I want to generate rsa-sha2-256 ssh key pair using ssh-keygen utility. Can you please share the command for the same?
For ssh-rsa, it's ssh-keygen -t rsa
Asked
Active
Viewed 6,641 times
0
-
What have you tried? The default fingerprint_hash already is RSA-SHA2-256. Your question is extremely confusing – Ramhound Feb 17 '23 at 18:37
-
I tried with -t rsa, -t rsa-sha2-256 and -t rsa-sha2-512. In all cases, fingerprint_hash is sha256. I'm not able to make sense, how all are sha256? – raman bhadauria Feb 18 '23 at 04:43
-
Because what you are trying is not changing the default fingerprint hash. You would have to use `-E` to accomplish that, but you have indicated, you WANT to use a sha256 hash. The only two options are `md5` and `sha256`. By default the key will be `rsa-sha2-512` which is more secure than `rsa-sha2-256` – Ramhound Feb 18 '23 at 07:04
2 Answers
2
As I understand it there is no such thing.
Specifically my understanding is that there is a distinction between key types and signature types. The "ssh-rsa" key type is used by the "ssh-rsa", "rsa-sha2-256" and "rsa-sha2-512" signature types.
The ssh-rsa signature type is being deprecated, because of security concerns surrounding sha1. However the ssh-rsa key type is still just fine, as long as the key length is sufficient.
plugwash
- 5,994
- 2
- 18
- 25
2
You can use the command:
$ ssh-keygen -t rsa-sha2-256 -b 2048
PS: Maybe you need to upgrade Openssh version.
Neal
- 21
- 3
-
Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community May 06 '23 at 02:03