diff options
author | Colin Watson <cjwatson@debian.org> | 2012-05-18 12:16:05 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2012-05-18 12:16:05 +0100 |
commit | dabbdfacc9f6995b0739772a47704186dcf34ea5 (patch) | |
tree | 0a0b306a637bc85eb719261b74884f0b9573ec41 /ssh-keygen.0 | |
parent | 1e0d51b642cac9a6bfb719e6320905625aa5f943 (diff) | |
parent | dd5ed53e20d218607260916a6b04d1c8c5b3d88f (diff) |
* New upstream release (http://www.openssh.org/txt/release-6.0).
- Fix IPQoS not being set on non-mapped v4-in-v6 addressed connections
(closes: #643312, #650512).
- Add a new privilege separation sandbox implementation for Linux's new
seccomp sandbox, automatically enabled on platforms that support it.
(Note: privilege separation sandboxing is still experimental.)
Diffstat (limited to 'ssh-keygen.0')
-rw-r--r-- | ssh-keygen.0 | 24 |
1 files changed, 15 insertions, 9 deletions
diff --git a/ssh-keygen.0 b/ssh-keygen.0 index 6c1763d4d..4eedd4162 100644 --- a/ssh-keygen.0 +++ b/ssh-keygen.0 | |||
@@ -19,7 +19,7 @@ SYNOPSIS | |||
19 | ssh-keygen -R hostname [-f known_hosts_file] | 19 | ssh-keygen -R hostname [-f known_hosts_file] |
20 | ssh-keygen -r hostname [-f input_keyfile] [-g] | 20 | ssh-keygen -r hostname [-f input_keyfile] [-g] |
21 | ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point] | 21 | ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point] |
22 | ssh-keygen -T output_file -f input_file [-v] [-a num_trials] | 22 | ssh-keygen -T output_file -f input_file [-v] [-a num_trials] [-K checkpt] |
23 | [-W generator] | 23 | [-W generator] |
24 | ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals] | 24 | ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals] |
25 | [-O option] [-V validity_interval] [-z serial_number] file ... | 25 | [-O option] [-V validity_interval] [-z serial_number] file ... |
@@ -51,9 +51,9 @@ DESCRIPTION | |||
51 | passphrase is similar to a password, except it can be a phrase with a | 51 | passphrase is similar to a password, except it can be a phrase with a |
52 | series of words, punctuation, numbers, whitespace, or any string of | 52 | series of words, punctuation, numbers, whitespace, or any string of |
53 | characters you want. Good passphrases are 10-30 characters long, are not | 53 | characters you want. Good passphrases are 10-30 characters long, are not |
54 | simple sentences or otherwise easily guessable (English prose has only 1- | 54 | simple sentences or otherwise easily guessable (English prose has only |
55 | 2 bits of entropy per character, and provides very bad passphrases), and | 55 | 1-2 bits of entropy per character, and provides very bad passphrases), |
56 | contain a mix of upper and lowercase letters, numbers, and non- | 56 | and contain a mix of upper and lowercase letters, numbers, and non- |
57 | alphanumeric characters. The passphrase can be changed later by using | 57 | alphanumeric characters. The passphrase can be changed later by using |
58 | the -p option. | 58 | the -p option. |
59 | 59 | ||
@@ -90,7 +90,7 @@ DESCRIPTION | |||
90 | the minimum size is 768 bits and the default is 2048 bits. | 90 | the minimum size is 768 bits and the default is 2048 bits. |
91 | Generally, 2048 bits is considered sufficient. DSA keys must be | 91 | Generally, 2048 bits is considered sufficient. DSA keys must be |
92 | exactly 1024 bits as specified by FIPS 186-2. For ECDSA keys, | 92 | exactly 1024 bits as specified by FIPS 186-2. For ECDSA keys, |
93 | the -b flag determines they key length by selecting from one of | 93 | the -b flag determines the key length by selecting from one of |
94 | three elliptic curve sizes: 256, 384 or 521 bits. Attempting to | 94 | three elliptic curve sizes: 256, 384 or 521 bits. Attempting to |
95 | use bit lengths other than these three values for ECDSA keys will | 95 | use bit lengths other than these three values for ECDSA keys will |
96 | fail. | 96 | fail. |
@@ -149,9 +149,15 @@ DESCRIPTION | |||
149 | 149 | ||
150 | -i This option will read an unencrypted private (or public) key file | 150 | -i This option will read an unencrypted private (or public) key file |
151 | in the format specified by the -m option and print an OpenSSH | 151 | in the format specified by the -m option and print an OpenSSH |
152 | compatible private (or public) key to stdout. This option allows | 152 | compatible private (or public) key to stdout. |
153 | importing keys from other software, including several commercial | 153 | |
154 | SSH implementations. The default import format is ``RFC4716''. | 154 | -K checkpt |
155 | Write the last line processed to the file checkpt while | ||
156 | performing DH candidate screening using the -T option. This will | ||
157 | be used to skip lines in the input file that have already been | ||
158 | processed if the job is restarted. This option allows importing | ||
159 | keys from other software, including several commercial SSH | ||
160 | implementations. The default import format is ``RFC4716''. | ||
155 | 161 | ||
156 | -L Prints the contents of a certificate. | 162 | -L Prints the contents of a certificate. |
157 | 163 | ||
@@ -451,4 +457,4 @@ AUTHORS | |||
451 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | 457 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
452 | versions 1.5 and 2.0. | 458 | versions 1.5 and 2.0. |
453 | 459 | ||
454 | OpenBSD 5.0 April 13, 2011 OpenBSD 5.0 | 460 | OpenBSD 5.0 October 16, 2011 OpenBSD 5.0 |