ssh-keygen

From RaySoft

ssh-keygen generates, manages and converts authentication keys for ssh. ssh-keygen can create keys for use by SSH protocol version 1 and 2.man 1 'ssh-keygen'

Documentation

Parameters

-b NUMBER
Specifies the NUMBER of bits in the key to create. For RSA keys, the minimum size is 768 bits and the default is 2048 bits. Generally, 2048 bits is considered sufficient. DSA keys must be exactly 1024 bits as specified by 186-2. For ECDSA keys, the -b flag determines the key length by selecting from one of three elliptic curve sizes: 256, 384 or 521 bits. Attempting to use bit lengths other than these three values for ECDSA keys will fail. Ed25519 keys have a fixed length and the -b flag will be ignored.
-f FILENAME
Specifies the FILENAME of the key file.
-l
Show fingerprint of specified public key file. Private RSA1 keys are also supported. For RSA and DSA keys ssh-keygen tries to find the matching public key file and prints its fingerprint. If combined with -v, an ASCII art representation of the key is supplied with the fingerprint.
-R HOSTNAME
Removes all keys belonging to HOSTNAME from a known_hosts file. This option is useful to delete hashed hosts (see the -H option above).
-t TYPE
Specifies the TYPE of key to create. The possible values are rsa1 for protocol version 1 and dsa, ecdsa, ed25519, or rsa for protocol version 2.
-v
Verbose mode. Causes ssh-keygen to print debugging messages about its progress. This is helpful for debugging moduli generation. Multiple -v options increase the verbosity. The maximum is 3.

Examples

Create a new key pair in ~/.ssh
NOTE:
ed25519 is the current favourite of the OpenSSH developers[1].
ssh-keygen -t 'ed25519'
Copy the public key to another machine
ssh-copy-id -i "${HOME}/.ssh/id_ed25519.pub" 'carbon.raysoft.loc'
Show the fingerprint of a server's public key
ssh-keygen -lt 'rsa' -f '/etc/ssh/ssh_host_rsa_key.pub'

References