🕶️SSH KeyGen and Agent

Pretty okay cryptographic utilities for SSH session and key generation.

TL;DR

The commands covered in this chapter are listed below.

Generate Pair

# generate public/private ed25519 key pair
ssh-keygen -t ed25519 -C "your-email@permitzip.com"

ASCII Art

# print the art from an existing public key
ssh-keygen -lv -E sha256 -f $HOME/.ssh/your-file-name.pub

Generate Public Keys

# 1. generate the public key from the private key
# 2. pipe the result to generate the fingerprint from the public key.
ssh-keygen -y -f $HOME/.ssh/github_pz | ssh-keygen -l -f -

Generate Finger Print

# generate a fingerprint from the public key file
ssh-keygen -l -f github_pz.pub

Overview

The manpage for ssh-keygen describes ssh 1 generally as legacy, suffering from cryptographic weaknesses, and lacking support for the new features in protocol 2.

ssh-keygen generates, manages, and converts authentication keys for ssh 1 and ssh 2. Creating a key is pretty simple. The following command guides you through naming and password-protecting the files:

# generate public/private ed25519 key pair
ssh-keygen -t ed25519 -C "your-email@permitzip.com"

ASCII Art Visual Host Key is another human-readable option for identifying keys. They look like this:

+--[ED25519 256]--+
|           .o@=. |
|            =EOo |
|           .o+  o|
|         .  o+  .|
|        S  o..o .|
|       .   .*.o+ |
|        .  +o*o+.|
|         o oBo=o.|
|        . o+=*+oo|
+----[SHA256]-----+

ssh-keygen will generate this for you from a key, much like generating a fingerprint:

# command:
ssh-keygen -lv -E sha256 -f $HOME/.ssh/your-file-name.pub

# output:
256 SHA256:6dvH2tSNL6vDYVSkDyWdTM8v6K+23WHSSkwLUTYLtZQ kshultz@permitzip.com (ED25519)
+--[ED25519 256]--+
|           .o@=. |
|            =EOo |
|           .o+  o|
|         .  o+  .|
|        S  o..o .|
|       .   .*.o+ |
|        .  +o*o+.|
|         o oBo=o.|
|        . o+=*+oo|
+----[SHA256]-----+

ssh-keygen allows you to create a fingerprint from both the private and public keys.

ssh-keygen allows you to create a fingerprint from both the private** and **public keys.

Prove Two Two Key Files Are a Cryptographic Key Pair

The execution below shows how a private key and public key lead to the same fingerprint. This can be used to prove two files belong to the same key pair.

# 1. generate the public key from the private key, 
# 2. pipe the result to generate the fingerashprint from the public key.
ssh-keygen -y -f $HOME/.ssh/github_pz | ssh-keygen -l -f -

# 3. generate a fingerprint from the public key file
ssh-keygen -l -f github_pz.pub

More on SSH configs, checking signatures, etc. here.

*technically, a fingerprint is derived from a public key