summaryrefslogtreecommitdiff
path: root/ssh-keygen.0
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2014-02-10 00:18:28 +0000
committerColin Watson <cjwatson@debian.org>2014-02-10 00:18:28 +0000
commit9a975a9faed7c4f334e8c8490db3e77e102f2b21 (patch)
tree764a885ec9a963f6a8b15de6e1765f16b9ac4738 /ssh-keygen.0
parentee196dab7c5f97f0b80c8099343a375bead92010 (diff)
parentcdb6c90811caa5df2df856be9b0b16db020fe31d (diff)
Import openssh_6.5p1.orig.tar.gz
Diffstat (limited to 'ssh-keygen.0')
-rw-r--r--ssh-keygen.086
1 files changed, 51 insertions, 35 deletions
diff --git a/ssh-keygen.0 b/ssh-keygen.0
index 2b0e9a692..a69b37d67 100644
--- a/ssh-keygen.0
+++ b/ssh-keygen.0
@@ -19,8 +19,8 @@ SYNOPSIS
19 ssh-keygen -R hostname [-f known_hosts_file] 19 ssh-keygen -R hostname [-f known_hosts_file]
20 ssh-keygen -r hostname [-f input_keyfile] [-g] 20 ssh-keygen -r hostname [-f input_keyfile] [-g]
21 ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point] 21 ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point]
22 ssh-keygen -T output_file -f input_file [-v] [-a num_trials] 22 ssh-keygen -T output_file -f input_file [-v] [-a rounds] [-J num_lines]
23 [-J num_lines] [-j start_line] [-K checkpt] [-W generator] 23 [-j start_line] [-K checkpt] [-W generator]
24 ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals] 24 ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals]
25 [-O option] [-V validity_interval] [-z serial_number] file ... 25 [-O option] [-V validity_interval] [-z serial_number] file ...
26 ssh-keygen -L [-f input_keyfile] 26 ssh-keygen -L [-f input_keyfile]
@@ -32,10 +32,10 @@ SYNOPSIS
32DESCRIPTION 32DESCRIPTION
33 ssh-keygen generates, manages and converts authentication keys for 33 ssh-keygen generates, manages and converts authentication keys for
34 ssh(1). ssh-keygen can create RSA keys for use by SSH protocol version 1 34 ssh(1). ssh-keygen can create RSA keys for use by SSH protocol version 1
35 and DSA, ECDSA or RSA keys for use by SSH protocol version 2. The type 35 and DSA, ECDSA, ED25519 or RSA keys for use by SSH protocol version 2.
36 of key to be generated is specified with the -t option. If invoked 36 The type of key to be generated is specified with the -t option. If
37 without any arguments, ssh-keygen will generate an RSA key for use in SSH 37 invoked without any arguments, ssh-keygen will generate an RSA key for
38 protocol 2 connections. 38 use in SSH protocol 2 connections.
39 39
40 ssh-keygen is also used to generate groups for use in Diffie-Hellman 40 ssh-keygen is also used to generate groups for use in Diffie-Hellman
41 group exchange (DH-GEX). See the MODULI GENERATION section for details. 41 group exchange (DH-GEX). See the MODULI GENERATION section for details.
@@ -46,9 +46,9 @@ DESCRIPTION
46 46
47 Normally each user wishing to use SSH with public key authentication runs 47 Normally each user wishing to use SSH with public key authentication runs
48 this once to create the authentication key in ~/.ssh/identity, 48 this once to create the authentication key in ~/.ssh/identity,
49 ~/.ssh/id_ecdsa, ~/.ssh/id_dsa or ~/.ssh/id_rsa. Additionally, the 49 ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 or ~/.ssh/id_rsa.
50 system administrator may use this to generate host keys, as seen in 50 Additionally, the system administrator may use this to generate host
51 /etc/rc. 51 keys, as seen in /etc/rc.
52 52
53 Normally this program generates the key and asks for a file in which to 53 Normally this program generates the key and asks for a file in which to
54 store the private key. The public key is stored in a file with the same 54 store the private key. The public key is stored in a file with the same
@@ -79,15 +79,22 @@ DESCRIPTION
79 79
80 The options are as follows: 80 The options are as follows:
81 81
82 -A For each of the key types (rsa1, rsa, dsa and ecdsa) for which 82 -A For each of the key types (rsa1, rsa, dsa, ecdsa and ed25519) for
83 host keys do not exist, generate the host keys with the default 83 which host keys do not exist, generate the host keys with the
84 key file path, an empty passphrase, default bits for the key 84 default key file path, an empty passphrase, default bits for the
85 type, and default comment. This is used by /etc/rc to generate 85 key type, and default comment. This is used by /etc/rc to
86 new host keys. 86 generate new host keys.
87 87
88 -a trials 88 -a rounds
89 Specifies the number of primality tests to perform when screening 89 When saving a new-format private key (i.e. an ed25519 key or any
90 DH-GEX candidates using the -T command. 90 SSH protocol 2 key when the -o flag is set), this option
91 specifies the number of KDF (key derivation function) rounds
92 used. Higher numbers result in slower passphrase verification
93 and increased resistance to brute-force password cracking (should
94 the keys be stolen).
95
96 When screening DH-GEX candidates ( using the -T command). This
97 option specifies the number of primality tests to perform.
91 98
92 -B Show the bubblebabble digest of specified private or public key 99 -B Show the bubblebabble digest of specified private or public key
93 file. 100 file.
@@ -100,7 +107,8 @@ DESCRIPTION
100 the -b flag determines the key length by selecting from one of 107 the -b flag determines the key length by selecting from one of
101 three elliptic curve sizes: 256, 384 or 521 bits. Attempting to 108 three elliptic curve sizes: 256, 384 or 521 bits. Attempting to
102 use bit lengths other than these three values for ECDSA keys will 109 use bit lengths other than these three values for ECDSA keys will
103 fail. 110 fail. ED25519 keys have a fixed length and the -b flag will be
111 ignored.
104 112
105 -C comment 113 -C comment
106 Provides a new comment. 114 Provides a new comment.
@@ -262,6 +270,12 @@ DESCRIPTION
262 270
263 At present, no options are valid for host keys. 271 At present, no options are valid for host keys.
264 272
273 -o Causes ssh-keygen to save SSH protocol 2 private keys using the
274 new OpenSSH format rather than the more compatible PEM format.
275 The new format has increased resistance to brute-force password
276 cracking but is not supported by versions of OpenSSH prior to
277 6.5. Ed25519 keys always use the new private key format.
278
265 -P passphrase 279 -P passphrase
266 Provides the (old) passphrase. 280 Provides the (old) passphrase.
267 281
@@ -301,8 +315,8 @@ DESCRIPTION
301 315
302 -t type 316 -t type
303 Specifies the type of key to create. The possible values are 317 Specifies the type of key to create. The possible values are
304 ``rsa1'' for protocol version 1 and ``dsa'', ``ecdsa'' or ``rsa'' 318 ``rsa1'' for protocol version 1 and ``dsa'', ``ecdsa'',
305 for protocol version 2. 319 ``ed25519'', or ``rsa'' for protocol version 2.
306 320
307 -u Update a KRL. When specified with -k, keys listed via the 321 -u Update a KRL. When specified with -k, keys listed via the
308 command line are added to the existing KRL rather than a new KRL 322 command line are added to the existing KRL rather than a new KRL
@@ -441,7 +455,7 @@ CERTIFICATES
441KEY REVOCATION LISTS 455KEY REVOCATION LISTS
442 ssh-keygen is able to manage OpenSSH format Key Revocation Lists (KRLs). 456 ssh-keygen is able to manage OpenSSH format Key Revocation Lists (KRLs).
443 These binary files specify keys or certificates to be revoked using a 457 These binary files specify keys or certificates to be revoked using a
444 compact format, taking as little a one bit per certificate if they are 458 compact format, taking as little as one bit per certificate if they are
445 being revoked by serial number. 459 being revoked by serial number.
446 460
447 KRLs may be generated using the -k flag. This option reads one or more 461 KRLs may be generated using the -k flag. This option reads one or more
@@ -508,24 +522,26 @@ FILES
508 522
509 ~/.ssh/id_dsa 523 ~/.ssh/id_dsa
510 ~/.ssh/id_ecdsa 524 ~/.ssh/id_ecdsa
525 ~/.ssh/id_ed25519
511 ~/.ssh/id_rsa 526 ~/.ssh/id_rsa
512 Contains the protocol version 2 DSA, ECDSA or RSA authentication 527 Contains the protocol version 2 DSA, ECDSA, ED25519 or RSA
513 identity of the user. This file should not be readable by anyone 528 authentication identity of the user. This file should not be
514 but the user. It is possible to specify a passphrase when 529 readable by anyone but the user. It is possible to specify a
515 generating the key; that passphrase will be used to encrypt the 530 passphrase when generating the key; that passphrase will be used
516 private part of this file using 128-bit AES. This file is not 531 to encrypt the private part of this file using 128-bit AES. This
517 automatically accessed by ssh-keygen but it is offered as the 532 file is not automatically accessed by ssh-keygen but it is
518 default file for the private key. ssh(1) will read this file 533 offered as the default file for the private key. ssh(1) will
519 when a login attempt is made. 534 read this file when a login attempt is made.
520 535
521 ~/.ssh/id_dsa.pub 536 ~/.ssh/id_dsa.pub
522 ~/.ssh/id_ecdsa.pub 537 ~/.ssh/id_ecdsa.pub
538 ~/.ssh/id_ed25519.pub
523 ~/.ssh/id_rsa.pub 539 ~/.ssh/id_rsa.pub
524 Contains the protocol version 2 DSA, ECDSA or RSA public key for 540 Contains the protocol version 2 DSA, ECDSA, ED25519 or RSA public
525 authentication. The contents of this file should be added to 541 key for authentication. The contents of this file should be
526 ~/.ssh/authorized_keys on all machines where the user wishes to 542 added to ~/.ssh/authorized_keys on all machines where the user
527 log in using public key authentication. There is no need to keep 543 wishes to log in using public key authentication. There is no
528 the contents of this file secret. 544 need to keep the contents of this file secret.
529 545
530 /etc/moduli 546 /etc/moduli
531 Contains Diffie-Hellman groups used for DH-GEX. The file format 547 Contains Diffie-Hellman groups used for DH-GEX. The file format
@@ -543,4 +559,4 @@ AUTHORS
543 created OpenSSH. Markus Friedl contributed the support for SSH protocol 559 created OpenSSH. Markus Friedl contributed the support for SSH protocol
544 versions 1.5 and 2.0. 560 versions 1.5 and 2.0.
545 561
546OpenBSD 5.4 June 27, 2013 OpenBSD 5.4 562OpenBSD 5.4 December 21, 2013 OpenBSD 5.4