVwMOVJecFBXEvO0xMBMdPOQ== [centos@ip-172-31-3-100 ~]$
まとめ
鍵生成程度なら、TereTermやPutty単体でも作成出来る。 もっと知りたい人は、man ssh-keygen で!