ssh-keygen

ssh-keygen generates, manages and converts authentication keys for ssh. ssh-keygen can create keys for use by SSH protocol version 2.^[1]

Documentation

-b NUMBER: Specifies the NUMBER of bits in the key to create. For RSA keys, the minimum size is 1024 bits and the default is 3072 bits. Generally, 3072 bits is considered sufficient. For ECDSA keys, the -b flag determines the key length by selecting from one of three elliptic curve sizes: 256, 384 or 521 bits. Attempting to use bit lengths other than these three values for ECDSA keys will fail. ECDSA-SK, Ed25519 and Ed25519-SK keys have a fixed length and the -b flag will be ignored.
-f FILENAME: Specifies the FILENAME of the key file.
-l: Show fingerprint of specified public key file. ssh-keygen will try to find the matching public key file and prints its fingerprint. If combined with -v, a visual ASCII art representation of the key is supplied with the fingerprint.

-R HOSTNAME: Removes all keys belonging to the specified HOSTNAME (with optional port number) from a known_hosts file. This option is useful to delete hashed hosts (see the -H option above).
-t TYPE: Specifies the TYPE of key to create. The possible values are ecdsa, ecdsa-sk, ed25519 (the default), ed25519-sk, or rsa.
-v: Verbose mode. Causes ssh-keygen to print debugging messages about its progress. This is helpful for debugging moduli generation. Multiple -v options increase the verbosity. The maximum is 3.

ssh-keygen -t 'ed25519'

ssh-copy-id -i "${HOME}/.ssh/id_ed25519.pub" 'carbon.raysoft.loc'

ssh-keygen -lt 'rsa' -f '/etc/ssh/ssh_host_rsa_key.pub'

↑ Project contributors. "ssh-keygen(1)." OpenSSH project. https://man.openbsd.org/ssh-keygen (accessed 18.03.2025)