Issue
When I generate a SSH key pair using
ssh-keygen -t ssh-rsa -m PEM -f testkey-ssh-rsa.key
the key is generated using the ssh-rsa key type. If I change the type parameter (-t) to rsa-sha2-256
ssh-keygen -t rsa-sha2-256 -m PEM -f testkey-rsa-sha2-256.key
the key is generated using the rsa-sha2-256 key type.
How can I find out from the generated files retrospectively which key type was used to generate the file? Any solution (programmatic or tool-based) is ok. I have tried ssh-keygen, but it does not show the difference.
ssh-keygen -l -f testkey-ssh-rsa.key
outputs
3072 SHA256:0U8VbIePF+o5BHRgVGlaBiNFT9huV7brijuKD7xpxmg [email protected] (RSA)
and
ssh-keygen -l -f
outputs
3072 SHA256:5wLSugVJTXjdS4cKeWj3tH5KqXX03VNkgaKLGpU+C1A [email protected] (RSA)
Solution
If I am understanding the information from this superuser Q&A correctly, both have the same key type, and they only differ in their signature formats when doing authentication handshakes, although modern SSH clients will automatically negotiate signature types with RSA keys. The signature type is also relevant when issuing certificates, but not when generating plain keys. The -l
option of the command shows you the key's fingerprint, and the hash algorithm that was used to generate the fingerprint (sha256).
If you are generating plain keys and not signed certificates, then there may be no difference (I'm just trying to interpret the referenced posts- I might be completely wrong here).
Answered By - rainbow.gekota Answer Checked By - Candace Johnson (WPSolving Volunteer)