summaryrefslogtreecommitdiff
path: root/ssh-keygen.1
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2018-08-24 12:49:36 +0100
committerColin Watson <cjwatson@debian.org>2018-08-30 00:57:27 +0100
commit816386e17654ca36834bebbf351419e460fad8f6 (patch)
tree3dc79d831cb73bc25b92f5a4d18f8e328c0c570a /ssh-keygen.1
parent3e6f76c7039d3df22b1d0a3a5f30150efb09b69d (diff)
parent16a47fc4b04977a14f44dd433c8da1499fa80671 (diff)
New upstream release (7.8p1)
Closes: #907534
Diffstat (limited to 'ssh-keygen.1')
-rw-r--r--ssh-keygen.124
1 files changed, 8 insertions, 16 deletions
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 39767e621..33e0bbcc1 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: ssh-keygen.1,v 1.147 2018/03/12 00:52:01 djm Exp $ 1.\" $OpenBSD: ssh-keygen.1,v 1.148 2018/08/08 01:16:01 djm Exp $
2.\" 2.\"
3.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 3.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
35.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 35.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
36.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 36.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
37.\" 37.\"
38.Dd $Mdocdate: March 12 2018 $ 38.Dd $Mdocdate: August 8 2018 $
39.Dt SSH-KEYGEN 1 39.Dt SSH-KEYGEN 1
40.Os 40.Os
41.Sh NAME 41.Sh NAME
@@ -229,10 +229,8 @@ has also been specified, its argument is used as a prefix to the
229default path for the resulting host key files. 229default path for the resulting host key files.
230This is used by system administration scripts to generate new host keys. 230This is used by system administration scripts to generate new host keys.
231.It Fl a Ar rounds 231.It Fl a Ar rounds
232When saving a new-format private key (i.e. an ed25519 key or when the 232When saving a private key this option specifies the number of KDF
233.Fl o 233(key derivation function) rounds used.
234flag is set), this option specifies the number of KDF (key derivation function)
235rounds used.
236Higher numbers result in slower passphrase verification and increased 234Higher numbers result in slower passphrase verification and increased
237resistance to brute-force password cracking (should the keys be stolen). 235resistance to brute-force password cracking (should the keys be stolen).
238.Pp 236.Pp
@@ -260,8 +258,6 @@ flag will be ignored.
260Provides a new comment. 258Provides a new comment.
261.It Fl c 259.It Fl c
262Requests changing the comment in the private and public key files. 260Requests changing the comment in the private and public key files.
263This operation is only supported for keys stored in the
264newer OpenSSH format.
265The program will prompt for the file containing the private keys, for 261The program will prompt for the file containing the private keys, for
266the passphrase if the key has one, and for the new comment. 262the passphrase if the key has one, and for the new comment.
267.It Fl D Ar pkcs11 263.It Fl D Ar pkcs11
@@ -406,6 +402,10 @@ or
406(PEM public key). 402(PEM public key).
407The default conversion format is 403The default conversion format is
408.Dq RFC4716 . 404.Dq RFC4716 .
405Setting a format of
406.Dq PEM
407when generating or updating a supported private key type will cause the
408key to be stored in the legacy PEM private key format.
409.It Fl N Ar new_passphrase 409.It Fl N Ar new_passphrase
410Provides the new passphrase. 410Provides the new passphrase.
411.It Fl n Ar principals 411.It Fl n Ar principals
@@ -500,14 +500,6 @@ The
500is a comma-separated list of one or more address/netmask pairs in CIDR 500is a comma-separated list of one or more address/netmask pairs in CIDR
501format. 501format.
502.El 502.El
503.It Fl o
504Causes
505.Nm
506to save private keys using the new OpenSSH format rather than
507the more compatible PEM format.
508The new format has increased resistance to brute-force password cracking
509but is not supported by versions of OpenSSH prior to 6.5.
510Ed25519 keys always use the new private key format.
511.It Fl P Ar passphrase 503.It Fl P Ar passphrase
512Provides the (old) passphrase. 504Provides the (old) passphrase.
513.It Fl p 505.It Fl p