- jmc@cvs.openbsd.org 2005/03/01 18:15:56

[ssh-keygen.1] sort options (no attempt made at synopsis clean up though); spelling (occurance -> occurrence); use prompt before examples; grammar;
author: Damien Miller <djm@mindrot.org> 2005-03-02 12:05:06 +1100
committer: Damien Miller <djm@mindrot.org> 2005-03-02 12:05:06 +1100
commit: 265d309ebc97447f5e710df04196e626f018cad8 (patch)
tree: 0e321aac23035ff163d17c61efb19b59bf3a3432 /ssh-keygen.1
parent: 792c01749a754db5e2e6932869d315113c180461 (diff)
1 files changed, 67 insertions, 67 deletions
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 4f2af5815..3987b1e66 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: ssh-keygen.1,v 1.65 2005/03/01 15:05:00 jmc Exp $
+.\"     $OpenBSD: ssh-keygen.1,v 1.66 2005/03/01 18:15:56 jmc Exp $
 .\"
 .\"  -*- nroff -*-
 .\"
@@ -183,16 +183,23 @@ Specifies the number of primality tests to perform when screening DH-GEX
 candidates using the
 .Fl T
 command.
+.It Fl B
+Show the bubblebabble digest of specified private or public key file.
 .It Fl b Ar bits
 Specifies the number of bits in the key to create.
 Minimum is 512 bits.
 Generally, 1024 bits is considered sufficient.
 The default is 1024 bits.
+.It Fl C Ar comment
+Provides a new comment.
 .It Fl c
 Requests changing the comment in the private and public key files.
 This operation is only supported for RSA1 keys.
 The program will prompt for the file containing the private keys, for
 the passphrase if the key has one, and for the new comment.
+.It Fl D Ar reader
+Download the RSA public key stored in the smartcard in
+.Ar reader .
 .It Fl e
 This option will read a private or public OpenSSH key file and
 print the key in a
@@ -200,12 +207,41 @@ print the key in a
 to stdout.
 This option allows exporting keys for use by several commercial
 SSH implementations.
+.It Fl F Ar hostname
+Search for the specified
+.Ar hostname
+in a
+.Pa known_hosts
+file, listing any occurrences found.
+This option is useful to find hashed host names or addresses and may also be
+used in conjunction with the
+.Fl H
+option to print found keys in a hashed format.
+.It Fl f Ar filename
+Specifies the filename of the key file.
+.It Fl G Ar output_file
+Generate candidate primes for DH-GEX.
+These primes must be screened for
+safety (using the
+.Fl T
+option) before use.
 .It Fl g
 Use generic DNS format when printing fingerprint resource records using the
 .Fl r
 command.
-.It Fl f Ar filename
+.It Fl H
-Specifies the filename of the key file.
+Hash a
+.Pa known_hosts
+file, printing the result to standard output.
+This replaces all hostnames and addresses with hashed representations.
+These hashes may be used normally by
+.Nm ssh
+and
+.Nm sshd ,
+but they do not reveal identifying information should the file's contents
+be disclosed.
+This option will not modify existing hashed hostnames and is therefore safe
+to use on files that mix hashed and non-hashed names.
 .It Fl i
 This option will read an unencrypted private (or public) key file
 in SSH2-compatible format and print an OpenSSH compatible private
@@ -221,6 +257,13 @@ Private RSA1 keys are also supported.
 For RSA and DSA keys
 .Nm
 tries to find the matching public key file and prints its fingerprint.
+.It Fl M Ar memory
+Specify the amount of memory to use (in megabytes) when generating
+candidate moduli for DH-GEX.
+.It Fl N Ar new_passphrase
+Provides the new passphrase.
+.It Fl P Ar passphrase
+Provides the (old) passphrase.
 .It Fl p
 Requests changing the passphrase of a private key file instead of
 creating a new private key.
@@ -233,48 +276,6 @@ Silence
 Used by
 .Pa /etc/rc
 when creating a new key.
-.It Fl y
-This option will read a private
-OpenSSH format file and print an OpenSSH public key to stdout.
-.It Fl t Ar type
-Specifies the type of the key to create.
-The possible values are
-.Dq rsa1
-for protocol version 1 and
-.Dq rsa
-or
-.Dq dsa
-for protocol version 2.
-.It Fl B
-Show the bubblebabble digest of specified private or public key file.
-.It Fl C Ar comment
-Provides the new comment.
-.It Fl D Ar reader
-Download the RSA public key stored in the smartcard in
-.Ar reader .
-.It Fl F Ar hostname
-Search for the specified
-.Ar hostname
-in a
-.Pa known_hosts
-file, listing any occurances found.
-This option is useful to find hashed host names or addresses and may also be
-used in conjunction with the
-.Fl H
-option to print found keys in a hashed format.
-.It Fl H
-Hash a
-.Pa known_hosts
-file, printing the result to standard output.
-This replaces all hostnames and addresses with hashed representations.
-These hashes may be used normally by
-.Nm ssh
-and
-.Nm sshd ,
-but they do not reveal identifying information should the file's contents
-be disclosed.
-This option will not modify existing hashed hostnames and is therefore safe
-to use on files that mix hashed and non-hashed names.
 .It Fl R Ar hostname
 Removes all keys belonging to
 .Ar hostname
@@ -284,27 +285,25 @@ file.
 This option is useful to delete hashed hosts (see the
 .Fl H
 option above).
-.It Fl G Ar output_file
+.It Fl r Ar hostname
-Generate candidate primes for DH-GEX.
+Print the SSHFP fingerprint resource record named
-These primes must be screened for
+.Ar hostname
-safety (using the
+for the specified public key file.
-.Fl T
-option) before use.
-.It Fl M Ar memory
-Specify the amount of memory to use (in megabytes) when generating
-candidate moduli for DH-GEX.
-.It Fl N Ar new_passphrase
-Provides the new passphrase.
-.It Fl P Ar passphrase
-Provides the (old) passphrase.
 .It Fl S Ar start
 Specify start point (in hex) when generating candidate moduli for DH-GEX.
 .It Fl T Ar output_file
 Test DH group exchange candidate primes (generated using the
 .Fl G
 option) for safety.
-.It Fl W Ar generator
+.It Fl t Ar type
-Specify desired generator when testing candidate moduli for DH-GEX.
+Specifies the type of key to create.
+The possible values are
+.Dq rsa1
+for protocol version 1 and
+.Dq rsa
+or
+.Dq dsa
+for protocol version 2.
 .It Fl U Ar reader
 Upload an existing RSA private key into the smartcard in
 .Ar reader .
@@ -318,10 +317,11 @@ Multiple
 .Fl v
 options increase the verbosity.
 The maximum is 3.
-.It Fl r Ar hostname
+.It Fl W Ar generator
-Print the SSHFP fingerprint resource record named
+Specify desired generator when testing candidate moduli for DH-GEX.
-.Ar hostname
+.It Fl y
-for the specified public key file.
+This option will read a private
+OpenSSH format file and print an OpenSSH public key to stdout.
 .El
 .Sh MODULI GENERATION
 .Nm
@@ -340,7 +340,7 @@ The desired length of the primes may be specified by the
 option.
 For example:
 .Pp
-.Dl ssh-keygen -G moduli-2048.candidates -b 2048
+.Dl # ssh-keygen -G moduli-2048.candidates -b 2048
 .Pp
 By default, the search for primes begins at a random point in the
 desired length range.
@@ -360,7 +360,7 @@ will read candidates from standard input (or a file specified using the
 option).
 For example:
 .Pp
-.Dl ssh-keygen -T moduli-2048 -f moduli-2048.candidates
+.Dl # ssh-keygen -T moduli-2048 -f moduli-2048.candidates
 .Pp
 By default, each candidate will be subjected to 100 primality tests.
 This may be overridden using the
@@ -371,7 +371,7 @@ prime under consideration.
 If a specific generator is desired, it may be requested using the
 .Fl W
 option.
-Valid generator values are 2, 3 and 5.
+Valid generator values are 2, 3, and 5.
 .Pp
 Screened DH groups may be installed in
 .Pa /etc/moduli .
author	Damien Miller <djm@mindrot.org>	2005-03-02 12:05:06 +1100
committer	Damien Miller <djm@mindrot.org>	2005-03-02 12:05:06 +1100
commit	265d309ebc97447f5e710df04196e626f018cad8 (patch)
tree	0e321aac23035ff163d17c61efb19b59bf3a3432 /ssh-keygen.1
parent	792c01749a754db5e2e6932869d315113c180461 (diff)

diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 4f2af5815..3987b1e66 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: ssh-keygen.1,v 1.65 2005/03/01 15:05:00 jmc Exp $	1	.\" $OpenBSD: ssh-keygen.1,v 1.66 2005/03/01 18:15:56 jmc Exp $
2	.\"	2	.\"
3	.\" -- nroff --	3	.\" -- nroff --
4	.\"	4	.\"
@@ -183,16 +183,23 @@ Specifies the number of primality tests to perform when screening DH-GEX
183	candidates using the	183	candidates using the
184	.Fl T	184	.Fl T
185	command.	185	command.
		186	.It Fl B
		187	Show the bubblebabble digest of specified private or public key file.
186	.It Fl b Ar bits	188	.It Fl b Ar bits
187	Specifies the number of bits in the key to create.	189	Specifies the number of bits in the key to create.
188	Minimum is 512 bits.	190	Minimum is 512 bits.
189	Generally, 1024 bits is considered sufficient.	191	Generally, 1024 bits is considered sufficient.
190	The default is 1024 bits.	192	The default is 1024 bits.
		193	.It Fl C Ar comment
		194	Provides a new comment.
191	.It Fl c	195	.It Fl c
192	Requests changing the comment in the private and public key files.	196	Requests changing the comment in the private and public key files.
193	This operation is only supported for RSA1 keys.	197	This operation is only supported for RSA1 keys.
194	The program will prompt for the file containing the private keys, for	198	The program will prompt for the file containing the private keys, for
195	the passphrase if the key has one, and for the new comment.	199	the passphrase if the key has one, and for the new comment.
		200	.It Fl D Ar reader
		201	Download the RSA public key stored in the smartcard in
		202	.Ar reader .
196	.It Fl e	203	.It Fl e
197	This option will read a private or public OpenSSH key file and	204	This option will read a private or public OpenSSH key file and
198	print the key in a	205	print the key in a
@@ -200,12 +207,41 @@ print the key in a
200	to stdout.	207	to stdout.
201	This option allows exporting keys for use by several commercial	208	This option allows exporting keys for use by several commercial
202	SSH implementations.	209	SSH implementations.
		210	.It Fl F Ar hostname
		211	Search for the specified
		212	.Ar hostname
		213	in a
		214	.Pa known_hosts
		215	file, listing any occurrences found.
		216	This option is useful to find hashed host names or addresses and may also be
		217	used in conjunction with the
		218	.Fl H
		219	option to print found keys in a hashed format.
		220	.It Fl f Ar filename
		221	Specifies the filename of the key file.
		222	.It Fl G Ar output_file
		223	Generate candidate primes for DH-GEX.
		224	These primes must be screened for
		225	safety (using the
		226	.Fl T
		227	option) before use.
203	.It Fl g	228	.It Fl g
204	Use generic DNS format when printing fingerprint resource records using the	229	Use generic DNS format when printing fingerprint resource records using the
205	.Fl r	230	.Fl r
206	command.	231	command.
207	.It Fl f Ar filename	232	.It Fl H
208	Specifies the filename of the key file.	233	Hash a
		234	.Pa known_hosts
		235	file, printing the result to standard output.
		236	This replaces all hostnames and addresses with hashed representations.
		237	These hashes may be used normally by
		238	.Nm ssh
		239	and
		240	.Nm sshd ,
		241	but they do not reveal identifying information should the file's contents
		242	be disclosed.
		243	This option will not modify existing hashed hostnames and is therefore safe
		244	to use on files that mix hashed and non-hashed names.
209	.It Fl i	245	.It Fl i
210	This option will read an unencrypted private (or public) key file	246	This option will read an unencrypted private (or public) key file
211	in SSH2-compatible format and print an OpenSSH compatible private	247	in SSH2-compatible format and print an OpenSSH compatible private
@@ -221,6 +257,13 @@ Private RSA1 keys are also supported.
221	For RSA and DSA keys	257	For RSA and DSA keys
222	.Nm	258	.Nm
223	tries to find the matching public key file and prints its fingerprint.	259	tries to find the matching public key file and prints its fingerprint.
		260	.It Fl M Ar memory
		261	Specify the amount of memory to use (in megabytes) when generating
		262	candidate moduli for DH-GEX.
		263	.It Fl N Ar new_passphrase
		264	Provides the new passphrase.
		265	.It Fl P Ar passphrase
		266	Provides the (old) passphrase.
224	.It Fl p	267	.It Fl p
225	Requests changing the passphrase of a private key file instead of	268	Requests changing the passphrase of a private key file instead of
226	creating a new private key.	269	creating a new private key.
@@ -233,48 +276,6 @@ Silence
233	Used by	276	Used by
234	.Pa /etc/rc	277	.Pa /etc/rc
235	when creating a new key.	278	when creating a new key.
236	.It Fl y
237	This option will read a private
238	OpenSSH format file and print an OpenSSH public key to stdout.
239	.It Fl t Ar type
240	Specifies the type of the key to create.
241	The possible values are
242	.Dq rsa1
243	for protocol version 1 and
244	.Dq rsa
245	or
246	.Dq dsa
247	for protocol version 2.
248	.It Fl B
249	Show the bubblebabble digest of specified private or public key file.
250	.It Fl C Ar comment
251	Provides the new comment.
252	.It Fl D Ar reader
253	Download the RSA public key stored in the smartcard in
254	.Ar reader .
255	.It Fl F Ar hostname
256	Search for the specified
257	.Ar hostname
258	in a
259	.Pa known_hosts
260	file, listing any occurances found.
261	This option is useful to find hashed host names or addresses and may also be
262	used in conjunction with the
263	.Fl H
264	option to print found keys in a hashed format.
265	.It Fl H
266	Hash a
267	.Pa known_hosts
268	file, printing the result to standard output.
269	This replaces all hostnames and addresses with hashed representations.
270	These hashes may be used normally by
271	.Nm ssh
272	and
273	.Nm sshd ,
274	but they do not reveal identifying information should the file's contents
275	be disclosed.
276	This option will not modify existing hashed hostnames and is therefore safe
277	to use on files that mix hashed and non-hashed names.
278	.It Fl R Ar hostname	279	.It Fl R Ar hostname
279	Removes all keys belonging to	280	Removes all keys belonging to
280	.Ar hostname	281	.Ar hostname
@@ -284,27 +285,25 @@ file.
284	This option is useful to delete hashed hosts (see the	285	This option is useful to delete hashed hosts (see the
285	.Fl H	286	.Fl H
286	option above).	287	option above).
287	.It Fl G Ar output_file	288	.It Fl r Ar hostname
288	Generate candidate primes for DH-GEX.	289	Print the SSHFP fingerprint resource record named
289	These primes must be screened for	290	.Ar hostname
290	safety (using the	291	for the specified public key file.
291	.Fl T
292	option) before use.
293	.It Fl M Ar memory
294	Specify the amount of memory to use (in megabytes) when generating
295	candidate moduli for DH-GEX.
296	.It Fl N Ar new_passphrase
297	Provides the new passphrase.
298	.It Fl P Ar passphrase
299	Provides the (old) passphrase.
300	.It Fl S Ar start	292	.It Fl S Ar start
301	Specify start point (in hex) when generating candidate moduli for DH-GEX.	293	Specify start point (in hex) when generating candidate moduli for DH-GEX.
302	.It Fl T Ar output_file	294	.It Fl T Ar output_file
303	Test DH group exchange candidate primes (generated using the	295	Test DH group exchange candidate primes (generated using the
304	.Fl G	296	.Fl G
305	option) for safety.	297	option) for safety.
306	.It Fl W Ar generator	298	.It Fl t Ar type
307	Specify desired generator when testing candidate moduli for DH-GEX.	299	Specifies the type of key to create.
		300	The possible values are
		301	.Dq rsa1
		302	for protocol version 1 and
		303	.Dq rsa
		304	or
		305	.Dq dsa
		306	for protocol version 2.
308	.It Fl U Ar reader	307	.It Fl U Ar reader
309	Upload an existing RSA private key into the smartcard in	308	Upload an existing RSA private key into the smartcard in
310	.Ar reader .	309	.Ar reader .
@@ -318,10 +317,11 @@ Multiple
318	.Fl v	317	.Fl v
319	options increase the verbosity.	318	options increase the verbosity.
320	The maximum is 3.	319	The maximum is 3.
321	.It Fl r Ar hostname	320	.It Fl W Ar generator
322	Print the SSHFP fingerprint resource record named	321	Specify desired generator when testing candidate moduli for DH-GEX.
323	.Ar hostname	322	.It Fl y
324	for the specified public key file.	323	This option will read a private
		324	OpenSSH format file and print an OpenSSH public key to stdout.
325	.El	325	.El
326	.Sh MODULI GENERATION	326	.Sh MODULI GENERATION
327	.Nm	327	.Nm
@@ -340,7 +340,7 @@ The desired length of the primes may be specified by the
340	option.	340	option.
341	For example:	341	For example:
342	.Pp	342	.Pp
343	.Dl ssh-keygen -G moduli-2048.candidates -b 2048	343	.Dl # ssh-keygen -G moduli-2048.candidates -b 2048
344	.Pp	344	.Pp
345	By default, the search for primes begins at a random point in the	345	By default, the search for primes begins at a random point in the
346	desired length range.	346	desired length range.
@@ -360,7 +360,7 @@ will read candidates from standard input (or a file specified using the
360	option).	360	option).
361	For example:	361	For example:
362	.Pp	362	.Pp
363	.Dl ssh-keygen -T moduli-2048 -f moduli-2048.candidates	363	.Dl # ssh-keygen -T moduli-2048 -f moduli-2048.candidates
364	.Pp	364	.Pp
365	By default, each candidate will be subjected to 100 primality tests.	365	By default, each candidate will be subjected to 100 primality tests.
366	This may be overridden using the	366	This may be overridden using the
@@ -371,7 +371,7 @@ prime under consideration.
371	If a specific generator is desired, it may be requested using the	371	If a specific generator is desired, it may be requested using the
372	.Fl W	372	.Fl W
373	option.	373	option.
374	Valid generator values are 2, 3 and 5.	374	Valid generator values are 2, 3, and 5.
375	.Pp	375	.Pp
376	Screened DH groups may be installed in	376	Screened DH groups may be installed in
377	.Pa /etc/moduli .	377	.Pa /etc/moduli .