diff options
| author | Colin Watson <cjwatson@debian.org> | 2003-09-01 18:42:19 +0000 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2003-09-01 18:42:19 +0000 |
| commit | 8d6b7f4c46de3feb66f704ab483e51ea1a3bb0e1 (patch) | |
| tree | 41fe3dd71501bbec5b0393f1536c925eaee180e9 /ssh-keygen.0 | |
| parent | f045c69060bfdd5cf8759a5f29d7008d02e4de5b (diff) | |
| parent | 58bfa257481a1c6938ada9bbd38801cc45633fb0 (diff) | |
Debian release 3.6p1-1.
Diffstat (limited to 'ssh-keygen.0')
| -rw-r--r-- | ssh-keygen.0 | 157 |
1 files changed, 78 insertions, 79 deletions
diff --git a/ssh-keygen.0 b/ssh-keygen.0 index d3a2135b4..2e151a95c 100644 --- a/ssh-keygen.0 +++ b/ssh-keygen.0 | |||
| @@ -1,45 +1,45 @@ | |||
| 1 | SSH-KEYGEN(1) System General Commands Manual SSH-KEYGEN(1) | 1 | SSHM-bM-^@M-^PKEYGEN(1) BSD General Commands Manual SSHM-bM-^@M-^PKEYGEN(1) |
| 2 | 2 | ||
| 3 | NAME | 3 | ^[[1mNAME^[[0m |
| 4 | ssh-keygen - authentication key generation, management and conversion | 4 | ^[[1msshM-bM-^@M-^Pkeygen ^[[22mM-bMM-^R authentication key generation, management and conversion |
| 5 | 5 | ||
| 6 | SYNOPSIS | 6 | ^[[1mSYNOPSIS^[[0m |
| 7 | ssh-keygen [-q] [-b bits] -t type [-N new_passphrase] [-C comment] | 7 | ^[[1msshM-bM-^@M-^Pkeygen ^[[22m[^[[1mM-bMM-^Rq^[[22m] [^[[1mM-bMM-^Rb ^[[4m^[[22mbits^[[24m] ^[[1mM-bMM-^Rt ^[[4m^[[22mtype^[[24m [^[[1mM-bMM-^RN ^[[4m^[[22mnew_passphrase^[[24m] [^[[1mM-bMM-^RC ^[[4m^[[22mcomment^[[24m] |
| 8 | [-f output_keyfile] | 8 | [^[[1mM-bMM-^Rf ^[[4m^[[22moutput_keyfile^[[24m] |
| 9 | ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile] | 9 | ^[[1msshM-bM-^@M-^Pkeygen M-bMM-^Rp ^[[22m[^[[1mM-bMM-^RP ^[[4m^[[22mold_passphrase^[[24m] [^[[1mM-bMM-^RN ^[[4m^[[22mnew_passphrase^[[24m] [^[[1mM-bMM-^Rf ^[[4m^[[22mkeyfile^[[24m] |
| 10 | ssh-keygen -i [-f input_keyfile] | 10 | ^[[1msshM-bM-^@M-^Pkeygen M-bMM-^Ri ^[[22m[^[[1mM-bMM-^Rf ^[[4m^[[22minput_keyfile^[[24m] |
| 11 | ssh-keygen -e [-f input_keyfile] | 11 | ^[[1msshM-bM-^@M-^Pkeygen M-bMM-^Re ^[[22m[^[[1mM-bMM-^Rf ^[[4m^[[22minput_keyfile^[[24m] |
| 12 | ssh-keygen -y [-f input_keyfile] | 12 | ^[[1msshM-bM-^@M-^Pkeygen M-bMM-^Ry ^[[22m[^[[1mM-bMM-^Rf ^[[4m^[[22minput_keyfile^[[24m] |
| 13 | ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile] | 13 | ^[[1msshM-bM-^@M-^Pkeygen M-bMM-^Rc ^[[22m[^[[1mM-bMM-^RP ^[[4m^[[22mpassphrase^[[24m] [^[[1mM-bMM-^RC ^[[4m^[[22mcomment^[[24m] [^[[1mM-bMM-^Rf ^[[4m^[[22mkeyfile^[[24m] |
| 14 | ssh-keygen -l [-f input_keyfile] | 14 | ^[[1msshM-bM-^@M-^Pkeygen M-bMM-^Rl ^[[22m[^[[1mM-bMM-^Rf ^[[4m^[[22minput_keyfile^[[24m] |
| 15 | ssh-keygen -B [-f input_keyfile] | 15 | ^[[1msshM-bM-^@M-^Pkeygen M-bMM-^RB ^[[22m[^[[1mM-bMM-^Rf ^[[4m^[[22minput_keyfile^[[24m] |
| 16 | ssh-keygen -D reader | 16 | ^[[1msshM-bM-^@M-^Pkeygen M-bMM-^RD ^[[4m^[[22mreader^[[0m |
| 17 | ssh-keygen -U reader [-f input_keyfile] | 17 | ^[[1msshM-bM-^@M-^Pkeygen M-bMM-^RU ^[[4m^[[22mreader^[[24m [^[[1mM-bMM-^Rf ^[[4m^[[22minput_keyfile^[[24m] |
| 18 | 18 | ||
| 19 | DESCRIPTION | 19 | ^[[1mDESCRIPTION^[[0m |
| 20 | ssh-keygen generates, manages and converts authentication keys for | 20 | ^[[1msshM-bM-^@M-^Pkeygen ^[[22mgenerates, manages and converts authentication keys for |
| 21 | ssh(1). ssh-keygen can create RSA keys for use by SSH protocol version 1 | 21 | ssh(1). ^[[1msshM-bM-^@M-^Pkeygen ^[[22mcan create RSA keys for use by SSH protocol version 1 |
| 22 | and RSA or DSA keys for use by SSH protocol version 2. The type of key to | 22 | and RSA or DSA keys for use by SSH protocol version 2. The type of key to |
| 23 | be generated is specified with the -t option. | 23 | be generated is specified with the ^[[1mM-bMM-^Rt ^[[22moption. |
| 24 | 24 | ||
| 25 | Normally each user wishing to use SSH with RSA or DSA authentication runs | 25 | Normally each user wishing to use SSH with RSA or DSA authentication runs |
| 26 | this once to create the authentication key in $HOME/.ssh/identity, | 26 | this once to create the authentication key in ^[[4m$HOME/.ssh/identity^[[24m, |
| 27 | $HOME/.ssh/id_dsa or $HOME/.ssh/id_rsa. Additionally, the system adminM-- | 27 | ^[[4m$HOME/.ssh/id_dsa^[[24m or ^[[4m$HOME/.ssh/id_rsa^[[24m. Additionally, the system adminM-bM-^@M-^P |
| 28 | istrator may use this to generate host keys, as seen in /etc/rc. | 28 | istrator may use this to generate host keys, as seen in ^[[4m/etc/rc^[[24m. |
| 29 | 29 | ||
| 30 | Normally this program generates the key and asks for a file in which to | 30 | Normally this program generates the key and asks for a file in which to |
| 31 | store the private key. The public key is stored in a file with the same | 31 | store the private key. The public key is stored in a file with the same |
| 32 | name but ``.pub'' appended. The program also asks for a passphrase. The | 32 | name but M-bM-^@M-^\.pubM-bM-^@M-^] appended. The program also asks for a passphrase. The |
| 33 | passphrase may be empty to indicate no passphrase (host keys must have an | 33 | passphrase may be empty to indicate no passphrase (host keys must have an |
| 34 | empty passphrase), or it may be a string of arbitrary length. A | 34 | empty passphrase), or it may be a string of arbitrary length. A |
| 35 | passphrase is similar to a password, except it can be a phrase with a | 35 | passphrase is similar to a password, except it can be a phrase with a |
| 36 | series of words, punctuation, numbers, whitespace, or any string of charM-- | 36 | series of words, punctuation, numbers, whitespace, or any string of charM-bM-^@M-^P |
| 37 | acters you want. Good passphrases are 10-30 characters long, are not | 37 | acters you want. Good passphrases are 10M-bM-^@M-^P30 characters long, are not |
| 38 | simple sentences or otherwise easily guessable (English prose has only | 38 | simple sentences or otherwise easily guessable (English prose has only |
| 39 | 1-2 bits of entropy per character, and provides very bad passphrases), | 39 | 1M-bM-^@M-^P2 bits of entropy per character, and provides very bad passphrases), |
| 40 | and contain a mix of upper and lowercase letters, numbers, and non- | 40 | and contain a mix of upper and lowercase letters, numbers, and nonM-bM-^@M-^P |
| 41 | alphanumeric characters. The passphrase can be changed later by using | 41 | alphanumeric characters. The passphrase can be changed later by using |
| 42 | the -p option. | 42 | the ^[[1mM-bMM-^Rp ^[[22moption. |
| 43 | 43 | ||
| 44 | There is no way to recover a lost passphrase. If the passphrase is lost | 44 | There is no way to recover a lost passphrase. If the passphrase is lost |
| 45 | or forgotten, a new key must be generated and copied to the corresponding | 45 | or forgotten, a new key must be generated and copied to the corresponding |
| @@ -47,91 +47,90 @@ DESCRIPTION | |||
| 47 | 47 | ||
| 48 | For RSA1 keys, there is also a comment field in the key file that is only | 48 | For RSA1 keys, there is also a comment field in the key file that is only |
| 49 | for convenience to the user to help identify the key. The comment can | 49 | for convenience to the user to help identify the key. The comment can |
| 50 | tell what the key is for, or whatever is useful. The comment is initialM-- | 50 | tell what the key is for, or whatever is useful. The comment is initialM-bM-^@M-^P |
| 51 | ized to ``user@host'' when the key is created, but can be changed using | 51 | ized to M-bM-^@M-^\user@hostM-bM-^@M-^] when the key is created, but can be changed using the |
| 52 | the -c option. | 52 | ^[[1mM-bMM-^Rc ^[[22moption. |
| 53 | 53 | ||
| 54 | After a key is generated, instructions below detail where the keys should | 54 | After a key is generated, instructions below detail where the keys should |
| 55 | be placed to be activated. | 55 | be placed to be activated. |
| 56 | 56 | ||
| 57 | The options are as follows: | 57 | The options are as follows: |
| 58 | 58 | ||
| 59 | -b bits | 59 | ^[[1mM-bMM-^Rb ^[[4m^[[22mbits^[[0m |
| 60 | Specifies the number of bits in the key to create. Minimum is | 60 | Specifies the number of bits in the key to create. Minimum is |
| 61 | 512 bits. Generally 1024 bits is considered sufficient, and key | 61 | 512 bits. Generally, 1024 bits is considered sufficient. The |
| 62 | sizes above that no longer improve security but make things | 62 | default is 1024 bits. |
| 63 | slower. The default is 1024 bits. | ||
| 64 | 63 | ||
| 65 | -c Requests changing the comment in the private and public key | 64 | ^[[1mM-bMM-^Rc ^[[22mRequests changing the comment in the private and public key |
| 66 | files. This operation is only supported for RSA1 keys. The proM-- | 65 | files. This operation is only supported for RSA1 keys. The proM-bM-^@M-^P |
| 67 | gram will prompt for the file containing the private keys, for | 66 | gram will prompt for the file containing the private keys, for |
| 68 | the passphrase if the key has one, and for the new comment. | 67 | the passphrase if the key has one, and for the new comment. |
| 69 | 68 | ||
| 70 | -e This option will read a private or public OpenSSH key file and | 69 | ^[[1mM-bMM-^Re ^[[22mThis option will read a private or public OpenSSH key file and |
| 71 | print the key in a `SECSH Public Key File Format' to stdout. | 70 | print the key in a M-bM-^@M-^XSECSH Public Key File FormatM-bM-^@M-^Y to stdout. |
| 72 | This option allows exporting keys for use by several commercial | 71 | This option allows exporting keys for use by several commercial |
| 73 | SSH implementations. | 72 | SSH implementations. |
| 74 | 73 | ||
| 75 | -f filename | 74 | ^[[1mM-bMM-^Rf ^[[4m^[[22mfilename^[[0m |
| 76 | Specifies the filename of the key file. | 75 | Specifies the filename of the key file. |
| 77 | 76 | ||
| 78 | -i This option will read an unencrypted private (or public) key file | 77 | ^[[1mM-bMM-^Ri ^[[22mThis option will read an unencrypted private (or public) key file |
| 79 | in SSH2-compatible format and print an OpenSSH compatible private | 78 | in SSH2M-bM-^@M-^Pcompatible format and print an OpenSSH compatible private |
| 80 | (or public) key to stdout. ssh-keygen also reads the `SECSH | 79 | (or public) key to stdout. ^[[1msshM-bM-^@M-^Pkeygen ^[[22malso reads the M-bM-^@M-^XSECSH |
| 81 | Public Key File Format'. This option allows importing keys from | 80 | Public Key File FormatM-bM-^@M-^Y. This option allows importing keys from |
| 82 | several commercial SSH implementations. | 81 | several commercial SSH implementations. |
| 83 | 82 | ||
| 84 | -l Show fingerprint of specified public key file. Private RSA1 keys | 83 | ^[[1mM-bMM-^Rl ^[[22mShow fingerprint of specified public key file. Private RSA1 keys |
| 85 | are also supported. For RSA and DSA keys ssh-keygen tries to | 84 | are also supported. For RSA and DSA keys ^[[1msshM-bM-^@M-^Pkeygen ^[[22mtries to |
| 86 | find the matching public key file and prints its fingerprint. | 85 | find the matching public key file and prints its fingerprint. |
| 87 | 86 | ||
| 88 | -p Requests changing the passphrase of a private key file instead of | 87 | ^[[1mM-bMM-^Rp ^[[22mRequests changing the passphrase of a private key file instead of |
| 89 | creating a new private key. The program will prompt for the file | 88 | creating a new private key. The program will prompt for the file |
| 90 | containing the private key, for the old passphrase, and twice for | 89 | containing the private key, for the old passphrase, and twice for |
| 91 | the new passphrase. | 90 | the new passphrase. |
| 92 | 91 | ||
| 93 | -q Silence ssh-keygen. Used by /etc/rc when creating a new key. | 92 | ^[[1mM-bMM-^Rq ^[[22mSilence ^[[1msshM-bM-^@M-^Pkeygen^[[22m. Used by ^[[4m/etc/rc^[[24m when creating a new key. |
| 94 | 93 | ||
| 95 | -y This option will read a private OpenSSH format file and print an | 94 | ^[[1mM-bMM-^Ry ^[[22mThis option will read a private OpenSSH format file and print an |
| 96 | OpenSSH public key to stdout. | 95 | OpenSSH public key to stdout. |
| 97 | 96 | ||
| 98 | -t type | 97 | ^[[1mM-bMM-^Rt ^[[4m^[[22mtype^[[0m |
| 99 | Specifies the type of the key to create. The possible values are | 98 | Specifies the type of the key to create. The possible values are |
| 100 | ``rsa1'' for protocol version 1 and ``rsa'' or ``dsa'' for protoM-- | 99 | M-bM-^@M-^\rsa1M-bM-^@M-^] for protocol version 1 and M-bM-^@M-^\rsaM-bM-^@M-^] or M-bM-^@M-^\dsaM-bM-^@M-^] for protocol |
| 101 | col version 2. | 100 | version 2. |
| 102 | 101 | ||
| 103 | -B Show the bubblebabble digest of specified private or public key | 102 | ^[[1mM-bMM-^RB ^[[22mShow the bubblebabble digest of specified private or public key |
| 104 | file. | 103 | file. |
| 105 | 104 | ||
| 106 | -C comment | 105 | ^[[1mM-bMM-^RC ^[[4m^[[22mcomment^[[0m |
| 107 | Provides the new comment. | 106 | Provides the new comment. |
| 108 | 107 | ||
| 109 | -D reader | 108 | ^[[1mM-bMM-^RD ^[[4m^[[22mreader^[[0m |
| 110 | Download the RSA public key stored in the smartcard in reader. | 109 | Download the RSA public key stored in the smartcard in ^[[4mreader^[[24m. |
| 111 | 110 | ||
| 112 | -N new_passphrase | 111 | ^[[1mM-bMM-^RN ^[[4m^[[22mnew_passphrase^[[0m |
| 113 | Provides the new passphrase. | 112 | Provides the new passphrase. |
| 114 | 113 | ||
| 115 | -P passphrase | 114 | ^[[1mM-bMM-^RP ^[[4m^[[22mpassphrase^[[0m |
| 116 | Provides the (old) passphrase. | 115 | Provides the (old) passphrase. |
| 117 | 116 | ||
| 118 | -U reader | 117 | ^[[1mM-bMM-^RU ^[[4m^[[22mreader^[[0m |
| 119 | Upload an existing RSA private key into the smartcard in reader. | 118 | Upload an existing RSA private key into the smartcard in ^[[4mreader^[[24m. |
| 120 | 119 | ||
| 121 | FILES | 120 | ^[[1mFILES^[[0m |
| 122 | $HOME/.ssh/identity | 121 | $HOME/.ssh/identity |
| 123 | Contains the protocol version 1 RSA authentication identity of | 122 | Contains the protocol version 1 RSA authentication identity of |
| 124 | the user. This file should not be readable by anyone but the | 123 | the user. This file should not be readable by anyone but the |
| 125 | user. It is possible to specify a passphrase when generating the | 124 | user. It is possible to specify a passphrase when generating the |
| 126 | key; that passphrase will be used to encrypt the private part of | 125 | key; that passphrase will be used to encrypt the private part of |
| 127 | this file using 3DES. This file is not automatically accessed by | 126 | this file using 3DES. This file is not automatically accessed by |
| 128 | ssh-keygen but it is offered as the default file for the private | 127 | ^[[1msshM-bM-^@M-^Pkeygen ^[[22mbut it is offered as the default file for the private |
| 129 | key. ssh(1) will read this file when a login attempt is made. | 128 | key. ssh(1) will read this file when a login attempt is made. |
| 130 | 129 | ||
| 131 | $HOME/.ssh/identity.pub | 130 | $HOME/.ssh/identity.pub |
| 132 | Contains the protocol version 1 RSA public key for authenticaM-- | 131 | Contains the protocol version 1 RSA public key for authenticaM-bM-^@M-^P |
| 133 | tion. The contents of this file should be added to | 132 | tion. The contents of this file should be added to |
| 134 | $HOME/.ssh/authorized_keys on all machines where the user wishes | 133 | ^[[4m$HOME/.ssh/authorized_keys^[[24m on all machines where the user wishes |
| 135 | to log in using RSA authentication. There is no need to keep the | 134 | to log in using RSA authentication. There is no need to keep the |
| 136 | contents of this file secret. | 135 | contents of this file secret. |
| 137 | 136 | ||
| @@ -141,13 +140,13 @@ FILES | |||
| 141 | user. It is possible to specify a passphrase when generating the | 140 | user. It is possible to specify a passphrase when generating the |
| 142 | key; that passphrase will be used to encrypt the private part of | 141 | key; that passphrase will be used to encrypt the private part of |
| 143 | this file using 3DES. This file is not automatically accessed by | 142 | this file using 3DES. This file is not automatically accessed by |
| 144 | ssh-keygen but it is offered as the default file for the private | 143 | ^[[1msshM-bM-^@M-^Pkeygen ^[[22mbut it is offered as the default file for the private |
| 145 | key. ssh(1) will read this file when a login attempt is made. | 144 | key. ssh(1) will read this file when a login attempt is made. |
| 146 | 145 | ||
| 147 | $HOME/.ssh/id_dsa.pub | 146 | $HOME/.ssh/id_dsa.pub |
| 148 | Contains the protocol version 2 DSA public key for authenticaM-- | 147 | Contains the protocol version 2 DSA public key for authenticaM-bM-^@M-^P |
| 149 | tion. The contents of this file should be added to | 148 | tion. The contents of this file should be added to |
| 150 | $HOME/.ssh/authorized_keys on all machines where the user wishes | 149 | ^[[4m$HOME/.ssh/authorized_keys^[[24m on all machines where the user wishes |
| 151 | to log in using public key authentication. There is no need to | 150 | to log in using public key authentication. There is no need to |
| 152 | keep the contents of this file secret. | 151 | keep the contents of this file secret. |
| 153 | 152 | ||
| @@ -157,27 +156,27 @@ FILES | |||
| 157 | user. It is possible to specify a passphrase when generating the | 156 | user. It is possible to specify a passphrase when generating the |
| 158 | key; that passphrase will be used to encrypt the private part of | 157 | key; that passphrase will be used to encrypt the private part of |
| 159 | this file using 3DES. This file is not automatically accessed by | 158 | this file using 3DES. This file is not automatically accessed by |
| 160 | ssh-keygen but it is offered as the default file for the private | 159 | ^[[1msshM-bM-^@M-^Pkeygen ^[[22mbut it is offered as the default file for the private |
| 161 | key. ssh(1) will read this file when a login attempt is made. | 160 | key. ssh(1) will read this file when a login attempt is made. |
| 162 | 161 | ||
| 163 | $HOME/.ssh/id_rsa.pub | 162 | $HOME/.ssh/id_rsa.pub |
| 164 | Contains the protocol version 2 RSA public key for authenticaM-- | 163 | Contains the protocol version 2 RSA public key for authenticaM-bM-^@M-^P |
| 165 | tion. The contents of this file should be added to | 164 | tion. The contents of this file should be added to |
| 166 | $HOME/.ssh/authorized_keys on all machines where the user wishes | 165 | ^[[4m$HOME/.ssh/authorized_keys^[[24m on all machines where the user wishes |
| 167 | to log in using public key authentication. There is no need to | 166 | to log in using public key authentication. There is no need to |
| 168 | keep the contents of this file secret. | 167 | keep the contents of this file secret. |
| 169 | 168 | ||
| 170 | AUTHORS | 169 | ^[[1mAUTHORS^[[0m |
| 171 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by | 170 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by |
| 172 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo | 171 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo |
| 173 | de Raadt and Dug Song removed many bugs, re-added newer features and creM-- | 172 | de Raadt and Dug Song removed many bugs, reM-bM-^@M-^Padded newer features and creM-bM-^@M-^P |
| 174 | ated OpenSSH. Markus Friedl contributed the support for SSH protocol | 173 | ated OpenSSH. Markus Friedl contributed the support for SSH protocol |
| 175 | versions 1.5 and 2.0. | 174 | versions 1.5 and 2.0. |
| 176 | 175 | ||
| 177 | SEE ALSO | 176 | ^[[1mSEE ALSO^[[0m |
| 178 | ssh(1), ssh-add(1), ssh-agent(1), sshd(8) | 177 | ssh(1), sshM-bM-^@M-^Padd(1), sshM-bM-^@M-^Pagent(1), sshd(8) |
| 179 | 178 | ||
| 180 | J. Galbraith and R. Thayer, SECSH Public Key File Format, draft-ietf- | 179 | J. Galbraith and R. Thayer, ^[[4mSECSH^[[24m ^[[4mPublic^[[24m ^[[4mKey^[[24m ^[[4mFile^[[24m ^[[4mFormat^[[24m, draftM-bM-^@M-^PietfM-bM-^@M-^P |
| 181 | secsh-publickeyfile-01.txt, March 2001, work in progress material. | 180 | secshM-bM-^@M-^PpublickeyfileM-bM-^@M-^P01.txt, March 2001, work in progress material. |
| 182 | 181 | ||
| 183 | BSD September 25, 1999 BSD | 182 | BSD September 25, 1999 BSD |