I would like to replace the default 2048 bit host key generated when installing OpenSSH or starting it the first time with one of 4096 bit length.
This leads to two questions:
- Does OpenSSH allow running with a 4096 bit RSA host key (for SSH2 obviously)?
- How can
ssh-keygen
be convinced not to prompt for a passphrase?
The version of OpenSSH I am running is 6.6p1.
Best Answer
Whatever key-length is supported in
ssh-keygen
most likely would work withsshd
as well. Besides that, you should generate your host-keys withssh-keygen -h
anyways, so ifssh-keygen
isn't totally dumb, it should inform you if the desired key-length is not supported for host keys.The passphrase could be specified with
-N
; if you don't want the key to be encrypted, just specify an empty one (thus just hitting Enter if it prompts you would have the same effect).