diff options
Diffstat (limited to 'ssh-keygen.0')
-rw-r--r-- | ssh-keygen.0 | 50 |
1 files changed, 27 insertions, 23 deletions
diff --git a/ssh-keygen.0 b/ssh-keygen.0 index 648f3017f..784ad032f 100644 --- a/ssh-keygen.0 +++ b/ssh-keygen.0 | |||
@@ -1,7 +1,7 @@ | |||
1 | SSH-KEYGEN(1) General Commands Manual SSH-KEYGEN(1) | 1 | SSH-KEYGEN(1) General Commands Manual SSH-KEYGEN(1) |
2 | 2 | ||
3 | NAME | 3 | NAME |
4 | ssh-keygen - authentication key generation, management and conversion | 4 | ssh-keygen M-bM-^@M-^S authentication key generation, management and conversion |
5 | 5 | ||
6 | SYNOPSIS | 6 | SYNOPSIS |
7 | ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1] | 7 | ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1] |
@@ -11,7 +11,7 @@ SYNOPSIS | |||
11 | ssh-keygen -e [-m key_format] [-f input_keyfile] | 11 | ssh-keygen -e [-m key_format] [-f input_keyfile] |
12 | ssh-keygen -y [-f input_keyfile] | 12 | ssh-keygen -y [-f input_keyfile] |
13 | ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile] | 13 | ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile] |
14 | ssh-keygen -l [-f input_keyfile] | 14 | ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile] |
15 | ssh-keygen -B [-f input_keyfile] | 15 | ssh-keygen -B [-f input_keyfile] |
16 | ssh-keygen -D pkcs11 | 16 | ssh-keygen -D pkcs11 |
17 | ssh-keygen -F hostname [-f known_hosts_file] [-l] | 17 | ssh-keygen -F hostname [-f known_hosts_file] [-l] |
@@ -32,7 +32,7 @@ SYNOPSIS | |||
32 | DESCRIPTION | 32 | DESCRIPTION |
33 | ssh-keygen generates, manages and converts authentication keys for | 33 | ssh-keygen generates, manages and converts authentication keys for |
34 | ssh(1). ssh-keygen can create RSA keys for use by SSH protocol version 1 | 34 | ssh(1). ssh-keygen can create RSA keys for use by SSH protocol version 1 |
35 | and DSA, ECDSA, ED25519 or RSA keys for use by SSH protocol version 2. | 35 | and DSA, ECDSA, Ed25519 or RSA keys for use by SSH protocol version 2. |
36 | The type of key to be generated is specified with the -t option. If | 36 | The type of key to be generated is specified with the -t option. If |
37 | invoked without any arguments, ssh-keygen will generate an RSA key for | 37 | invoked without any arguments, ssh-keygen will generate an RSA key for |
38 | use in SSH protocol 2 connections. | 38 | use in SSH protocol 2 connections. |
@@ -52,7 +52,7 @@ DESCRIPTION | |||
52 | 52 | ||
53 | Normally this program generates the key and asks for a file in which to | 53 | Normally this program generates the key and asks for a file in which to |
54 | store the private key. The public key is stored in a file with the same | 54 | store the private key. The public key is stored in a file with the same |
55 | name but ``.pub'' appended. The program also asks for a passphrase. The | 55 | name but M-bM-^@M-^\.pubM-bM-^@M-^] appended. The program also asks for a passphrase. The |
56 | passphrase may be empty to indicate no passphrase (host keys must have an | 56 | passphrase may be empty to indicate no passphrase (host keys must have an |
57 | empty passphrase), or it may be a string of arbitrary length. A | 57 | empty passphrase), or it may be a string of arbitrary length. A |
58 | passphrase is similar to a password, except it can be a phrase with a | 58 | passphrase is similar to a password, except it can be a phrase with a |
@@ -71,7 +71,7 @@ DESCRIPTION | |||
71 | For RSA1 keys, there is also a comment field in the key file that is only | 71 | For RSA1 keys, there is also a comment field in the key file that is only |
72 | for convenience to the user to help identify the key. The comment can | 72 | for convenience to the user to help identify the key. The comment can |
73 | tell what the key is for, or whatever is useful. The comment is | 73 | tell what the key is for, or whatever is useful. The comment is |
74 | initialized to ``user@host'' when the key is created, but can be changed | 74 | initialized to M-bM-^@M-^\user@hostM-bM-^@M-^] when the key is created, but can be changed |
75 | using the -c option. | 75 | using the -c option. |
76 | 76 | ||
77 | After a key is generated, instructions below detail where the keys should | 77 | After a key is generated, instructions below detail where the keys should |
@@ -107,7 +107,7 @@ DESCRIPTION | |||
107 | the -b flag determines the key length by selecting from one of | 107 | the -b flag determines the key length by selecting from one of |
108 | three elliptic curve sizes: 256, 384 or 521 bits. Attempting to | 108 | three elliptic curve sizes: 256, 384 or 521 bits. Attempting to |
109 | use bit lengths other than these three values for ECDSA keys will | 109 | use bit lengths other than these three values for ECDSA keys will |
110 | fail. ED25519 keys have a fixed length and the -b flag will be | 110 | fail. Ed25519 keys have a fixed length and the -b flag will be |
111 | ignored. | 111 | ignored. |
112 | 112 | ||
113 | -C comment | 113 | -C comment |
@@ -124,9 +124,14 @@ DESCRIPTION | |||
124 | indicates that a CA key resides in a PKCS#11 token (see the | 124 | indicates that a CA key resides in a PKCS#11 token (see the |
125 | CERTIFICATES section for details). | 125 | CERTIFICATES section for details). |
126 | 126 | ||
127 | -E fingerprint_hash | ||
128 | Specifies the hash algorithm used when displaying key | ||
129 | fingerprints. Valid options are: M-bM-^@M-^\md5M-bM-^@M-^] and M-bM-^@M-^\sha256M-bM-^@M-^]. The | ||
130 | default is M-bM-^@M-^\sha256M-bM-^@M-^]. | ||
131 | |||
127 | -e This option will read a private or public OpenSSH key file and | 132 | -e This option will read a private or public OpenSSH key file and |
128 | print to stdout the key in one of the formats specified by the -m | 133 | print to stdout the key in one of the formats specified by the -m |
129 | option. The default export format is ``RFC4716''. This option | 134 | option. The default export format is M-bM-^@M-^\RFC4716M-bM-^@M-^]. This option |
130 | allows exporting OpenSSH keys for use by other programs, | 135 | allows exporting OpenSSH keys for use by other programs, |
131 | including several commercial SSH implementations. | 136 | including several commercial SSH implementations. |
132 | 137 | ||
@@ -166,7 +171,7 @@ DESCRIPTION | |||
166 | in the format specified by the -m option and print an OpenSSH | 171 | in the format specified by the -m option and print an OpenSSH |
167 | compatible private (or public) key to stdout. This option allows | 172 | compatible private (or public) key to stdout. This option allows |
168 | importing keys from other software, including several commercial | 173 | importing keys from other software, including several commercial |
169 | SSH implementations. The default import format is ``RFC4716''. | 174 | SSH implementations. The default import format is M-bM-^@M-^\RFC4716M-bM-^@M-^]. |
170 | 175 | ||
171 | -J num_lines | 176 | -J num_lines |
172 | Exit after screening the specified number of lines while | 177 | Exit after screening the specified number of lines while |
@@ -203,10 +208,10 @@ DESCRIPTION | |||
203 | 208 | ||
204 | -m key_format | 209 | -m key_format |
205 | Specify a key format for the -i (import) or -e (export) | 210 | Specify a key format for the -i (import) or -e (export) |
206 | conversion options. The supported key formats are: ``RFC4716'' | 211 | conversion options. The supported key formats are: M-bM-^@M-^\RFC4716M-bM-^@M-^] |
207 | (RFC 4716/SSH2 public or private key), ``PKCS8'' (PEM PKCS8 | 212 | (RFC 4716/SSH2 public or private key), M-bM-^@M-^\PKCS8M-bM-^@M-^] (PEM PKCS8 public |
208 | public key) or ``PEM'' (PEM public key). The default conversion | 213 | key) or M-bM-^@M-^\PEMM-bM-^@M-^] (PEM public key). The default conversion format is |
209 | format is ``RFC4716''. | 214 | M-bM-^@M-^\RFC4716M-bM-^@M-^]. |
210 | 215 | ||
211 | -N new_passphrase | 216 | -N new_passphrase |
212 | Provides the new passphrase. | 217 | Provides the new passphrase. |
@@ -315,8 +320,8 @@ DESCRIPTION | |||
315 | 320 | ||
316 | -t dsa | ecdsa | ed25519 | rsa | rsa1 | 321 | -t dsa | ecdsa | ed25519 | rsa | rsa1 |
317 | Specifies the type of key to create. The possible values are | 322 | Specifies the type of key to create. The possible values are |
318 | ``rsa1'' for protocol version 1 and ``dsa'', ``ecdsa'', | 323 | M-bM-^@M-^\rsa1M-bM-^@M-^] for protocol version 1 and M-bM-^@M-^\dsaM-bM-^@M-^], M-bM-^@M-^\ecdsaM-bM-^@M-^], M-bM-^@M-^\ed25519M-bM-^@M-^], or |
319 | ``ed25519'', or ``rsa'' for protocol version 2. | 324 | M-bM-^@M-^\rsaM-bM-^@M-^] for protocol version 2. |
320 | 325 | ||
321 | -u Update a KRL. When specified with -k, keys listed via the | 326 | -u Update a KRL. When specified with -k, keys listed via the |
322 | command line are added to the existing KRL rather than a new KRL | 327 | command line are added to the existing KRL rather than a new KRL |
@@ -335,12 +340,11 @@ DESCRIPTION | |||
335 | as a YYYYMMDD date, a YYYYMMDDHHMMSS time or a relative time | 340 | as a YYYYMMDD date, a YYYYMMDDHHMMSS time or a relative time |
336 | starting with a plus character. | 341 | starting with a plus character. |
337 | 342 | ||
338 | For example: ``+52w1d'' (valid from now to 52 weeks and one day | 343 | For example: M-bM-^@M-^\+52w1dM-bM-^@M-^] (valid from now to 52 weeks and one day |
339 | from now), ``-4w:+4w'' (valid from four weeks ago to four weeks | 344 | from now), M-bM-^@M-^\-4w:+4wM-bM-^@M-^] (valid from four weeks ago to four weeks |
340 | from now), ``20100101123000:20110101123000'' (valid from 12:30 | 345 | from now), M-bM-^@M-^\20100101123000:20110101123000M-bM-^@M-^] (valid from 12:30 PM, |
341 | PM, January 1st, 2010 to 12:30 PM, January 1st, 2011), | 346 | January 1st, 2010 to 12:30 PM, January 1st, 2011), M-bM-^@M-^\-1d:20110101M-bM-^@M-^] |
342 | ``-1d:20110101'' (valid from yesterday to midnight, January 1st, | 347 | (valid from yesterday to midnight, January 1st, 2011). |
343 | 2011). | ||
344 | 348 | ||
345 | -v Verbose mode. Causes ssh-keygen to print debugging messages | 349 | -v Verbose mode. Causes ssh-keygen to print debugging messages |
346 | about its progress. This is helpful for debugging moduli | 350 | about its progress. This is helpful for debugging moduli |
@@ -524,7 +528,7 @@ FILES | |||
524 | ~/.ssh/id_ecdsa | 528 | ~/.ssh/id_ecdsa |
525 | ~/.ssh/id_ed25519 | 529 | ~/.ssh/id_ed25519 |
526 | ~/.ssh/id_rsa | 530 | ~/.ssh/id_rsa |
527 | Contains the protocol version 2 DSA, ECDSA, ED25519 or RSA | 531 | Contains the protocol version 2 DSA, ECDSA, Ed25519 or RSA |
528 | authentication identity of the user. This file should not be | 532 | authentication identity of the user. This file should not be |
529 | readable by anyone but the user. It is possible to specify a | 533 | readable by anyone but the user. It is possible to specify a |
530 | passphrase when generating the key; that passphrase will be used | 534 | passphrase when generating the key; that passphrase will be used |
@@ -537,7 +541,7 @@ FILES | |||
537 | ~/.ssh/id_ecdsa.pub | 541 | ~/.ssh/id_ecdsa.pub |
538 | ~/.ssh/id_ed25519.pub | 542 | ~/.ssh/id_ed25519.pub |
539 | ~/.ssh/id_rsa.pub | 543 | ~/.ssh/id_rsa.pub |
540 | Contains the protocol version 2 DSA, ECDSA, ED25519 or RSA public | 544 | Contains the protocol version 2 DSA, ECDSA, Ed25519 or RSA public |
541 | key for authentication. The contents of this file should be | 545 | key for authentication. The contents of this file should be |
542 | added to ~/.ssh/authorized_keys on all machines where the user | 546 | added to ~/.ssh/authorized_keys on all machines where the user |
543 | wishes to log in using public key authentication. There is no | 547 | wishes to log in using public key authentication. There is no |
@@ -559,4 +563,4 @@ AUTHORS | |||
559 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | 563 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
560 | versions 1.5 and 2.0. | 564 | versions 1.5 and 2.0. |
561 | 565 | ||
562 | OpenBSD 5.6 March 31, 2014 OpenBSD 5.6 | 566 | OpenBSD 5.7 February 24, 2015 OpenBSD 5.7 |