174

I already created an ssh key for myself sometime in the past. I don't remember "how many bits" it is. How can I tell?

I'm wondering because I'm using hosting at nearlyfreespeech.net and their faq says:

Can I configure my ssh connection to use a public key?

... we will not install keys that have a length less than 1536 bits ... We prefer that you use a key at least 2048 bits in length, and if you are generating a new key, the recommended length is 4096 bits.

Improve this question
1

2 Answers 2

Reset to default
254 
[palvarez@oizon ~]$ ssh-keygen -l -f ~/.ssh/id_rsa.pub
2048 2e:8c:fd:aa:9f:95:86:9e:b0:d2:a6:1a:7e:d3:3e:74 .ssh/id_rsa.pub (RSA)

2048 bits.

Explanation:

  -l          Show the fingerprint of the key file.
  -f filename Filename of the key file.
Improve this answer
4
  • 2
    Like your 2nd half, maybe should have read both halfs before opening up the manpage :-)
    – Puggan Se
    Commented Oct 11, 2013 at 12:00
  • 11
    Why read the manpage when you have SO!? No… but really… sometimes the important bits are hidden in overly complex explanations for obscure flags, etc. Also I wouldn't have assumed ssh-keygen could be used to check an already generated file.
    – Benji
    Commented Jun 21, 2018 at 8:01
  • 2
    Just to add, it helps to remember for -l as "length of fingerprint/signature" or for both '-lf' as 'length of signature for file'. Hope that helps others as it helped me.
    – icasimpan
    Commented Nov 27, 2019 at 15:51
  • If you're expecting the hex-with-colons fingerprint style shown in this answer (md5) but are seeing base64 instead (sha256), use -l -E md5 -f ...
    – rymo
    Commented Aug 26, 2021 at 20:11
8

You can also see a visual ASCII art representation of the key.

ssh-keygen -l -v -f ~/.ssh/id_rsa.pub
3072 SHA256:3v8ZClFzsdN3ihY8U6TVWltcXheSz+DX40PLf2uSRwQ dobbs@snow (RSA)
+---[RSA 3072]----+
|             o*+*|
|           . E.=B|
|            X OoO|
|           . O.@+|
|        S . o B o|
|       . . o   * |
|        . o   + o|
|           o + =o|
|            o.*.o|
+----[SHA256]-----+

3072 bits.

Explanation:

     -l      Show fingerprint of specified public key file.
             If combined with -v, a visual ASCII art representation of the
             key is supplied with the fingerprint.

     -f filename
             Specifies the filename of the key file.
Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .