summaryrefslogtreecommitdiff
path: root/ssh-keygen.0
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2020-10-18 12:04:32 +0100
committerColin Watson <cjwatson@debian.org>2020-10-18 12:04:32 +0100
commit2b2c99658e3e8ed452e28f88f9cdbcdfb2a461cb (patch)
tree336445493163aa0370cb7830d97ebd8819b2e2c5 /ssh-keygen.0
parent202f5a676221c244cd450086c334c2b59f339e86 (diff)
parent279261e1ea8150c7c64ab5fe7cb4a4ea17acbb29 (diff)
Import openssh_8.4p1.orig.tar.gz
Diffstat (limited to 'ssh-keygen.0')
-rw-r--r--ssh-keygen.047
1 files changed, 33 insertions, 14 deletions
diff --git a/ssh-keygen.0 b/ssh-keygen.0
index c388cdf7a..111eb9e08 100644
--- a/ssh-keygen.0
+++ b/ssh-keygen.0
@@ -4,21 +4,22 @@ NAME
4 ssh-keygen M-bM-^@M-^S OpenSSH authentication key utility 4 ssh-keygen M-bM-^@M-^S OpenSSH authentication key utility
5 5
6SYNOPSIS 6SYNOPSIS
7 ssh-keygen [-q] [-b bits] [-C comment] [-f output_keyfile] [-m format] 7 ssh-keygen [-q] [-a rounds] [-b bits] [-C comment] [-f output_keyfile]
8 [-m format] [-N new_passphrase] [-O option]
8 [-t dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa] 9 [-t dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa]
9 [-N new_passphrase] [-O option] [-w provider] 10 [-w provider]
10 ssh-keygen -p [-f keyfile] [-m format] [-N new_passphrase] 11 ssh-keygen -p [-a rounds] [-f keyfile] [-m format] [-N new_passphrase]
11 [-P old_passphrase] 12 [-P old_passphrase]
12 ssh-keygen -i [-f input_keyfile] [-m key_format] 13 ssh-keygen -i [-f input_keyfile] [-m key_format]
13 ssh-keygen -e [-f input_keyfile] [-m key_format] 14 ssh-keygen -e [-f input_keyfile] [-m key_format]
14 ssh-keygen -y [-f input_keyfile] 15 ssh-keygen -y [-f input_keyfile]
15 ssh-keygen -c [-C comment] [-f keyfile] [-P passphrase] 16 ssh-keygen -c [-a rounds] [-C comment] [-f keyfile] [-P passphrase]
16 ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile] 17 ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]
17 ssh-keygen -B [-f input_keyfile] 18 ssh-keygen -B [-f input_keyfile]
18 ssh-keygen -D pkcs11 19 ssh-keygen -D pkcs11
19 ssh-keygen -F hostname [-lv] [-f known_hosts_file] 20 ssh-keygen -F hostname [-lv] [-f known_hosts_file]
20 ssh-keygen -H [-f known_hosts_file] 21 ssh-keygen -H [-f known_hosts_file]
21 ssh-keygen -K [-w provider] 22 ssh-keygen -K [-a rounds] [-w provider]
22 ssh-keygen -R hostname [-f known_hosts_file] 23 ssh-keygen -R hostname [-f known_hosts_file]
23 ssh-keygen -r hostname [-g] [-f input_keyfile] 24 ssh-keygen -r hostname [-g] [-f input_keyfile]
24 ssh-keygen -M generate [-O option] output_file 25 ssh-keygen -M generate [-O option] output_file
@@ -27,7 +28,7 @@ SYNOPSIS
27 [-n principals] [-O option] [-V validity_interval] 28 [-n principals] [-O option] [-V validity_interval]
28 [-z serial_number] file ... 29 [-z serial_number] file ...
29 ssh-keygen -L [-f input_keyfile] 30 ssh-keygen -L [-f input_keyfile]
30 ssh-keygen -A [-f prefix_path] 31 ssh-keygen -A [-a rounds] [-f prefix_path]
31 ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number] 32 ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number]
32 file ... 33 file ...
33 ssh-keygen -Q [-l] -f krl_file file ... 34 ssh-keygen -Q [-l] -f krl_file file ...
@@ -87,8 +88,8 @@ DESCRIPTION
87 new keys, and existing new-format keys may be converted using this option 88 new keys, and existing new-format keys may be converted using this option
88 in conjunction with the -p (change passphrase) flag. 89 in conjunction with the -p (change passphrase) flag.
89 90
90 After a key is generated, instructions below detail where the keys should 91 After a key is generated, ssh-keygen will ask where the keys should be
91 be placed to be activated. 92 placed to be activated.
92 93
93 The options are as follows: 94 The options are as follows:
94 95
@@ -104,7 +105,8 @@ DESCRIPTION
104 When saving a private key, this option specifies the number of 105 When saving a private key, this option specifies the number of
105 KDF (key derivation function) rounds used. Higher numbers result 106 KDF (key derivation function) rounds used. Higher numbers result
106 in slower passphrase verification and increased resistance to 107 in slower passphrase verification and increased resistance to
107 brute-force password cracking (should the keys be stolen). 108 brute-force password cracking (should the keys be stolen). The
109 default is 16 rounds.
108 110
109 -B Show the bubblebabble digest of specified private or public key 111 -B Show the bubblebabble digest of specified private or public key
110 file. 112 file.
@@ -182,7 +184,9 @@ DESCRIPTION
182 184
183 -K Download resident keys from a FIDO authenticator. Public and 185 -K Download resident keys from a FIDO authenticator. Public and
184 private key files will be written to the current directory for 186 private key files will be written to the current directory for
185 each downloaded key. 187 each downloaded key. If multiple FIDO authenticators are
188 attached, keys will be downloaded from the first touched
189 authenticator.
186 190
187 -k Generate a KRL file. In this mode, ssh-keygen will generate a 191 -k Generate a KRL file. In this mode, ssh-keygen will generate a
188 KRL file at the location specified via the -f flag that revokes 192 KRL file at the location specified via the -f flag that revokes
@@ -285,10 +289,18 @@ DESCRIPTION
285 username may be useful when generating multiple resident 289 username may be useful when generating multiple resident
286 keys for the same application name. 290 keys for the same application name.
287 291
292 verify-required
293 Indicate that this private key should require user
294 verification for each signature. Not all FIDO tokens
295 support this option. Currently PIN authentication is the
296 only supported verification method, but other methods may
297 be supported in the future.
298
288 write-attestation=path 299 write-attestation=path
289 May be used at key generation time to record the 300 May be used at key generation time to record the
290 attestation certificate returned from FIDO tokens during 301 attestation data returned from FIDO tokens during key
291 key generation. By default this information is 302 generation. Please note that this information is
303 potentially sensitive. By default, this information is
292 discarded. 304 discarded.
293 305
294 The -O option may be specified multiple times. 306 The -O option may be specified multiple times.
@@ -606,7 +618,7 @@ CERTIFICATES
606 Allows X11 forwarding. 618 Allows X11 forwarding.
607 619
608 no-touch-required 620 no-touch-required
609 Do not require signatures made using this key require 621 Do not require signatures made using this key include
610 demonstration of user presence (e.g. by having the user touch the 622 demonstration of user presence (e.g. by having the user touch the
611 authenticator). This option only makes sense for the FIDO 623 authenticator). This option only makes sense for the FIDO
612 authenticator algorithms ecdsa-sk and ed25519-sk. 624 authenticator algorithms ecdsa-sk and ed25519-sk.
@@ -616,6 +628,13 @@ CERTIFICATES
616 considered valid. The address_list is a comma-separated list of 628 considered valid. The address_list is a comma-separated list of
617 one or more address/netmask pairs in CIDR format. 629 one or more address/netmask pairs in CIDR format.
618 630
631 verify-required
632 Require signatures made using this key indicate that the user was
633 first verified. This option only makes sense for the FIDO
634 authenticator algorithms ecdsa-sk and ed25519-sk. Currently PIN
635 authentication is the only supported verification method, but
636 other methods may be supported in the future.
637
619 At present, no standard options are valid for host keys. 638 At present, no standard options are valid for host keys.
620 639
621 Finally, certificates may be defined with a validity lifetime. The -V 640 Finally, certificates may be defined with a validity lifetime. The -V
@@ -787,4 +806,4 @@ AUTHORS
787 created OpenSSH. Markus Friedl contributed the support for SSH protocol 806 created OpenSSH. Markus Friedl contributed the support for SSH protocol
788 versions 1.5 and 2.0. 807 versions 1.5 and 2.0.
789 808
790OpenBSD 6.7 April 3, 2020 OpenBSD 6.7 809OpenBSD 6.8 September 9, 2020 OpenBSD 6.8