Import OpenSSH 3.4p1.

1 files changed, 183 insertions, 0 deletions

diff --git a/ssh-keygen.0 b/ssh-keygen.0
new file mode 100644
index 000000000..d3a2135b4
--- /dev/null
+++ b/ssh-keygen.0
@@ -0,0 +1,183 @@
+SSH-KEYGEN(1)           System General Commands Manual           SSH-KEYGEN(1)
+
+NAME
+     ssh-keygen - authentication key generation, management and conversion
+
+SYNOPSIS
+     ssh-keygen [-q] [-b bits] -t type [-N new_passphrase] [-C comment]
+                [-f output_keyfile]
+     ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]
+     ssh-keygen -i [-f input_keyfile]
+     ssh-keygen -e [-f input_keyfile]
+     ssh-keygen -y [-f input_keyfile]
+     ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]
+     ssh-keygen -l [-f input_keyfile]
+     ssh-keygen -B [-f input_keyfile]
+     ssh-keygen -D reader
+     ssh-keygen -U reader [-f input_keyfile]
+
+DESCRIPTION
+     ssh-keygen generates, manages and converts authentication keys for
+     ssh(1).  ssh-keygen can create RSA keys for use by SSH protocol version 1
+     and RSA or DSA keys for use by SSH protocol version 2. The type of key to
+     be generated is specified with the -t option.
+
+     Normally each user wishing to use SSH with RSA or DSA authentication runs
+     this once to create the authentication key in $HOME/.ssh/identity,
+     $HOME/.ssh/id_dsa or $HOME/.ssh/id_rsa.  Additionally, the system adminM--
+     istrator may use this to generate host keys, as seen in /etc/rc.
+
+     Normally this program generates the key and asks for a file in which to
+     store the private key.  The public key is stored in a file with the same
+     name but ``.pub'' appended.  The program also asks for a passphrase.  The
+     passphrase may be empty to indicate no passphrase (host keys must have an
+     empty passphrase), or it may be a string of arbitrary length.  A
+     passphrase is similar to a password, except it can be a phrase with a
+     series of words, punctuation, numbers, whitespace, or any string of charM--
+     acters you want.  Good passphrases are 10-30 characters long, are not
+     simple sentences or otherwise easily guessable (English prose has only
+     1-2 bits of entropy per character, and provides very bad passphrases),
+     and contain a mix of upper and lowercase letters, numbers, and non-
+     alphanumeric characters.  The passphrase can be changed later by using
+     the -p option.
+
+     There is no way to recover a lost passphrase.  If the passphrase is lost
+     or forgotten, a new key must be generated and copied to the corresponding
+     public key to other machines.
+
+     For RSA1 keys, there is also a comment field in the key file that is only
+     for convenience to the user to help identify the key.  The comment can
+     tell what the key is for, or whatever is useful.  The comment is initialM--
+     ized to ``user@host'' when the key is created, but can be changed using
+     the -c option.
+
+     After a key is generated, instructions below detail where the keys should
+     be placed to be activated.
+
+     The options are as follows:
+
+     -b bits
+             Specifies the number of bits in the key to create.  Minimum is
+             512 bits.  Generally 1024 bits is considered sufficient, and key
+             sizes above that no longer improve security but make things
+             slower.  The default is 1024 bits.
+
+     -c      Requests changing the comment in the private and public key
+             files.  This operation is only supported for RSA1 keys.  The proM--
+             gram will prompt for the file containing the private keys, for
+             the passphrase if the key has one, and for the new comment.
+
+     -e      This option will read a private or public OpenSSH key file and
+             print the key in a `SECSH Public Key File Format' to stdout.
+             This option allows exporting keys for use by several commercial
+             SSH implementations.
+
+     -f filename
+             Specifies the filename of the key file.
+
+     -i      This option will read an unencrypted private (or public) key file
+             in SSH2-compatible format and print an OpenSSH compatible private
+             (or public) key to stdout.  ssh-keygen also reads the `SECSH
+             Public Key File Format'.  This option allows importing keys from
+             several commercial SSH implementations.
+
+     -l      Show fingerprint of specified public key file.  Private RSA1 keys
+             are also supported.  For RSA and DSA keys ssh-keygen tries to
+             find the matching public key file and prints its fingerprint.
+
+     -p      Requests changing the passphrase of a private key file instead of
+             creating a new private key.  The program will prompt for the file
+             containing the private key, for the old passphrase, and twice for
+             the new passphrase.
+
+     -q      Silence ssh-keygen.  Used by /etc/rc when creating a new key.
+
+     -y      This option will read a private OpenSSH format file and print an
+             OpenSSH public key to stdout.
+
+     -t type
+             Specifies the type of the key to create.  The possible values are
+             ``rsa1'' for protocol version 1 and ``rsa'' or ``dsa'' for protoM--
+             col version 2.
+
+     -B      Show the bubblebabble digest of specified private or public key
+             file.
+
+     -C comment
+             Provides the new comment.
+
+     -D reader
+             Download the RSA public key stored in the smartcard in reader.
+
+     -N new_passphrase
+             Provides the new passphrase.
+
+     -P passphrase
+             Provides the (old) passphrase.
+
+     -U reader
+             Upload an existing RSA private key into the smartcard in reader.
+
+FILES
+     $HOME/.ssh/identity
+             Contains the protocol version 1 RSA authentication identity of
+             the user.  This file should not be readable by anyone but the
+             user.  It is possible to specify a passphrase when generating the
+             key; that passphrase will be used to encrypt the private part of
+             this file using 3DES.  This file is not automatically accessed by
+             ssh-keygen but it is offered as the default file for the private
+             key.  ssh(1) will read this file when a login attempt is made.
+
+     $HOME/.ssh/identity.pub
+             Contains the protocol version 1 RSA public key for authenticaM--
+             tion.  The contents of this file should be added to
+             $HOME/.ssh/authorized_keys on all machines where the user wishes
+             to log in using RSA authentication.  There is no need to keep the
+             contents of this file secret.
+
+     $HOME/.ssh/id_dsa
+             Contains the protocol version 2 DSA authentication identity of
+             the user.  This file should not be readable by anyone but the
+             user.  It is possible to specify a passphrase when generating the
+             key; that passphrase will be used to encrypt the private part of
+             this file using 3DES.  This file is not automatically accessed by
+             ssh-keygen but it is offered as the default file for the private
+             key.  ssh(1) will read this file when a login attempt is made.
+
+     $HOME/.ssh/id_dsa.pub
+             Contains the protocol version 2 DSA public key for authenticaM--
+             tion.  The contents of this file should be added to
+             $HOME/.ssh/authorized_keys on all machines where the user wishes
+             to log in using public key authentication.  There is no need to
+             keep the contents of this file secret.
+
+     $HOME/.ssh/id_rsa
+             Contains the protocol version 2 RSA authentication identity of
+             the user.  This file should not be readable by anyone but the
+             user.  It is possible to specify a passphrase when generating the
+             key; that passphrase will be used to encrypt the private part of
+             this file using 3DES.  This file is not automatically accessed by
+             ssh-keygen but it is offered as the default file for the private
+             key.  ssh(1) will read this file when a login attempt is made.
+
+     $HOME/.ssh/id_rsa.pub
+             Contains the protocol version 2 RSA public key for authenticaM--
+             tion.  The contents of this file should be added to
+             $HOME/.ssh/authorized_keys on all machines where the user wishes
+             to log in using public key authentication.  There is no need to
+             keep the contents of this file secret.
+
+AUTHORS
+     OpenSSH is a derivative of the original and free ssh 1.2.12 release by
+     Tatu Ylonen.  Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
+     de Raadt and Dug Song removed many bugs, re-added newer features and creM--
+     ated OpenSSH.  Markus Friedl contributed the support for SSH protocol
+     versions 1.5 and 2.0.
+
+SEE ALSO
+     ssh(1), ssh-add(1), ssh-agent(1), sshd(8)
+
+     J. Galbraith and R. Thayer, SECSH Public Key File Format, draft-ietf-
+     secsh-publickeyfile-01.txt, March 2001, work in progress material.
+
+BSD                           September 25, 1999                           BSD