diff options
-rw-r--r-- | ssh-keygen.1 | 24 |
1 files changed, 18 insertions, 6 deletions
diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 8e96d9014..56815e272 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: ssh-keygen.1,v 1.152 2018/12/07 03:33:18 djm Exp $ | 1 | .\" $OpenBSD: ssh-keygen.1,v 1.153 2019/01/22 11:00:15 djm Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -35,7 +35,7 @@ | |||
35 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 35 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
36 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 36 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
37 | .\" | 37 | .\" |
38 | .Dd $Mdocdate: December 7 2018 $ | 38 | .Dd $Mdocdate: January 22 2019 $ |
39 | .Dt SSH-KEYGEN 1 | 39 | .Dt SSH-KEYGEN 1 |
40 | .Os | 40 | .Os |
41 | .Sh NAME | 41 | .Sh NAME |
@@ -205,16 +205,28 @@ There is no way to recover a lost passphrase. | |||
205 | If the passphrase is lost or forgotten, a new key must be generated | 205 | If the passphrase is lost or forgotten, a new key must be generated |
206 | and the corresponding public key copied to other machines. | 206 | and the corresponding public key copied to other machines. |
207 | .Pp | 207 | .Pp |
208 | For keys stored in the newer OpenSSH format, | 208 | .Nm |
209 | there is also a comment field in the key file that is only for | 209 | will by default write keys in an OpenSSH-specific format. |
210 | convenience to the user to help identify the key. | 210 | This format is preferred as it offers better protection for |
211 | The comment can tell what the key is for, or whatever is useful. | 211 | keys at rest as well as allowing storage of key comments within |
212 | the private key file itself. | ||
213 | The key comment may be useful to help identify the key. | ||
212 | The comment is initialized to | 214 | The comment is initialized to |
213 | .Dq user@host | 215 | .Dq user@host |
214 | when the key is created, but can be changed using the | 216 | when the key is created, but can be changed using the |
215 | .Fl c | 217 | .Fl c |
216 | option. | 218 | option. |
217 | .Pp | 219 | .Pp |
220 | It is still possible for | ||
221 | .Nm | ||
222 | to write the previously-used PEM format private keys using the | ||
223 | .Fl m | ||
224 | flag. | ||
225 | This may be used when generating new keys, and existing new-format | ||
226 | keys may be converted using this option in conjunction with the | ||
227 | .Fl p | ||
228 | (change passphrase) flag. | ||
229 | .Pp | ||
218 | After a key is generated, instructions below detail where the keys | 230 | After a key is generated, instructions below detail where the keys |
219 | should be placed to be activated. | 231 | should be placed to be activated. |
220 | .Pp | 232 | .Pp |