34 ssh-keygen -y -f ~/.ssh/id_dsa >~/.ssh/id_dsa.pub |
34 ssh-keygen -y -f ~/.ssh/id_dsa >~/.ssh/id_dsa.pub |
35 |
35 |
36 Show fingerprint:: |
36 Show fingerprint:: |
37 |
37 |
38 ssh-keygen -l -f ~/.ssh/id_dsa |
38 ssh-keygen -l -f ~/.ssh/id_dsa |
|
39 ssh-keygen -E md5 -l -f ~/.ssh/id_dsa |
39 |
40 |
40 Change passphrase of priv key:: |
41 Change passphrase of priv key:: |
41 |
42 |
42 $ ssh-keygen -p -N "newphrase" -P "oldphrase" -f ~/.ssh/id_dsa |
43 $ ssh-keygen -p -N "newphrase" -P "oldphrase" -f ~/.ssh/id_dsa |
43 |
44 |
50 $ ssh $user@$host cat ">>" "~/.ssh/authorized_keys" <~/.ssh/id_rsa.pub |
51 $ ssh $user@$host cat ">>" "~/.ssh/authorized_keys" <~/.ssh/id_rsa.pub |
51 # public pub key on remote host |
52 # public pub key on remote host |
52 |
53 |
53 $ ssh-copy-id $user@$host # alternative to previous command |
54 $ ssh-copy-id $user@$host # alternative to previous command |
54 |
55 |
55 To remove ``known_hosts`` key (usually need if you change server pubkey or |
56 |
56 change server):: |
57 Dealing with server pubkeys |
|
58 =========================== |
|
59 |
|
60 Each SSH server keeps a single priv key, sharing a common pub key with all clients. It is an |
|
61 identity of the server and upon a new connection you are asked to trust this pub key. After |
|
62 accepting the pub key it is written to ``~/.ssh/known_hosts``. |
|
63 |
|
64 To list advertized pub keys by a server (``-H`` is host hashing/hiding host name):: |
|
65 |
|
66 ssh-keyscan $HOST |
|
67 ssh-keyscan -H $HOST |
|
68 |
|
69 To list fingerprints of the server pub keys:: |
|
70 |
|
71 ssh-keygen -lf <(ssh-keyscan $HOST 2>/dev/null) |
|
72 |
|
73 To ensure MD5 output format (which is usually displayed with vast majority of existing SSH |
|
74 clients):: |
|
75 |
|
76 ssh-keygen -E md5 -lf <(ssh-keyscan $HOST 2>/dev/null) |
|
77 |
|
78 To remove ``known_hosts`` key (it is usually needed if you change a server pubkey or change a |
|
79 server):: |
57 |
80 |
58 $ ssh-keygen -R hostname |
81 $ ssh-keygen -R hostname |
59 $ ssh-keygen -R hostname -f ~/.ssh/known_hosts |
82 $ ssh-keygen -R hostname -f ~/.ssh/known_hosts |
60 |
83 |
61 Disabling pubkey |
84 Disabling pubkey |
62 ================ |
85 ================ |
63 :: |
86 :: |
64 |
87 |
65 ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no user@host |
88 ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no user@host |
66 |
89 |
67 Shell login. |
90 Shell login |
68 ============ |
91 =========== |
69 :: |
92 :: |
70 |
93 |
71 $ ssh $user@$host |
94 $ ssh $user@$host |
72 $ ssh $user@$host:$port |
95 $ ssh $user@$host:$port |
73 |
96 |