diff options
| author | Colin Watson <cjwatson@debian.org> | 2004-03-01 02:25:32 +0000 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2004-03-01 02:25:32 +0000 |
| commit | ea8116a11e3de70036dbc665ccb0d486cf89cac9 (patch) | |
| tree | d73ccdff78d8608e156465af42e6a1b3527fb2d6 /ssh-keygen.0 | |
| parent | e39b311381a5609cc05acf298c42fba196dc524b (diff) | |
| parent | f5bda272678ec6dccaa5f29379cf60cb855018e8 (diff) | |
Merge 3.8p1 to the trunk. This builds and runs, but I haven't tested it
extensively yet.
ProtocolKeepAlives is now just a compatibility alias for
ServerAliveInterval.
Diffstat (limited to 'ssh-keygen.0')
| -rw-r--r-- | ssh-keygen.0 | 70 |
1 files changed, 38 insertions, 32 deletions
diff --git a/ssh-keygen.0 b/ssh-keygen.0 index 2db957554..d4fcc682b 100644 --- a/ssh-keygen.0 +++ b/ssh-keygen.0 | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | SSH-KEYGEN(1) BSD General Commands Manual SSH-KEYGEN(1) | 1 | SSH-KEYGEN(1) OpenBSD Reference Manual SSH-KEYGEN(1) |
| 2 | 2 | ||
| 3 | NAME | 3 | NAME |
| 4 | ssh-keygen - authentication key generation, management and conversion | 4 | ssh-keygen - authentication key generation, management and conversion |
| @@ -16,8 +16,9 @@ SYNOPSIS | |||
| 16 | ssh-keygen -D reader | 16 | ssh-keygen -D reader |
| 17 | ssh-keygen -U reader [-f input_keyfile] | 17 | ssh-keygen -U reader [-f input_keyfile] |
| 18 | ssh-keygen -r hostname [-f input_keyfile] [-g] | 18 | ssh-keygen -r hostname [-f input_keyfile] [-g] |
| 19 | ssh-keygen -G output_file [-b bits] [-M memory] [-S start_point] | 19 | ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point] |
| 20 | ssh-keygen -T output_file -f input_file [-a num_trials] [-W generator] | 20 | ssh-keygen -T output_file -f input_file [-v] [-a num_trials] [-W |
| 21 | generator] | ||
| 21 | 22 | ||
| 22 | DESCRIPTION | 23 | DESCRIPTION |
| 23 | ssh-keygen generates, manages and converts authentication keys for | 24 | ssh-keygen generates, manages and converts authentication keys for |
| @@ -35,17 +36,17 @@ DESCRIPTION | |||
| 35 | 36 | ||
| 36 | Normally this program generates the key and asks for a file in which to | 37 | Normally this program generates the key and asks for a file in which to |
| 37 | store the private key. The public key is stored in a file with the same | 38 | store the private key. The public key is stored in a file with the same |
| 38 | name but M-bM-^@M-^\.pubM-bM-^@M-^] appended. The program also asks for a passphrase. The | 39 | name but ``.pub'' appended. The program also asks for a passphrase. The |
| 39 | passphrase may be empty to indicate no passphrase (host keys must have an | 40 | passphrase may be empty to indicate no passphrase (host keys must have an |
| 40 | empty passphrase), or it may be a string of arbitrary length. A | 41 | empty passphrase), or it may be a string of arbitrary length. A |
| 41 | passphrase is similar to a password, except it can be a phrase with a | 42 | passphrase is similar to a password, except it can be a phrase with a se- |
| 42 | series of words, punctuation, numbers, whitespace, or any string of char- | 43 | ries of words, punctuation, numbers, whitespace, or any string of charac- |
| 43 | acters you want. Good passphrases are 10-30 characters long, are not | 44 | ters you want. Good passphrases are 10-30 characters long, are not sim- |
| 44 | simple sentences or otherwise easily guessable (English prose has only | 45 | ple sentences or otherwise easily guessable (English prose has only 1-2 |
| 45 | 1-2 bits of entropy per character, and provides very bad passphrases), | 46 | bits of entropy per character, and provides very bad passphrases), and |
| 46 | and contain a mix of upper and lowercase letters, numbers, and non- | 47 | contain a mix of upper and lowercase letters, numbers, and non-alphanu- |
| 47 | alphanumeric characters. The passphrase can be changed later by using | 48 | meric characters. The passphrase can be changed later by using the -p |
| 48 | the -p option. | 49 | option. |
| 49 | 50 | ||
| 50 | There is no way to recover a lost passphrase. If the passphrase is lost | 51 | There is no way to recover a lost passphrase. If the passphrase is lost |
| 51 | or forgotten, a new key must be generated and copied to the corresponding | 52 | or forgotten, a new key must be generated and copied to the corresponding |
| @@ -54,8 +55,8 @@ DESCRIPTION | |||
| 54 | For RSA1 keys, there is also a comment field in the key file that is only | 55 | For RSA1 keys, there is also a comment field in the key file that is only |
| 55 | for convenience to the user to help identify the key. The comment can | 56 | for convenience to the user to help identify the key. The comment can |
| 56 | tell what the key is for, or whatever is useful. The comment is initial- | 57 | tell what the key is for, or whatever is useful. The comment is initial- |
| 57 | ized to M-bM-^@M-^\user@hostM-bM-^@M-^] when the key is created, but can be changed using the | 58 | ized to ``user@host'' when the key is created, but can be changed using |
| 58 | -c option. | 59 | the -c option. |
| 59 | 60 | ||
| 60 | After a key is generated, instructions below detail where the keys should | 61 | After a key is generated, instructions below detail where the keys should |
| 61 | be placed to be activated. | 62 | be placed to be activated. |
| @@ -77,7 +78,7 @@ DESCRIPTION | |||
| 77 | the passphrase if the key has one, and for the new comment. | 78 | the passphrase if the key has one, and for the new comment. |
| 78 | 79 | ||
| 79 | -e This option will read a private or public OpenSSH key file and | 80 | -e This option will read a private or public OpenSSH key file and |
| 80 | print the key in a M-bM-^@M-^XSECSH Public Key File FormatM-bM-^@M-^Y to stdout. | 81 | print the key in a `SECSH Public Key File Format' to stdout. |
| 81 | This option allows exporting keys for use by several commercial | 82 | This option allows exporting keys for use by several commercial |
| 82 | SSH implementations. | 83 | SSH implementations. |
| 83 | 84 | ||
| @@ -88,8 +89,8 @@ DESCRIPTION | |||
| 88 | 89 | ||
| 89 | -i This option will read an unencrypted private (or public) key file | 90 | -i This option will read an unencrypted private (or public) key file |
| 90 | in SSH2-compatible format and print an OpenSSH compatible private | 91 | in SSH2-compatible format and print an OpenSSH compatible private |
| 91 | (or public) key to stdout. ssh-keygen also reads the M-bM-^@M-^XSECSH | 92 | (or public) key to stdout. ssh-keygen also reads the `SECSH |
| 92 | Public Key File FormatM-bM-^@M-^Y. This option allows importing keys from | 93 | Public Key File Format'. This option allows importing keys from |
| 93 | several commercial SSH implementations. | 94 | several commercial SSH implementations. |
| 94 | 95 | ||
| 95 | -l Show fingerprint of specified public key file. Private RSA1 keys | 96 | -l Show fingerprint of specified public key file. Private RSA1 keys |
| @@ -108,8 +109,8 @@ DESCRIPTION | |||
| 108 | 109 | ||
| 109 | -t type | 110 | -t type |
| 110 | Specifies the type of the key to create. The possible values are | 111 | Specifies the type of the key to create. The possible values are |
| 111 | M-bM-^@M-^\rsa1M-bM-^@M-^] for protocol version 1 and M-bM-^@M-^\rsaM-bM-^@M-^] or M-bM-^@M-^\dsaM-bM-^@M-^] for protocol | 112 | ``rsa1'' for protocol version 1 and ``rsa'' or ``dsa'' for proto- |
| 112 | version 2. | 113 | col version 2. |
| 113 | 114 | ||
| 114 | -B Show the bubblebabble digest of specified private or public key | 115 | -B Show the bubblebabble digest of specified private or public key |
| 115 | file. | 116 | file. |
| @@ -149,15 +150,20 @@ DESCRIPTION | |||
| 149 | -U reader | 150 | -U reader |
| 150 | Upload an existing RSA private key into the smartcard in reader. | 151 | Upload an existing RSA private key into the smartcard in reader. |
| 151 | 152 | ||
| 153 | -v Verbose mode. Causes ssh-keygen to print debugging messages | ||
| 154 | about its progress. This is helpful for debugging moduli genera- | ||
| 155 | tion. Multiple -v options increase the verbosity. The maximum | ||
| 156 | is 3. | ||
| 157 | |||
| 152 | -r hostname | 158 | -r hostname |
| 153 | Print DNS resource record with the specified hostname. | 159 | Print DNS resource record with the specified hostname. |
| 154 | 160 | ||
| 155 | MODULI GENERATION | 161 | MODULI GENERATION |
| 156 | ssh-keygen may be used to generate groups for the Diffie-Hellman Group | 162 | ssh-keygen may be used to generate groups for the Diffie-Hellman Group |
| 157 | Exchange (DH-GEX) protocol. Generating these groups is a two-step pro- | 163 | Exchange (DH-GEX) protocol. Generating these groups is a two-step pro- |
| 158 | cess: first, candidate primes are generated using a fast, but memory | 164 | cess: first, candidate primes are generated using a fast, but memory in- |
| 159 | intensive process. These candidate primes are then tested for suitabil- | 165 | tensive process. These candidate primes are then tested for suitability |
| 160 | ity (a CPU-intensive process). | 166 | (a CPU-intensive process). |
| 161 | 167 | ||
| 162 | Generation of primes is performed using the -G option. The desired | 168 | Generation of primes is performed using the -G option. The desired |
| 163 | length of the primes may be specified by the -b option. For example: | 169 | length of the primes may be specified by the -b option. For example: |
| @@ -188,8 +194,8 @@ MODULI GENERATION | |||
| 188 | FILES | 194 | FILES |
| 189 | $HOME/.ssh/identity | 195 | $HOME/.ssh/identity |
| 190 | Contains the protocol version 1 RSA authentication identity of | 196 | Contains the protocol version 1 RSA authentication identity of |
| 191 | the user. This file should not be readable by anyone but the | 197 | the user. This file should not be readable by anyone but the us- |
| 192 | user. It is possible to specify a passphrase when generating the | 198 | er. It is possible to specify a passphrase when generating the |
| 193 | key; that passphrase will be used to encrypt the private part of | 199 | key; that passphrase will be used to encrypt the private part of |
| 194 | this file using 3DES. This file is not automatically accessed by | 200 | this file using 3DES. This file is not automatically accessed by |
| 195 | ssh-keygen but it is offered as the default file for the private | 201 | ssh-keygen but it is offered as the default file for the private |
| @@ -204,8 +210,8 @@ FILES | |||
| 204 | 210 | ||
| 205 | $HOME/.ssh/id_dsa | 211 | $HOME/.ssh/id_dsa |
| 206 | Contains the protocol version 2 DSA authentication identity of | 212 | Contains the protocol version 2 DSA authentication identity of |
| 207 | the user. This file should not be readable by anyone but the | 213 | the user. This file should not be readable by anyone but the us- |
| 208 | user. It is possible to specify a passphrase when generating the | 214 | er. It is possible to specify a passphrase when generating the |
| 209 | key; that passphrase will be used to encrypt the private part of | 215 | key; that passphrase will be used to encrypt the private part of |
| 210 | this file using 3DES. This file is not automatically accessed by | 216 | this file using 3DES. This file is not automatically accessed by |
| 211 | ssh-keygen but it is offered as the default file for the private | 217 | ssh-keygen but it is offered as the default file for the private |
| @@ -220,8 +226,8 @@ FILES | |||
| 220 | 226 | ||
| 221 | $HOME/.ssh/id_rsa | 227 | $HOME/.ssh/id_rsa |
| 222 | Contains the protocol version 2 RSA authentication identity of | 228 | Contains the protocol version 2 RSA authentication identity of |
| 223 | the user. This file should not be readable by anyone but the | 229 | the user. This file should not be readable by anyone but the us- |
| 224 | user. It is possible to specify a passphrase when generating the | 230 | er. It is possible to specify a passphrase when generating the |
| 225 | key; that passphrase will be used to encrypt the private part of | 231 | key; that passphrase will be used to encrypt the private part of |
| 226 | this file using 3DES. This file is not automatically accessed by | 232 | this file using 3DES. This file is not automatically accessed by |
| 227 | ssh-keygen but it is offered as the default file for the private | 233 | ssh-keygen but it is offered as the default file for the private |
| @@ -241,14 +247,14 @@ FILES | |||
| 241 | SEE ALSO | 247 | SEE ALSO |
| 242 | ssh(1), ssh-add(1), ssh-agent(1), moduli(5), sshd(8) | 248 | ssh(1), ssh-add(1), ssh-agent(1), moduli(5), sshd(8) |
| 243 | 249 | ||
| 244 | J. Galbraith and R. Thayer, SECSH Public Key File Format, draft-ietf- | 250 | J. Galbraith, and R. Thayer, SECSH Public Key File Format, draft-ietf- |
| 245 | secsh-publickeyfile-01.txt, March 2001, work in progress material. | 251 | secsh-publickeyfile-01.txt, March 2001, work in progress material. |
| 246 | 252 | ||
| 247 | AUTHORS | 253 | AUTHORS |
| 248 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by | 254 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by |
| 249 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo | 255 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo |
| 250 | de Raadt and Dug Song removed many bugs, re-added newer features and cre- | 256 | de Raadt and Dug Song removed many bugs, re-added newer features and |
| 251 | ated OpenSSH. Markus Friedl contributed the support for SSH protocol | 257 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
| 252 | versions 1.5 and 2.0. | 258 | versions 1.5 and 2.0. |
| 253 | 259 | ||
| 254 | BSD September 25, 1999 BSD | 260 | OpenBSD 3.4 September 25, 1999 4 |