summaryrefslogtreecommitdiff
path: root/ssh-keygen.0
diff options
context:
space:
mode:
Diffstat (limited to 'ssh-keygen.0')
-rw-r--r--ssh-keygen.050
1 files changed, 27 insertions, 23 deletions
diff --git a/ssh-keygen.0 b/ssh-keygen.0
index 648f3017f..784ad032f 100644
--- a/ssh-keygen.0
+++ b/ssh-keygen.0
@@ -1,7 +1,7 @@
1SSH-KEYGEN(1) General Commands Manual SSH-KEYGEN(1) 1SSH-KEYGEN(1) General Commands Manual SSH-KEYGEN(1)
2 2
3NAME 3NAME
4 ssh-keygen - authentication key generation, management and conversion 4 ssh-keygen M-bM-^@M-^S authentication key generation, management and conversion
5 5
6SYNOPSIS 6SYNOPSIS
7 ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1] 7 ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1]
@@ -11,7 +11,7 @@ SYNOPSIS
11 ssh-keygen -e [-m key_format] [-f input_keyfile] 11 ssh-keygen -e [-m key_format] [-f input_keyfile]
12 ssh-keygen -y [-f input_keyfile] 12 ssh-keygen -y [-f input_keyfile]
13 ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile] 13 ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]
14 ssh-keygen -l [-f input_keyfile] 14 ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]
15 ssh-keygen -B [-f input_keyfile] 15 ssh-keygen -B [-f input_keyfile]
16 ssh-keygen -D pkcs11 16 ssh-keygen -D pkcs11
17 ssh-keygen -F hostname [-f known_hosts_file] [-l] 17 ssh-keygen -F hostname [-f known_hosts_file] [-l]
@@ -32,7 +32,7 @@ SYNOPSIS
32DESCRIPTION 32DESCRIPTION
33 ssh-keygen generates, manages and converts authentication keys for 33 ssh-keygen generates, manages and converts authentication keys for
34 ssh(1). ssh-keygen can create RSA keys for use by SSH protocol version 1 34 ssh(1). ssh-keygen can create RSA keys for use by SSH protocol version 1
35 and DSA, ECDSA, ED25519 or RSA keys for use by SSH protocol version 2. 35 and DSA, ECDSA, Ed25519 or RSA keys for use by SSH protocol version 2.
36 The type of key to be generated is specified with the -t option. If 36 The type of key to be generated is specified with the -t option. If
37 invoked without any arguments, ssh-keygen will generate an RSA key for 37 invoked without any arguments, ssh-keygen will generate an RSA key for
38 use in SSH protocol 2 connections. 38 use in SSH protocol 2 connections.
@@ -52,7 +52,7 @@ DESCRIPTION
52 52
53 Normally this program generates the key and asks for a file in which to 53 Normally this program generates the key and asks for a file in which to
54 store the private key. The public key is stored in a file with the same 54 store the private key. The public key is stored in a file with the same
55 name but ``.pub'' appended. The program also asks for a passphrase. The 55 name but M-bM-^@M-^\.pubM-bM-^@M-^] appended. The program also asks for a passphrase. The
56 passphrase may be empty to indicate no passphrase (host keys must have an 56 passphrase may be empty to indicate no passphrase (host keys must have an
57 empty passphrase), or it may be a string of arbitrary length. A 57 empty passphrase), or it may be a string of arbitrary length. A
58 passphrase is similar to a password, except it can be a phrase with a 58 passphrase is similar to a password, except it can be a phrase with a
@@ -71,7 +71,7 @@ DESCRIPTION
71 For RSA1 keys, there is also a comment field in the key file that is only 71 For RSA1 keys, there is also a comment field in the key file that is only
72 for convenience to the user to help identify the key. The comment can 72 for convenience to the user to help identify the key. The comment can
73 tell what the key is for, or whatever is useful. The comment is 73 tell what the key is for, or whatever is useful. The comment is
74 initialized to ``user@host'' when the key is created, but can be changed 74 initialized to M-bM-^@M-^\user@hostM-bM-^@M-^] when the key is created, but can be changed
75 using the -c option. 75 using the -c option.
76 76
77 After a key is generated, instructions below detail where the keys should 77 After a key is generated, instructions below detail where the keys should
@@ -107,7 +107,7 @@ DESCRIPTION
107 the -b flag determines the key length by selecting from one of 107 the -b flag determines the key length by selecting from one of
108 three elliptic curve sizes: 256, 384 or 521 bits. Attempting to 108 three elliptic curve sizes: 256, 384 or 521 bits. Attempting to
109 use bit lengths other than these three values for ECDSA keys will 109 use bit lengths other than these three values for ECDSA keys will
110 fail. ED25519 keys have a fixed length and the -b flag will be 110 fail. Ed25519 keys have a fixed length and the -b flag will be
111 ignored. 111 ignored.
112 112
113 -C comment 113 -C comment
@@ -124,9 +124,14 @@ DESCRIPTION
124 indicates that a CA key resides in a PKCS#11 token (see the 124 indicates that a CA key resides in a PKCS#11 token (see the
125 CERTIFICATES section for details). 125 CERTIFICATES section for details).
126 126
127 -E fingerprint_hash
128 Specifies the hash algorithm used when displaying key
129 fingerprints. Valid options are: M-bM-^@M-^\md5M-bM-^@M-^] and M-bM-^@M-^\sha256M-bM-^@M-^]. The
130 default is M-bM-^@M-^\sha256M-bM-^@M-^].
131
127 -e This option will read a private or public OpenSSH key file and 132 -e This option will read a private or public OpenSSH key file and
128 print to stdout the key in one of the formats specified by the -m 133 print to stdout the key in one of the formats specified by the -m
129 option. The default export format is ``RFC4716''. This option 134 option. The default export format is M-bM-^@M-^\RFC4716M-bM-^@M-^]. This option
130 allows exporting OpenSSH keys for use by other programs, 135 allows exporting OpenSSH keys for use by other programs,
131 including several commercial SSH implementations. 136 including several commercial SSH implementations.
132 137
@@ -166,7 +171,7 @@ DESCRIPTION
166 in the format specified by the -m option and print an OpenSSH 171 in the format specified by the -m option and print an OpenSSH
167 compatible private (or public) key to stdout. This option allows 172 compatible private (or public) key to stdout. This option allows
168 importing keys from other software, including several commercial 173 importing keys from other software, including several commercial
169 SSH implementations. The default import format is ``RFC4716''. 174 SSH implementations. The default import format is M-bM-^@M-^\RFC4716M-bM-^@M-^].
170 175
171 -J num_lines 176 -J num_lines
172 Exit after screening the specified number of lines while 177 Exit after screening the specified number of lines while
@@ -203,10 +208,10 @@ DESCRIPTION
203 208
204 -m key_format 209 -m key_format
205 Specify a key format for the -i (import) or -e (export) 210 Specify a key format for the -i (import) or -e (export)
206 conversion options. The supported key formats are: ``RFC4716'' 211 conversion options. The supported key formats are: M-bM-^@M-^\RFC4716M-bM-^@M-^]
207 (RFC 4716/SSH2 public or private key), ``PKCS8'' (PEM PKCS8 212 (RFC 4716/SSH2 public or private key), M-bM-^@M-^\PKCS8M-bM-^@M-^] (PEM PKCS8 public
208 public key) or ``PEM'' (PEM public key). The default conversion 213 key) or M-bM-^@M-^\PEMM-bM-^@M-^] (PEM public key). The default conversion format is
209 format is ``RFC4716''. 214 M-bM-^@M-^\RFC4716M-bM-^@M-^].
210 215
211 -N new_passphrase 216 -N new_passphrase
212 Provides the new passphrase. 217 Provides the new passphrase.
@@ -315,8 +320,8 @@ DESCRIPTION
315 320
316 -t dsa | ecdsa | ed25519 | rsa | rsa1 321 -t dsa | ecdsa | ed25519 | rsa | rsa1
317 Specifies the type of key to create. The possible values are 322 Specifies the type of key to create. The possible values are
318 ``rsa1'' for protocol version 1 and ``dsa'', ``ecdsa'', 323 M-bM-^@M-^\rsa1M-bM-^@M-^] for protocol version 1 and M-bM-^@M-^\dsaM-bM-^@M-^], M-bM-^@M-^\ecdsaM-bM-^@M-^], M-bM-^@M-^\ed25519M-bM-^@M-^], or
319 ``ed25519'', or ``rsa'' for protocol version 2. 324 M-bM-^@M-^\rsaM-bM-^@M-^] for protocol version 2.
320 325
321 -u Update a KRL. When specified with -k, keys listed via the 326 -u Update a KRL. When specified with -k, keys listed via the
322 command line are added to the existing KRL rather than a new KRL 327 command line are added to the existing KRL rather than a new KRL
@@ -335,12 +340,11 @@ DESCRIPTION
335 as a YYYYMMDD date, a YYYYMMDDHHMMSS time or a relative time 340 as a YYYYMMDD date, a YYYYMMDDHHMMSS time or a relative time
336 starting with a plus character. 341 starting with a plus character.
337 342
338 For example: ``+52w1d'' (valid from now to 52 weeks and one day 343 For example: M-bM-^@M-^\+52w1dM-bM-^@M-^] (valid from now to 52 weeks and one day
339 from now), ``-4w:+4w'' (valid from four weeks ago to four weeks 344 from now), M-bM-^@M-^\-4w:+4wM-bM-^@M-^] (valid from four weeks ago to four weeks
340 from now), ``20100101123000:20110101123000'' (valid from 12:30 345 from now), M-bM-^@M-^\20100101123000:20110101123000M-bM-^@M-^] (valid from 12:30 PM,
341 PM, January 1st, 2010 to 12:30 PM, January 1st, 2011), 346 January 1st, 2010 to 12:30 PM, January 1st, 2011), M-bM-^@M-^\-1d:20110101M-bM-^@M-^]
342 ``-1d:20110101'' (valid from yesterday to midnight, January 1st, 347 (valid from yesterday to midnight, January 1st, 2011).
343 2011).
344 348
345 -v Verbose mode. Causes ssh-keygen to print debugging messages 349 -v Verbose mode. Causes ssh-keygen to print debugging messages
346 about its progress. This is helpful for debugging moduli 350 about its progress. This is helpful for debugging moduli
@@ -524,7 +528,7 @@ FILES
524 ~/.ssh/id_ecdsa 528 ~/.ssh/id_ecdsa
525 ~/.ssh/id_ed25519 529 ~/.ssh/id_ed25519
526 ~/.ssh/id_rsa 530 ~/.ssh/id_rsa
527 Contains the protocol version 2 DSA, ECDSA, ED25519 or RSA 531 Contains the protocol version 2 DSA, ECDSA, Ed25519 or RSA
528 authentication identity of the user. This file should not be 532 authentication identity of the user. This file should not be
529 readable by anyone but the user. It is possible to specify a 533 readable by anyone but the user. It is possible to specify a
530 passphrase when generating the key; that passphrase will be used 534 passphrase when generating the key; that passphrase will be used
@@ -537,7 +541,7 @@ FILES
537 ~/.ssh/id_ecdsa.pub 541 ~/.ssh/id_ecdsa.pub
538 ~/.ssh/id_ed25519.pub 542 ~/.ssh/id_ed25519.pub
539 ~/.ssh/id_rsa.pub 543 ~/.ssh/id_rsa.pub
540 Contains the protocol version 2 DSA, ECDSA, ED25519 or RSA public 544 Contains the protocol version 2 DSA, ECDSA, Ed25519 or RSA public
541 key for authentication. The contents of this file should be 545 key for authentication. The contents of this file should be
542 added to ~/.ssh/authorized_keys on all machines where the user 546 added to ~/.ssh/authorized_keys on all machines where the user
543 wishes to log in using public key authentication. There is no 547 wishes to log in using public key authentication. There is no
@@ -559,4 +563,4 @@ AUTHORS
559 created OpenSSH. Markus Friedl contributed the support for SSH protocol 563 created OpenSSH. Markus Friedl contributed the support for SSH protocol
560 versions 1.5 and 2.0. 564 versions 1.5 and 2.0.
561 565
562OpenBSD 5.6 March 31, 2014 OpenBSD 5.6 566OpenBSD 5.7 February 24, 2015 OpenBSD 5.7