# SSH KeyGen and Agent

## TL;DR

The commands covered in this chapter are listed below.

{% tabs %}
{% tab title="Generate Pair" %}

```bash
# generate public/private ed25519 key pair
ssh-keygen -t ed25519 -C "your-email@permitzip.com"
```

{% endtab %}

{% tab title="ASCII Art" %}

```bash
# print the art from an existing public key
ssh-keygen -lv -E sha256 -f $HOME/.ssh/your-file-name.pub
```

{% endtab %}

{% tab title="Generate Public Keys" %}

```
# 1. generate the public key from the private key
# 2. pipe the result to generate the fingerprint from the public key.
ssh-keygen -y -f $HOME/.ssh/github_pz | ssh-keygen -l -f -
```

{% endtab %}

{% tab title="Generate Finger Print" %}

```
# generate a fingerprint from the public key file
ssh-keygen -l -f github_pz.pub
```

{% endtab %}
{% endtabs %}

## Overview

{% hint style="danger" %}
The manpage for `ssh-keygen` describes ssh 1 generally as legacy, suffering from cryptographic weaknesses, and lacking support for the new features in protocol 2.
{% endhint %}

`ssh-keygen` generates, manages, and converts authentication keys for ssh 1 and ssh 2. Creating a key is pretty simple. The following command guides you through naming and password-protecting the files:

```bash
# generate public/private ed25519 key pair
ssh-keygen -t ed25519 -C "your-email@permitzip.com"
```

{% hint style="info" %}
ASCII Art Visual Host Key is another human-readable option for identifying keys. They look like this:

```
+--[ED25519 256]--+
|           .o@=. |
|            =EOo |
|           .o+  o|
|         .  o+  .|
|        S  o..o .|
|       .   .*.o+ |
|        .  +o*o+.|
|         o oBo=o.|
|        . o+=*+oo|
+----[SHA256]-----+
```

{% endhint %}

ssh-keygen will generate this for you from a key, much like generating a fingerprint:

```
# command:
ssh-keygen -lv -E sha256 -f $HOME/.ssh/your-file-name.pub

# output:
256 SHA256:6dvH2tSNL6vDYVSkDyWdTM8v6K+23WHSSkwLUTYLtZQ kshultz@permitzip.com (ED25519)
+--[ED25519 256]--+
|           .o@=. |
|            =EOo |
|           .o+  o|
|         .  o+  .|
|        S  o..o .|
|       .   .*.o+ |
|        .  +o*o+.|
|         o oBo=o.|
|        . o+=*+oo|
+----[SHA256]-----+
```

ssh-keygen allows you to create a **fingerprint** from both the **private** ***and*** **public** keys.

{% hint style="success" %}
ssh-keygen allows you to create a <mark style="color:green;">**fingerprint**</mark> from both the <mark style="color:green;">**private**</mark><mark style="color:green;">\*\*</mark> <mark style="color:green;"></mark>*<mark style="color:green;">**and**</mark>* \*\*<mark style="color:green;">**public keys**</mark>.
{% endhint %}

## Prove Two Two Key Files Are a Cryptographic Key Pair

The execution below shows how a private key and public key lead to the same fingerprint. This can be used to prove two files belong to the same key pair.

```bash
# 1. generate the public key from the private key, 
# 2. pipe the result to generate the fingerashprint from the public key.
ssh-keygen -y -f $HOME/.ssh/github_pz | ssh-keygen -l -f -

# 3. generate a fingerprint from the public key file
ssh-keygen -l -f github_pz.pub
```

More on SSH configs, checking signatures, etc. [here](https://www.phcomp.co.uk/Tutorials/Unix-And-Linux/ssh-check-server-fingerprint.html).

*\*technically, a fingerprint is derived from a public key*