diff options
author | Damien Miller <djm@mindrot.org> | 2005-03-02 12:05:06 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2005-03-02 12:05:06 +1100 |
commit | 265d309ebc97447f5e710df04196e626f018cad8 (patch) | |
tree | 0e321aac23035ff163d17c61efb19b59bf3a3432 | |
parent | 792c01749a754db5e2e6932869d315113c180461 (diff) |
- jmc@cvs.openbsd.org 2005/03/01 18:15:56
[ssh-keygen.1]
sort options (no attempt made at synopsis clean up though);
spelling (occurance -> occurrence);
use prompt before examples;
grammar;
-rw-r--r-- | ChangeLog | 8 | ||||
-rw-r--r-- | ssh-keygen.1 | 134 |
2 files changed, 74 insertions, 68 deletions
@@ -29,6 +29,12 @@ | |||
29 | - jmc@cvs.openbsd.org 2005/03/01 17:32:19 | 29 | - jmc@cvs.openbsd.org 2005/03/01 17:32:19 |
30 | [ssh-add.1] | 30 | [ssh-add.1] |
31 | sort options; | 31 | sort options; |
32 | - jmc@cvs.openbsd.org 2005/03/01 18:15:56 | ||
33 | [ssh-keygen.1] | ||
34 | sort options (no attempt made at synopsis clean up though); | ||
35 | spelling (occurance -> occurrence); | ||
36 | use prompt before examples; | ||
37 | grammar; | ||
32 | 38 | ||
33 | 20050301 | 39 | 20050301 |
34 | - (djm) OpenBSD CVS sync: | 40 | - (djm) OpenBSD CVS sync: |
@@ -2248,4 +2254,4 @@ | |||
2248 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 2254 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
2249 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 2255 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
2250 | 2256 | ||
2251 | $Id: ChangeLog,v 1.3683 2005/03/02 01:04:50 djm Exp $ | 2257 | $Id: ChangeLog,v 1.3684 2005/03/02 01:05:06 djm Exp $ |
diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 4f2af5815..3987b1e66 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: ssh-keygen.1,v 1.65 2005/03/01 15:05:00 jmc Exp $ | 1 | .\" $OpenBSD: ssh-keygen.1,v 1.66 2005/03/01 18:15:56 jmc Exp $ |
2 | .\" | 2 | .\" |
3 | .\" -*- nroff -*- | 3 | .\" -*- nroff -*- |
4 | .\" | 4 | .\" |
@@ -183,16 +183,23 @@ Specifies the number of primality tests to perform when screening DH-GEX | |||
183 | candidates using the | 183 | candidates using the |
184 | .Fl T | 184 | .Fl T |
185 | command. | 185 | command. |
186 | .It Fl B | ||
187 | Show the bubblebabble digest of specified private or public key file. | ||
186 | .It Fl b Ar bits | 188 | .It Fl b Ar bits |
187 | Specifies the number of bits in the key to create. | 189 | Specifies the number of bits in the key to create. |
188 | Minimum is 512 bits. | 190 | Minimum is 512 bits. |
189 | Generally, 1024 bits is considered sufficient. | 191 | Generally, 1024 bits is considered sufficient. |
190 | The default is 1024 bits. | 192 | The default is 1024 bits. |
193 | .It Fl C Ar comment | ||
194 | Provides a new comment. | ||
191 | .It Fl c | 195 | .It Fl c |
192 | Requests changing the comment in the private and public key files. | 196 | Requests changing the comment in the private and public key files. |
193 | This operation is only supported for RSA1 keys. | 197 | This operation is only supported for RSA1 keys. |
194 | The program will prompt for the file containing the private keys, for | 198 | The program will prompt for the file containing the private keys, for |
195 | the passphrase if the key has one, and for the new comment. | 199 | the passphrase if the key has one, and for the new comment. |
200 | .It Fl D Ar reader | ||
201 | Download the RSA public key stored in the smartcard in | ||
202 | .Ar reader . | ||
196 | .It Fl e | 203 | .It Fl e |
197 | This option will read a private or public OpenSSH key file and | 204 | This option will read a private or public OpenSSH key file and |
198 | print the key in a | 205 | print the key in a |
@@ -200,12 +207,41 @@ print the key in a | |||
200 | to stdout. | 207 | to stdout. |
201 | This option allows exporting keys for use by several commercial | 208 | This option allows exporting keys for use by several commercial |
202 | SSH implementations. | 209 | SSH implementations. |
210 | .It Fl F Ar hostname | ||
211 | Search for the specified | ||
212 | .Ar hostname | ||
213 | in a | ||
214 | .Pa known_hosts | ||
215 | file, listing any occurrences found. | ||
216 | This option is useful to find hashed host names or addresses and may also be | ||
217 | used in conjunction with the | ||
218 | .Fl H | ||
219 | option to print found keys in a hashed format. | ||
220 | .It Fl f Ar filename | ||
221 | Specifies the filename of the key file. | ||
222 | .It Fl G Ar output_file | ||
223 | Generate candidate primes for DH-GEX. | ||
224 | These primes must be screened for | ||
225 | safety (using the | ||
226 | .Fl T | ||
227 | option) before use. | ||
203 | .It Fl g | 228 | .It Fl g |
204 | Use generic DNS format when printing fingerprint resource records using the | 229 | Use generic DNS format when printing fingerprint resource records using the |
205 | .Fl r | 230 | .Fl r |
206 | command. | 231 | command. |
207 | .It Fl f Ar filename | 232 | .It Fl H |
208 | Specifies the filename of the key file. | 233 | Hash a |
234 | .Pa known_hosts | ||
235 | file, printing the result to standard output. | ||
236 | This replaces all hostnames and addresses with hashed representations. | ||
237 | These hashes may be used normally by | ||
238 | .Nm ssh | ||
239 | and | ||
240 | .Nm sshd , | ||
241 | but they do not reveal identifying information should the file's contents | ||
242 | be disclosed. | ||
243 | This option will not modify existing hashed hostnames and is therefore safe | ||
244 | to use on files that mix hashed and non-hashed names. | ||
209 | .It Fl i | 245 | .It Fl i |
210 | This option will read an unencrypted private (or public) key file | 246 | This option will read an unencrypted private (or public) key file |
211 | in SSH2-compatible format and print an OpenSSH compatible private | 247 | in SSH2-compatible format and print an OpenSSH compatible private |
@@ -221,6 +257,13 @@ Private RSA1 keys are also supported. | |||
221 | For RSA and DSA keys | 257 | For RSA and DSA keys |
222 | .Nm | 258 | .Nm |
223 | tries to find the matching public key file and prints its fingerprint. | 259 | tries to find the matching public key file and prints its fingerprint. |
260 | .It Fl M Ar memory | ||
261 | Specify the amount of memory to use (in megabytes) when generating | ||
262 | candidate moduli for DH-GEX. | ||
263 | .It Fl N Ar new_passphrase | ||
264 | Provides the new passphrase. | ||
265 | .It Fl P Ar passphrase | ||
266 | Provides the (old) passphrase. | ||
224 | .It Fl p | 267 | .It Fl p |
225 | Requests changing the passphrase of a private key file instead of | 268 | Requests changing the passphrase of a private key file instead of |
226 | creating a new private key. | 269 | creating a new private key. |
@@ -233,48 +276,6 @@ Silence | |||
233 | Used by | 276 | Used by |
234 | .Pa /etc/rc | 277 | .Pa /etc/rc |
235 | when creating a new key. | 278 | when creating a new key. |
236 | .It Fl y | ||
237 | This option will read a private | ||
238 | OpenSSH format file and print an OpenSSH public key to stdout. | ||
239 | .It Fl t Ar type | ||
240 | Specifies the type of the key to create. | ||
241 | The possible values are | ||
242 | .Dq rsa1 | ||
243 | for protocol version 1 and | ||
244 | .Dq rsa | ||
245 | or | ||
246 | .Dq dsa | ||
247 | for protocol version 2. | ||
248 | .It Fl B | ||
249 | Show the bubblebabble digest of specified private or public key file. | ||
250 | .It Fl C Ar comment | ||
251 | Provides the new comment. | ||
252 | .It Fl D Ar reader | ||
253 | Download the RSA public key stored in the smartcard in | ||
254 | .Ar reader . | ||
255 | .It Fl F Ar hostname | ||
256 | Search for the specified | ||
257 | .Ar hostname | ||
258 | in a | ||
259 | .Pa known_hosts | ||
260 | file, listing any occurances found. | ||
261 | This option is useful to find hashed host names or addresses and may also be | ||
262 | used in conjunction with the | ||
263 | .Fl H | ||
264 | option to print found keys in a hashed format. | ||
265 | .It Fl H | ||
266 | Hash a | ||
267 | .Pa known_hosts | ||
268 | file, printing the result to standard output. | ||
269 | This replaces all hostnames and addresses with hashed representations. | ||
270 | These hashes may be used normally by | ||
271 | .Nm ssh | ||
272 | and | ||
273 | .Nm sshd , | ||
274 | but they do not reveal identifying information should the file's contents | ||
275 | be disclosed. | ||
276 | This option will not modify existing hashed hostnames and is therefore safe | ||
277 | to use on files that mix hashed and non-hashed names. | ||
278 | .It Fl R Ar hostname | 279 | .It Fl R Ar hostname |
279 | Removes all keys belonging to | 280 | Removes all keys belonging to |
280 | .Ar hostname | 281 | .Ar hostname |
@@ -284,27 +285,25 @@ file. | |||
284 | This option is useful to delete hashed hosts (see the | 285 | This option is useful to delete hashed hosts (see the |
285 | .Fl H | 286 | .Fl H |
286 | option above). | 287 | option above). |
287 | .It Fl G Ar output_file | 288 | .It Fl r Ar hostname |
288 | Generate candidate primes for DH-GEX. | 289 | Print the SSHFP fingerprint resource record named |
289 | These primes must be screened for | 290 | .Ar hostname |
290 | safety (using the | 291 | for the specified public key file. |
291 | .Fl T | ||
292 | option) before use. | ||
293 | .It Fl M Ar memory | ||
294 | Specify the amount of memory to use (in megabytes) when generating | ||
295 | candidate moduli for DH-GEX. | ||
296 | .It Fl N Ar new_passphrase | ||
297 | Provides the new passphrase. | ||
298 | .It Fl P Ar passphrase | ||
299 | Provides the (old) passphrase. | ||
300 | .It Fl S Ar start | 292 | .It Fl S Ar start |
301 | Specify start point (in hex) when generating candidate moduli for DH-GEX. | 293 | Specify start point (in hex) when generating candidate moduli for DH-GEX. |
302 | .It Fl T Ar output_file | 294 | .It Fl T Ar output_file |
303 | Test DH group exchange candidate primes (generated using the | 295 | Test DH group exchange candidate primes (generated using the |
304 | .Fl G | 296 | .Fl G |
305 | option) for safety. | 297 | option) for safety. |
306 | .It Fl W Ar generator | 298 | .It Fl t Ar type |
307 | Specify desired generator when testing candidate moduli for DH-GEX. | 299 | Specifies the type of key to create. |
300 | The possible values are | ||
301 | .Dq rsa1 | ||
302 | for protocol version 1 and | ||
303 | .Dq rsa | ||
304 | or | ||
305 | .Dq dsa | ||
306 | for protocol version 2. | ||
308 | .It Fl U Ar reader | 307 | .It Fl U Ar reader |
309 | Upload an existing RSA private key into the smartcard in | 308 | Upload an existing RSA private key into the smartcard in |
310 | .Ar reader . | 309 | .Ar reader . |
@@ -318,10 +317,11 @@ Multiple | |||
318 | .Fl v | 317 | .Fl v |
319 | options increase the verbosity. | 318 | options increase the verbosity. |
320 | The maximum is 3. | 319 | The maximum is 3. |
321 | .It Fl r Ar hostname | 320 | .It Fl W Ar generator |
322 | Print the SSHFP fingerprint resource record named | 321 | Specify desired generator when testing candidate moduli for DH-GEX. |
323 | .Ar hostname | 322 | .It Fl y |
324 | for the specified public key file. | 323 | This option will read a private |
324 | OpenSSH format file and print an OpenSSH public key to stdout. | ||
325 | .El | 325 | .El |
326 | .Sh MODULI GENERATION | 326 | .Sh MODULI GENERATION |
327 | .Nm | 327 | .Nm |
@@ -340,7 +340,7 @@ The desired length of the primes may be specified by the | |||
340 | option. | 340 | option. |
341 | For example: | 341 | For example: |
342 | .Pp | 342 | .Pp |
343 | .Dl ssh-keygen -G moduli-2048.candidates -b 2048 | 343 | .Dl # ssh-keygen -G moduli-2048.candidates -b 2048 |
344 | .Pp | 344 | .Pp |
345 | By default, the search for primes begins at a random point in the | 345 | By default, the search for primes begins at a random point in the |
346 | desired length range. | 346 | desired length range. |
@@ -360,7 +360,7 @@ will read candidates from standard input (or a file specified using the | |||
360 | option). | 360 | option). |
361 | For example: | 361 | For example: |
362 | .Pp | 362 | .Pp |
363 | .Dl ssh-keygen -T moduli-2048 -f moduli-2048.candidates | 363 | .Dl # ssh-keygen -T moduli-2048 -f moduli-2048.candidates |
364 | .Pp | 364 | .Pp |
365 | By default, each candidate will be subjected to 100 primality tests. | 365 | By default, each candidate will be subjected to 100 primality tests. |
366 | This may be overridden using the | 366 | This may be overridden using the |
@@ -371,7 +371,7 @@ prime under consideration. | |||
371 | If a specific generator is desired, it may be requested using the | 371 | If a specific generator is desired, it may be requested using the |
372 | .Fl W | 372 | .Fl W |
373 | option. | 373 | option. |
374 | Valid generator values are 2, 3 and 5. | 374 | Valid generator values are 2, 3, and 5. |
375 | .Pp | 375 | .Pp |
376 | Screened DH groups may be installed in | 376 | Screened DH groups may be installed in |
377 | .Pa /etc/moduli . | 377 | .Pa /etc/moduli . |