summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ChangeLog6
-rw-r--r--ssh-keygen.131
2 files changed, 30 insertions, 7 deletions
diff --git a/ChangeLog b/ChangeLog
index c56f59785..351bd0386 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
120131218
2 - (djm) OpenBSD CVS Sync
3 - djm@cvs.openbsd.org 2013/12/07 08:08:26
4 [ssh-keygen.1]
5 document -a and -o wrt new key format
6
120131208 720131208
2 - (djm) [openbsd-compat/bsd-setres_id.c] Missing header; from Corinna 8 - (djm) [openbsd-compat/bsd-setres_id.c] Missing header; from Corinna
3 Vinschen 9 Vinschen
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 0d55854e9..689db22ff 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: ssh-keygen.1,v 1.116 2013/06/27 14:05:37 jmc Exp $ 1.\" $OpenBSD: ssh-keygen.1,v 1.117 2013/12/07 08:08:26 djm Exp $
2.\" 2.\"
3.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 3.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
35.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 35.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
36.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 36.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
37.\" 37.\"
38.Dd $Mdocdate: June 27 2013 $ 38.Dd $Mdocdate: December 7 2013 $
39.Dt SSH-KEYGEN 1 39.Dt SSH-KEYGEN 1
40.Os 40.Os
41.Sh NAME 41.Sh NAME
@@ -103,7 +103,7 @@
103.Fl T Ar output_file 103.Fl T Ar output_file
104.Fl f Ar input_file 104.Fl f Ar input_file
105.Op Fl v 105.Op Fl v
106.Op Fl a Ar num_trials 106.Op Fl a Ar rounds
107.Op Fl J Ar num_lines 107.Op Fl J Ar num_lines
108.Op Fl j Ar start_line 108.Op Fl j Ar start_line
109.Op Fl K Ar checkpt 109.Op Fl K Ar checkpt
@@ -222,11 +222,20 @@ an empty passphrase, default bits for the key type, and default comment.
222This is used by 222This is used by
223.Pa /etc/rc 223.Pa /etc/rc
224to generate new host keys. 224to generate new host keys.
225.It Fl a Ar trials 225.It Fl a Ar rounds
226Specifies the number of primality tests to perform when screening DH-GEX 226When saving a new-format private key (i.e. an ed25519 key or any SSH protocol
227candidates using the 2272 key when the
228.Fl o
229flag is set), this option specifies the number of KDF (key derivation function)
230rounds used.
231Higher numbers result in slower passphrase verification and increased
232resistance to brute-force password cracking (should the keys be stolen).
233.Pp
234When screening DH-GEX candidates (
235using the
228.Fl T 236.Fl T
229command. 237command).
238This option specifies the number of primality tests to perform.
230.It Fl B 239.It Fl B
231Show the bubblebabble digest of specified private or public key file. 240Show the bubblebabble digest of specified private or public key file.
232.It Fl b Ar bits 241.It Fl b Ar bits
@@ -447,6 +456,14 @@ format.
447.El 456.El
448.Pp 457.Pp
449At present, no options are valid for host keys. 458At present, no options are valid for host keys.
459.It Fl o
460Causes
461.Nm
462to save SSH protocol 2 private keys using the new OpenSSH format rather than
463the more compatible PEM format.
464The new format has increased resistance to brute-force password cracking
465but is not supported by versions of OpenSSH prior to 6.5.
466Ed25519 keys always use the new private key format.
450.It Fl P Ar passphrase 467.It Fl P Ar passphrase
451Provides the (old) passphrase. 468Provides the (old) passphrase.
452.It Fl p 469.It Fl p
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 21:04:03 +0000