end0tknr's kipple - 新web写経開発

http://d.hatena.ne.jp/end0tknr/ から移転しました

ssh-keygen で SSH-2 RSA 1024bit 形式の鍵作成

次のような感じ

$ ssh-keygen -t rsa -b 1024 -f /home/endo/tmp/fan_rsa -N ""

「-t rsa」が分かりづらいので、man ssh-keygen の抜粋

 -t type
  Specifies the type of key to create.
  The possible values are "rsa1" for protocol ver-sion 1 and
  "rsa" or "dsa" for protocol version 2.

ssh-keygen って、--help をoptionに持っていないんですね?

[endo@colinux hems]$ ssh-keygen -?
ssh-keygen: illegal option -- ?
usage: ssh-keygen [options]
Options:
  -a trials   Number of trials for screening DH-GEX moduli.
  -B          Show bubblebabble digest of key file.
  -b bits     Number of bits in the key to create.
  -C comment  Provide new comment.
  -c          Change comment in private and public key files.
  -e          Convert OpenSSH to RFC 4716 key file.
  -F hostname Find hostname in known hosts file.
  -f filename Filename of the key file.
  -G file     Generate candidates for DH-GEX moduli.
  -g          Use generic DNS resource record format.
  -H          Hash names in known_hosts file.
  -i          Convert RFC 4716 to OpenSSH key file.
  -l          Show fingerprint of key file.
  -M memory   Amount of memory (MB) to use for generating DH-GEX moduli.
  -N phrase   Provide new passphrase.
  -P phrase   Provide old passphrase.
  -p          Change passphrase of private key file.
  -q          Quiet.
  -R hostname Remove host from known_hosts file.
  -r hostname Print DNS resource record.
  -S start    Start point (hex) for generating DH-GEX moduli.
  -T file     Screen candidates for DH-GEX moduli.
  -t type     Specify type of key to create.
  -v          Verbose.
  -W gen      Generator to use for generating DH-GEX moduli.
  -y          Read private key file and print public key.

秘密鍵から公開鍵を作成 - 「-y」オプション

公開鍵をなくしたら...使うのかな?

$ ssh-keygen -y -f ./key.pri > key.pub

local (client)の鍵を指定してssh

$ ssh -i /home/endo/tmp/foo_rsa foo01t@not-exist.jp