diff options
author | Colin Watson <cjwatson@debian.org> | 2004-03-01 02:25:32 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2004-03-01 02:25:32 +0000 |
commit | ea8116a11e3de70036dbc665ccb0d486cf89cac9 (patch) | |
tree | d73ccdff78d8608e156465af42e6a1b3527fb2d6 /ssh-keygen.0 | |
parent | e39b311381a5609cc05acf298c42fba196dc524b (diff) | |
parent | f5bda272678ec6dccaa5f29379cf60cb855018e8 (diff) |
Merge 3.8p1 to the trunk. This builds and runs, but I haven't tested it
extensively yet.
ProtocolKeepAlives is now just a compatibility alias for
ServerAliveInterval.
Diffstat (limited to 'ssh-keygen.0')
-rw-r--r-- | ssh-keygen.0 | 70 |
1 files changed, 38 insertions, 32 deletions
diff --git a/ssh-keygen.0 b/ssh-keygen.0 index 2db957554..d4fcc682b 100644 --- a/ssh-keygen.0 +++ b/ssh-keygen.0 | |||
@@ -1,4 +1,4 @@ | |||
1 | SSH-KEYGEN(1) BSD General Commands Manual SSH-KEYGEN(1) | 1 | SSH-KEYGEN(1) OpenBSD Reference Manual SSH-KEYGEN(1) |
2 | 2 | ||
3 | NAME | 3 | NAME |
4 | ssh-keygen - authentication key generation, management and conversion | 4 | ssh-keygen - authentication key generation, management and conversion |
@@ -16,8 +16,9 @@ SYNOPSIS | |||
16 | ssh-keygen -D reader | 16 | ssh-keygen -D reader |
17 | ssh-keygen -U reader [-f input_keyfile] | 17 | ssh-keygen -U reader [-f input_keyfile] |
18 | ssh-keygen -r hostname [-f input_keyfile] [-g] | 18 | ssh-keygen -r hostname [-f input_keyfile] [-g] |
19 | ssh-keygen -G output_file [-b bits] [-M memory] [-S start_point] | 19 | ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point] |
20 | ssh-keygen -T output_file -f input_file [-a num_trials] [-W generator] | 20 | ssh-keygen -T output_file -f input_file [-v] [-a num_trials] [-W |
21 | generator] | ||
21 | 22 | ||
22 | DESCRIPTION | 23 | DESCRIPTION |
23 | ssh-keygen generates, manages and converts authentication keys for | 24 | ssh-keygen generates, manages and converts authentication keys for |
@@ -35,17 +36,17 @@ DESCRIPTION | |||
35 | 36 | ||
36 | Normally this program generates the key and asks for a file in which to | 37 | Normally this program generates the key and asks for a file in which to |
37 | store the private key. The public key is stored in a file with the same | 38 | store the private key. The public key is stored in a file with the same |
38 | name but M-bM-^@M-^\.pubM-bM-^@M-^] appended. The program also asks for a passphrase. The | 39 | name but ``.pub'' appended. The program also asks for a passphrase. The |
39 | passphrase may be empty to indicate no passphrase (host keys must have an | 40 | passphrase may be empty to indicate no passphrase (host keys must have an |
40 | empty passphrase), or it may be a string of arbitrary length. A | 41 | empty passphrase), or it may be a string of arbitrary length. A |
41 | passphrase is similar to a password, except it can be a phrase with a | 42 | passphrase is similar to a password, except it can be a phrase with a se- |
42 | series of words, punctuation, numbers, whitespace, or any string of char- | 43 | ries of words, punctuation, numbers, whitespace, or any string of charac- |
43 | acters you want. Good passphrases are 10-30 characters long, are not | 44 | ters you want. Good passphrases are 10-30 characters long, are not sim- |
44 | simple sentences or otherwise easily guessable (English prose has only | 45 | ple sentences or otherwise easily guessable (English prose has only 1-2 |
45 | 1-2 bits of entropy per character, and provides very bad passphrases), | 46 | bits of entropy per character, and provides very bad passphrases), and |
46 | and contain a mix of upper and lowercase letters, numbers, and non- | 47 | contain a mix of upper and lowercase letters, numbers, and non-alphanu- |
47 | alphanumeric characters. The passphrase can be changed later by using | 48 | meric characters. The passphrase can be changed later by using the -p |
48 | the -p option. | 49 | option. |
49 | 50 | ||
50 | There is no way to recover a lost passphrase. If the passphrase is lost | 51 | There is no way to recover a lost passphrase. If the passphrase is lost |
51 | or forgotten, a new key must be generated and copied to the corresponding | 52 | or forgotten, a new key must be generated and copied to the corresponding |
@@ -54,8 +55,8 @@ DESCRIPTION | |||
54 | For RSA1 keys, there is also a comment field in the key file that is only | 55 | For RSA1 keys, there is also a comment field in the key file that is only |
55 | for convenience to the user to help identify the key. The comment can | 56 | for convenience to the user to help identify the key. The comment can |
56 | tell what the key is for, or whatever is useful. The comment is initial- | 57 | tell what the key is for, or whatever is useful. The comment is initial- |
57 | ized to M-bM-^@M-^\user@hostM-bM-^@M-^] when the key is created, but can be changed using the | 58 | ized to ``user@host'' when the key is created, but can be changed using |
58 | -c option. | 59 | the -c option. |
59 | 60 | ||
60 | After a key is generated, instructions below detail where the keys should | 61 | After a key is generated, instructions below detail where the keys should |
61 | be placed to be activated. | 62 | be placed to be activated. |
@@ -77,7 +78,7 @@ DESCRIPTION | |||
77 | the passphrase if the key has one, and for the new comment. | 78 | the passphrase if the key has one, and for the new comment. |
78 | 79 | ||
79 | -e This option will read a private or public OpenSSH key file and | 80 | -e This option will read a private or public OpenSSH key file and |
80 | print the key in a M-bM-^@M-^XSECSH Public Key File FormatM-bM-^@M-^Y to stdout. | 81 | print the key in a `SECSH Public Key File Format' to stdout. |
81 | This option allows exporting keys for use by several commercial | 82 | This option allows exporting keys for use by several commercial |
82 | SSH implementations. | 83 | SSH implementations. |
83 | 84 | ||
@@ -88,8 +89,8 @@ DESCRIPTION | |||
88 | 89 | ||
89 | -i This option will read an unencrypted private (or public) key file | 90 | -i This option will read an unencrypted private (or public) key file |
90 | in SSH2-compatible format and print an OpenSSH compatible private | 91 | in SSH2-compatible format and print an OpenSSH compatible private |
91 | (or public) key to stdout. ssh-keygen also reads the M-bM-^@M-^XSECSH | 92 | (or public) key to stdout. ssh-keygen also reads the `SECSH |
92 | Public Key File FormatM-bM-^@M-^Y. This option allows importing keys from | 93 | Public Key File Format'. This option allows importing keys from |
93 | several commercial SSH implementations. | 94 | several commercial SSH implementations. |
94 | 95 | ||
95 | -l Show fingerprint of specified public key file. Private RSA1 keys | 96 | -l Show fingerprint of specified public key file. Private RSA1 keys |
@@ -108,8 +109,8 @@ DESCRIPTION | |||
108 | 109 | ||
109 | -t type | 110 | -t type |
110 | Specifies the type of the key to create. The possible values are | 111 | Specifies the type of the key to create. The possible values are |
111 | M-bM-^@M-^\rsa1M-bM-^@M-^] for protocol version 1 and M-bM-^@M-^\rsaM-bM-^@M-^] or M-bM-^@M-^\dsaM-bM-^@M-^] for protocol | 112 | ``rsa1'' for protocol version 1 and ``rsa'' or ``dsa'' for proto- |
112 | version 2. | 113 | col version 2. |
113 | 114 | ||
114 | -B Show the bubblebabble digest of specified private or public key | 115 | -B Show the bubblebabble digest of specified private or public key |
115 | file. | 116 | file. |
@@ -149,15 +150,20 @@ DESCRIPTION | |||
149 | -U reader | 150 | -U reader |
150 | Upload an existing RSA private key into the smartcard in reader. | 151 | Upload an existing RSA private key into the smartcard in reader. |
151 | 152 | ||
153 | -v Verbose mode. Causes ssh-keygen to print debugging messages | ||
154 | about its progress. This is helpful for debugging moduli genera- | ||
155 | tion. Multiple -v options increase the verbosity. The maximum | ||
156 | is 3. | ||
157 | |||
152 | -r hostname | 158 | -r hostname |
153 | Print DNS resource record with the specified hostname. | 159 | Print DNS resource record with the specified hostname. |
154 | 160 | ||
155 | MODULI GENERATION | 161 | MODULI GENERATION |
156 | ssh-keygen may be used to generate groups for the Diffie-Hellman Group | 162 | ssh-keygen may be used to generate groups for the Diffie-Hellman Group |
157 | Exchange (DH-GEX) protocol. Generating these groups is a two-step pro- | 163 | Exchange (DH-GEX) protocol. Generating these groups is a two-step pro- |
158 | cess: first, candidate primes are generated using a fast, but memory | 164 | cess: first, candidate primes are generated using a fast, but memory in- |
159 | intensive process. These candidate primes are then tested for suitabil- | 165 | tensive process. These candidate primes are then tested for suitability |
160 | ity (a CPU-intensive process). | 166 | (a CPU-intensive process). |
161 | 167 | ||
162 | Generation of primes is performed using the -G option. The desired | 168 | Generation of primes is performed using the -G option. The desired |
163 | length of the primes may be specified by the -b option. For example: | 169 | length of the primes may be specified by the -b option. For example: |
@@ -188,8 +194,8 @@ MODULI GENERATION | |||
188 | FILES | 194 | FILES |
189 | $HOME/.ssh/identity | 195 | $HOME/.ssh/identity |
190 | Contains the protocol version 1 RSA authentication identity of | 196 | Contains the protocol version 1 RSA authentication identity of |
191 | the user. This file should not be readable by anyone but the | 197 | the user. This file should not be readable by anyone but the us- |
192 | user. It is possible to specify a passphrase when generating the | 198 | er. It is possible to specify a passphrase when generating the |
193 | key; that passphrase will be used to encrypt the private part of | 199 | key; that passphrase will be used to encrypt the private part of |
194 | this file using 3DES. This file is not automatically accessed by | 200 | this file using 3DES. This file is not automatically accessed by |
195 | ssh-keygen but it is offered as the default file for the private | 201 | ssh-keygen but it is offered as the default file for the private |
@@ -204,8 +210,8 @@ FILES | |||
204 | 210 | ||
205 | $HOME/.ssh/id_dsa | 211 | $HOME/.ssh/id_dsa |
206 | Contains the protocol version 2 DSA authentication identity of | 212 | Contains the protocol version 2 DSA authentication identity of |
207 | the user. This file should not be readable by anyone but the | 213 | the user. This file should not be readable by anyone but the us- |
208 | user. It is possible to specify a passphrase when generating the | 214 | er. It is possible to specify a passphrase when generating the |
209 | key; that passphrase will be used to encrypt the private part of | 215 | key; that passphrase will be used to encrypt the private part of |
210 | this file using 3DES. This file is not automatically accessed by | 216 | this file using 3DES. This file is not automatically accessed by |
211 | ssh-keygen but it is offered as the default file for the private | 217 | ssh-keygen but it is offered as the default file for the private |
@@ -220,8 +226,8 @@ FILES | |||
220 | 226 | ||
221 | $HOME/.ssh/id_rsa | 227 | $HOME/.ssh/id_rsa |
222 | Contains the protocol version 2 RSA authentication identity of | 228 | Contains the protocol version 2 RSA authentication identity of |
223 | the user. This file should not be readable by anyone but the | 229 | the user. This file should not be readable by anyone but the us- |
224 | user. It is possible to specify a passphrase when generating the | 230 | er. It is possible to specify a passphrase when generating the |
225 | key; that passphrase will be used to encrypt the private part of | 231 | key; that passphrase will be used to encrypt the private part of |
226 | this file using 3DES. This file is not automatically accessed by | 232 | this file using 3DES. This file is not automatically accessed by |
227 | ssh-keygen but it is offered as the default file for the private | 233 | ssh-keygen but it is offered as the default file for the private |
@@ -241,14 +247,14 @@ FILES | |||
241 | SEE ALSO | 247 | SEE ALSO |
242 | ssh(1), ssh-add(1), ssh-agent(1), moduli(5), sshd(8) | 248 | ssh(1), ssh-add(1), ssh-agent(1), moduli(5), sshd(8) |
243 | 249 | ||
244 | J. Galbraith and R. Thayer, SECSH Public Key File Format, draft-ietf- | 250 | J. Galbraith, and R. Thayer, SECSH Public Key File Format, draft-ietf- |
245 | secsh-publickeyfile-01.txt, March 2001, work in progress material. | 251 | secsh-publickeyfile-01.txt, March 2001, work in progress material. |
246 | 252 | ||
247 | AUTHORS | 253 | AUTHORS |
248 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by | 254 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by |
249 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo | 255 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo |
250 | de Raadt and Dug Song removed many bugs, re-added newer features and cre- | 256 | de Raadt and Dug Song removed many bugs, re-added newer features and |
251 | ated OpenSSH. Markus Friedl contributed the support for SSH protocol | 257 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
252 | versions 1.5 and 2.0. | 258 | versions 1.5 and 2.0. |
253 | 259 | ||
254 | BSD September 25, 1999 BSD | 260 | OpenBSD 3.4 September 25, 1999 4 |