diff options
| author | jmc@openbsd.org <jmc@openbsd.org> | 2017-05-03 06:32:02 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2017-05-08 09:18:05 +1000 |
| commit | 2b6f799e9b230cf13a7eefc05ecead7d8569d6b5 (patch) | |
| tree | c0abc7946a2e79b528d4e2e8b59520b686d6c4ac /ssh-keygen.1 | |
| parent | f10c0d32cde2084d2a0b19bc47d80cb93e85a093 (diff) | |
upstream commit
more protocol 1 stuff to go; ok djm
Upstream-ID: 307a30441d2edda480fd1661d998d36665671e47
Diffstat (limited to 'ssh-keygen.1')
| -rw-r--r-- | ssh-keygen.1 | 37 |
1 files changed, 5 insertions, 32 deletions
diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 624995617..d8ae3fada 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | .\" $OpenBSD: ssh-keygen.1,v 1.139 2017/05/02 17:04:09 jmc Exp $ | 1 | .\" $OpenBSD: ssh-keygen.1,v 1.140 2017/05/03 06:32:02 jmc Exp $ |
| 2 | .\" | 2 | .\" |
| 3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -35,7 +35,7 @@ | |||
| 35 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 35 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 36 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 36 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 37 | .\" | 37 | .\" |
| 38 | .Dd $Mdocdate: May 2 2017 $ | 38 | .Dd $Mdocdate: May 3 2017 $ |
| 39 | .Dt SSH-KEYGEN 1 | 39 | .Dt SSH-KEYGEN 1 |
| 40 | .Os | 40 | .Os |
| 41 | .Sh NAME | 41 | .Sh NAME |
| @@ -141,11 +141,7 @@ | |||
| 141 | generates, manages and converts authentication keys for | 141 | generates, manages and converts authentication keys for |
| 142 | .Xr ssh 1 . | 142 | .Xr ssh 1 . |
| 143 | .Nm | 143 | .Nm |
| 144 | can create keys for use by SSH protocol versions 1 and 2. | 144 | can create keys for use by SSH protocol version 2. |
| 145 | Protocol 1 should not be used | ||
| 146 | and is only offered to support legacy devices. | ||
| 147 | It suffers from a number of cryptographic weaknesses | ||
| 148 | and doesn't support many of the advanced features available for protocol 2. | ||
| 149 | .Pp | 145 | .Pp |
| 150 | The type of key to be generated is specified with the | 146 | The type of key to be generated is specified with the |
| 151 | .Fl t | 147 | .Fl t |
| @@ -172,7 +168,6 @@ section for details. | |||
| 172 | Normally each user wishing to use SSH | 168 | Normally each user wishing to use SSH |
| 173 | with public key authentication runs this once to create the authentication | 169 | with public key authentication runs this once to create the authentication |
| 174 | key in | 170 | key in |
| 175 | .Pa ~/.ssh/identity , | ||
| 176 | .Pa ~/.ssh/id_dsa , | 171 | .Pa ~/.ssh/id_dsa , |
| 177 | .Pa ~/.ssh/id_ecdsa , | 172 | .Pa ~/.ssh/id_ecdsa , |
| 178 | .Pa ~/.ssh/id_ed25519 | 173 | .Pa ~/.ssh/id_ed25519 |
| @@ -231,16 +226,14 @@ This is used by | |||
| 231 | .Pa /etc/rc | 226 | .Pa /etc/rc |
| 232 | to generate new host keys. | 227 | to generate new host keys. |
| 233 | .It Fl a Ar rounds | 228 | .It Fl a Ar rounds |
| 234 | When saving a new-format private key (i.e. an ed25519 key or any SSH protocol | 229 | When saving a new-format private key (i.e. an ed25519 key or when the |
| 235 | 2 key when the | ||
| 236 | .Fl o | 230 | .Fl o |
| 237 | flag is set), this option specifies the number of KDF (key derivation function) | 231 | flag is set), this option specifies the number of KDF (key derivation function) |
| 238 | rounds used. | 232 | rounds used. |
| 239 | Higher numbers result in slower passphrase verification and increased | 233 | Higher numbers result in slower passphrase verification and increased |
| 240 | resistance to brute-force password cracking (should the keys be stolen). | 234 | resistance to brute-force password cracking (should the keys be stolen). |
| 241 | .Pp | 235 | .Pp |
| 242 | When screening DH-GEX candidates ( | 236 | When screening DH-GEX candidates (using the |
| 243 | using the | ||
| 244 | .Fl T | 237 | .Fl T |
| 245 | command). | 238 | command). |
| 246 | This option specifies the number of primality tests to perform. | 239 | This option specifies the number of primality tests to perform. |
| @@ -819,26 +812,6 @@ will exit with a non-zero exit status. | |||
| 819 | A zero exit status will only be returned if no key was revoked. | 812 | A zero exit status will only be returned if no key was revoked. |
| 820 | .Sh FILES | 813 | .Sh FILES |
| 821 | .Bl -tag -width Ds -compact | 814 | .Bl -tag -width Ds -compact |
| 822 | .It Pa ~/.ssh/identity | ||
| 823 | Contains the protocol version 1 RSA authentication identity of the user. | ||
| 824 | This file should not be readable by anyone but the user. | ||
| 825 | It is possible to | ||
| 826 | specify a passphrase when generating the key; that passphrase will be | ||
| 827 | used to encrypt the private part of this file using 3DES. | ||
| 828 | This file is not automatically accessed by | ||
| 829 | .Nm | ||
| 830 | but it is offered as the default file for the private key. | ||
| 831 | .Xr ssh 1 | ||
| 832 | will read this file when a login attempt is made. | ||
| 833 | .Pp | ||
| 834 | .It Pa ~/.ssh/identity.pub | ||
| 835 | Contains the protocol version 1 RSA public key for authentication. | ||
| 836 | The contents of this file should be added to | ||
| 837 | .Pa ~/.ssh/authorized_keys | ||
| 838 | on all machines | ||
| 839 | where the user wishes to log in using RSA authentication. | ||
| 840 | There is no need to keep the contents of this file secret. | ||
| 841 | .Pp | ||
| 842 | .It Pa ~/.ssh/id_dsa | 815 | .It Pa ~/.ssh/id_dsa |
| 843 | .It Pa ~/.ssh/id_ecdsa | 816 | .It Pa ~/.ssh/id_ecdsa |
| 844 | .It Pa ~/.ssh/id_ed25519 | 817 | .It Pa ~/.ssh/id_ed25519 |