diff options
author | Damien Miller <djm@mindrot.org> | 2000-01-20 23:13:36 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2000-01-20 23:13:36 +1100 |
commit | 886c63a2c533e8ce8818580920232e4903a27da7 (patch) | |
tree | fe165f9c88b10cdef0b09873c14f118d127ce64e /ssh-keygen.1.in | |
parent | 88b86e40d65b3cf1238ad9eee67555a2acae61a8 (diff) |
- Big manpage and config file cleanup from Andre Lucas
<andre.lucas@dial.pipex.com>
- Re-added latest (unmodified) OpenBSD manpages
Diffstat (limited to 'ssh-keygen.1.in')
-rw-r--r-- | ssh-keygen.1.in | 161 |
1 files changed, 0 insertions, 161 deletions
diff --git a/ssh-keygen.1.in b/ssh-keygen.1.in deleted file mode 100644 index 493484756..000000000 --- a/ssh-keygen.1.in +++ /dev/null | |||
@@ -1,161 +0,0 @@ | |||
1 | .\" -*- nroff -*- | ||
2 | .\" | ||
3 | .\" ssh-keygen.1 | ||
4 | .\" | ||
5 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> | ||
6 | .\" | ||
7 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | ||
8 | .\" All rights reserved | ||
9 | .\" | ||
10 | .\" Created: Sat Apr 22 23:55:14 1995 ylo | ||
11 | .\" | ||
12 | .\" $Id: ssh-keygen.1.in,v 1.1 1999/12/26 22:23:58 damien Exp $ | ||
13 | .\" | ||
14 | .Dd September 25, 1999 | ||
15 | .Dt SSH-KEYGEN 1 | ||
16 | .Os | ||
17 | .Sh NAME | ||
18 | .Nm ssh-keygen | ||
19 | .Nd authentication key generation | ||
20 | .Sh SYNOPSIS | ||
21 | .Nm ssh-keygen | ||
22 | .Op Fl q | ||
23 | .Op Fl b Ar bits | ||
24 | .Op Fl N Ar new_passphrase | ||
25 | .Op Fl C Ar comment | ||
26 | .Op Fl f Ar keyfile | ||
27 | .Nm ssh-keygen | ||
28 | .Fl p | ||
29 | .Op Fl P Ar old_passphrase | ||
30 | .Op Fl N Ar new_passphrase | ||
31 | .Op Fl f Ar keyfile | ||
32 | .Nm ssh-keygen | ||
33 | .Fl c | ||
34 | .Op Fl P Ar passphrase | ||
35 | .Op Fl C Ar comment | ||
36 | .Op Fl f Ar keyfile | ||
37 | .Nm ssh-keygen | ||
38 | .Fl l | ||
39 | .Op Fl f Ar keyfile | ||
40 | .Sh DESCRIPTION | ||
41 | .Nm | ||
42 | generates and manages authentication keys for | ||
43 | .Xr ssh 1 . | ||
44 | Normally each user wishing to use SSH | ||
45 | with RSA authentication runs this once to create the authentication | ||
46 | key in | ||
47 | .Pa $HOME/.ssh/identity . | ||
48 | Additionally, the system administrator may use this to generate host keys. | ||
49 | .Pp | ||
50 | Normally this program generates the key and asks for a file in which | ||
51 | to store the private key. The public key is stored in a file with the | ||
52 | same name but | ||
53 | .Dq .pub | ||
54 | appended. The program also asks for a | ||
55 | passphrase. The passphrase may be empty to indicate no passphrase | ||
56 | (host keys must have empty passphrase), or it may be a string of | ||
57 | arbitrary length. Good passphrases are 10-30 characters long and are | ||
58 | not simple sentences or otherwise easily guessable (English | ||
59 | prose has only 1-2 bits of entropy per word, and provides very bad | ||
60 | passphrases). The passphrase can be changed later by using the | ||
61 | .Fl p | ||
62 | option. | ||
63 | .Pp | ||
64 | There is no way to recover a lost passphrase. If the passphrase is | ||
65 | lost or forgotten, you will have to generate a new key and copy the | ||
66 | corresponding public key to other machines. | ||
67 | .Pp | ||
68 | There is also a comment field in the key file that is only for | ||
69 | convenience to the user to help identify the key. The comment can | ||
70 | tell what the key is for, or whatever is useful. The comment is | ||
71 | initialized to | ||
72 | .Dq user@host | ||
73 | when the key is created, but can be changed using the | ||
74 | .Fl c | ||
75 | option. | ||
76 | .Pp | ||
77 | The options are as follows: | ||
78 | .Bl -tag -width Ds | ||
79 | .It Fl b Ar bits | ||
80 | Specifies the number of bits in the key to create. Minimum is 512 | ||
81 | bits. Generally 1024 bits is considered sufficient, and key sizes | ||
82 | above that no longer improve security but make things slower. The | ||
83 | default is 1024 bits. | ||
84 | .It Fl c | ||
85 | Requests changing the comment in the private and public key files. | ||
86 | The program will prompt for the file containing the private keys, for | ||
87 | passphrase if the key has one, and for the new comment. | ||
88 | .It Fl f | ||
89 | Specifies the filename of the key file. | ||
90 | .It Fl l | ||
91 | Show fingerprint of specified private or public key file. | ||
92 | .It Fl p | ||
93 | Requests changing the passphrase of a private key file instead of | ||
94 | creating a new private key. The program will prompt for the file | ||
95 | containing the private key, for the old passphrase, and twice for the | ||
96 | new passphrase. | ||
97 | .It Fl q | ||
98 | Silence | ||
99 | .Nm ssh-keygen . | ||
100 | Used by | ||
101 | .Pa /etc/rc | ||
102 | when creating a new key. | ||
103 | .It Fl C Ar comment | ||
104 | Provides the new comment. | ||
105 | .It Fl N Ar new_passphrase | ||
106 | Provides the new passphrase. | ||
107 | .It Fl P Ar passphrase | ||
108 | Provides the (old) passphrase. | ||
109 | .El | ||
110 | .Sh FILES | ||
111 | .Bl -tag -width Ds | ||
112 | .It Pa $HOME/.ssh/identity | ||
113 | Contains the RSA authentication identity of the user. This file | ||
114 | should not be readable by anyone but the user. It is possible to | ||
115 | specify a passphrase when generating the key; that passphrase will be | ||
116 | used to encrypt the private part of this file using 3DES. This file | ||
117 | is not automatically accessed by | ||
118 | .Nm | ||
119 | but it is offered as the default file for the private key. | ||
120 | .It Pa $HOME/.ssh/identity.pub | ||
121 | Contains the public key for authentication. The contents of this file | ||
122 | should be added to | ||
123 | .Pa $HOME/.ssh/authorized_keys | ||
124 | on all machines | ||
125 | where you wish to log in using RSA authentication. There is no | ||
126 | need to keep the contents of this file secret. | ||
127 | .Sh AUTHOR | ||
128 | Tatu Ylonen <ylo@cs.hut.fi> | ||
129 | .Pp | ||
130 | OpenSSH | ||
131 | is a derivative of the original (free) ssh 1.2.12 release, but with bugs | ||
132 | removed and newer features re-added. Rapidly after the 1.2.12 release, | ||
133 | newer versions bore successively more restrictive licenses. This version | ||
134 | of OpenSSH | ||
135 | .Bl -bullet | ||
136 | .It | ||
137 | has all components of a restrictive nature (ie. patents, see | ||
138 | .Xr ssl 8 ) | ||
139 | directly removed from the source code; any licensed or patented components | ||
140 | are chosen from | ||
141 | external libraries. | ||
142 | .It | ||
143 | has been updated to support ssh protocol 1.5. | ||
144 | .It | ||
145 | contains added support for | ||
146 | .Xr kerberos 8 | ||
147 | authentication and ticket passing. | ||
148 | .It | ||
149 | supports one-time password authentication with | ||
150 | .Xr skey 1 . | ||
151 | .El | ||
152 | .Pp | ||
153 | The libraries described in | ||
154 | .Xr ssl 8 | ||
155 | are required for proper operation. | ||
156 | .Sh SEE ALSO | ||
157 | .Xr ssh 1 , | ||
158 | .Xr ssh-add 1 , | ||
159 | .Xr ssh-agent 1 , | ||
160 | .Xr sshd 8 , | ||
161 | .Xr ssl 8 | ||