OpenSSH Usage

User

Create User Key

ssh-keygen -t rsa -b 4096 -f USER_KEYFILE -C COMMENT

Best Practice: Use your email address as comment.

Change Passphrase on User Key

ssh-keygen -f USER_KEYFILE -p

Recreate Public Key from Private Key

ssh-keygen -f USER_PRIVATE_KEYFILE -y > USER_PUBLIC_KEYFILE

Show Key Fingerprint

ssh-keygen -f USER_PUBLIC_KEYFILE -l

System Administration

Create a Certificate Authority (CA) Key

ssh-keygen -N "" -t rsa -b 4096 -f CA_KEYFILE -C COMMENT

Best Practice: Use your email address as comment.

Create a Host Key

ssh-keygen -N "" -t rsa -b 4096 -f HOST_KEYFILE -C COMMENT

Best Practice: Use your email address as comment.

Sign Host Key with Certificate Authority

ssh-keygen -s CA_KEYFILE -I CA_IDSTRING -h -n HOSTNAME,HOSTNAME2 -V +123d HOST_KEYFILE.pub

Best Practice: Use a Hostname as your CA ID string.

Check Key Vulnernability for DSA-1571-1

ssh-vulnkey -v KEYFILE.pub