summaryrefslogtreecommitdiff
path: root/ssh-keygen.0
diff options
context:
space:
mode:
Diffstat (limited to 'ssh-keygen.0')
-rw-r--r--ssh-keygen.0157
1 files changed, 78 insertions, 79 deletions
diff --git a/ssh-keygen.0 b/ssh-keygen.0
index d3a2135b4..2e151a95c 100644
--- a/ssh-keygen.0
+++ b/ssh-keygen.0
@@ -1,45 +1,45 @@
1SSH-KEYGEN(1) System General Commands Manual SSH-KEYGEN(1) 1SSHM-bM-^@M-^PKEYGEN(1) BSD General Commands Manual SSHM-bM-^@M-^PKEYGEN(1)
2 2
3NAME 3^[[1mNAME^[[0m
4 ssh-keygen - authentication key generation, management and conversion 4 ^[[1msshM-bM-^@M-^Pkeygen ^[[22mM-bMM-^R authentication key generation, management and conversion
5 5
6SYNOPSIS 6^[[1mSYNOPSIS^[[0m
7 ssh-keygen [-q] [-b bits] -t type [-N new_passphrase] [-C comment] 7 ^[[1msshM-bM-^@M-^Pkeygen ^[[22m[^[[1mM-bMM-^Rq^[[22m] [^[[1mM-bMM-^Rb ^[[4m^[[22mbits^[[24m] ^[[1mM-bMM-^Rt ^[[4m^[[22mtype^[[24m [^[[1mM-bMM-^RN ^[[4m^[[22mnew_passphrase^[[24m] [^[[1mM-bMM-^RC ^[[4m^[[22mcomment^[[24m]
8 [-f output_keyfile] 8 [^[[1mM-bMM-^Rf ^[[4m^[[22moutput_keyfile^[[24m]
9 ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile] 9 ^[[1msshM-bM-^@M-^Pkeygen M-bMM-^Rp ^[[22m[^[[1mM-bMM-^RP ^[[4m^[[22mold_passphrase^[[24m] [^[[1mM-bMM-^RN ^[[4m^[[22mnew_passphrase^[[24m] [^[[1mM-bMM-^Rf ^[[4m^[[22mkeyfile^[[24m]
10 ssh-keygen -i [-f input_keyfile] 10 ^[[1msshM-bM-^@M-^Pkeygen M-bMM-^Ri ^[[22m[^[[1mM-bMM-^Rf ^[[4m^[[22minput_keyfile^[[24m]
11 ssh-keygen -e [-f input_keyfile] 11 ^[[1msshM-bM-^@M-^Pkeygen M-bMM-^Re ^[[22m[^[[1mM-bMM-^Rf ^[[4m^[[22minput_keyfile^[[24m]
12 ssh-keygen -y [-f input_keyfile] 12 ^[[1msshM-bM-^@M-^Pkeygen M-bMM-^Ry ^[[22m[^[[1mM-bMM-^Rf ^[[4m^[[22minput_keyfile^[[24m]
13 ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile] 13 ^[[1msshM-bM-^@M-^Pkeygen M-bMM-^Rc ^[[22m[^[[1mM-bMM-^RP ^[[4m^[[22mpassphrase^[[24m] [^[[1mM-bMM-^RC ^[[4m^[[22mcomment^[[24m] [^[[1mM-bMM-^Rf ^[[4m^[[22mkeyfile^[[24m]
14 ssh-keygen -l [-f input_keyfile] 14 ^[[1msshM-bM-^@M-^Pkeygen M-bMM-^Rl ^[[22m[^[[1mM-bMM-^Rf ^[[4m^[[22minput_keyfile^[[24m]
15 ssh-keygen -B [-f input_keyfile] 15 ^[[1msshM-bM-^@M-^Pkeygen M-bMM-^RB ^[[22m[^[[1mM-bMM-^Rf ^[[4m^[[22minput_keyfile^[[24m]
16 ssh-keygen -D reader 16 ^[[1msshM-bM-^@M-^Pkeygen M-bMM-^RD ^[[4m^[[22mreader^[[0m
17 ssh-keygen -U reader [-f input_keyfile] 17 ^[[1msshM-bM-^@M-^Pkeygen M-bMM-^RU ^[[4m^[[22mreader^[[24m [^[[1mM-bMM-^Rf ^[[4m^[[22minput_keyfile^[[24m]
18 18
19DESCRIPTION 19^[[1mDESCRIPTION^[[0m
20 ssh-keygen generates, manages and converts authentication keys for 20 ^[[1msshM-bM-^@M-^Pkeygen ^[[22mgenerates, manages and converts authentication keys for
21 ssh(1). ssh-keygen can create RSA keys for use by SSH protocol version 1 21 ssh(1). ^[[1msshM-bM-^@M-^Pkeygen ^[[22mcan create RSA keys for use by SSH protocol version 1
22 and RSA or DSA keys for use by SSH protocol version 2. The type of key to 22 and RSA or DSA keys for use by SSH protocol version 2. The type of key to
23 be generated is specified with the -t option. 23 be generated is specified with the ^[[1mM-bMM-^Rt ^[[22moption.
24 24
25 Normally each user wishing to use SSH with RSA or DSA authentication runs 25 Normally each user wishing to use SSH with RSA or DSA authentication runs
26 this once to create the authentication key in $HOME/.ssh/identity, 26 this once to create the authentication key in ^[[4m$HOME/.ssh/identity^[[24m,
27 $HOME/.ssh/id_dsa or $HOME/.ssh/id_rsa. Additionally, the system adminM-- 27 ^[[4m$HOME/.ssh/id_dsa^[[24m or ^[[4m$HOME/.ssh/id_rsa^[[24m. Additionally, the system adminM-bM-^@M-^P
28 istrator may use this to generate host keys, as seen in /etc/rc. 28 istrator may use this to generate host keys, as seen in ^[[4m/etc/rc^[[24m.
29 29
30 Normally this program generates the key and asks for a file in which to 30 Normally this program generates the key and asks for a file in which to
31 store the private key. The public key is stored in a file with the same 31 store the private key. The public key is stored in a file with the same
32 name but ``.pub'' appended. The program also asks for a passphrase. The 32 name but M-bM-^@M-^\.pubM-bM-^@M-^] appended. The program also asks for a passphrase. The
33 passphrase may be empty to indicate no passphrase (host keys must have an 33 passphrase may be empty to indicate no passphrase (host keys must have an
34 empty passphrase), or it may be a string of arbitrary length. A 34 empty passphrase), or it may be a string of arbitrary length. A
35 passphrase is similar to a password, except it can be a phrase with a 35 passphrase is similar to a password, except it can be a phrase with a
36 series of words, punctuation, numbers, whitespace, or any string of charM-- 36 series of words, punctuation, numbers, whitespace, or any string of charM-bM-^@M-^P
37 acters you want. Good passphrases are 10-30 characters long, are not 37 acters you want. Good passphrases are 10M-bM-^@M-^P30 characters long, are not
38 simple sentences or otherwise easily guessable (English prose has only 38 simple sentences or otherwise easily guessable (English prose has only
39 1-2 bits of entropy per character, and provides very bad passphrases), 39 1M-bM-^@M-^P2 bits of entropy per character, and provides very bad passphrases),
40 and contain a mix of upper and lowercase letters, numbers, and non- 40 and contain a mix of upper and lowercase letters, numbers, and nonM-bM-^@M-^P
41 alphanumeric characters. The passphrase can be changed later by using 41 alphanumeric characters. The passphrase can be changed later by using
42 the -p option. 42 the ^[[1mM-bMM-^Rp ^[[22moption.
43 43
44 There is no way to recover a lost passphrase. If the passphrase is lost 44 There is no way to recover a lost passphrase. If the passphrase is lost
45 or forgotten, a new key must be generated and copied to the corresponding 45 or forgotten, a new key must be generated and copied to the corresponding
@@ -47,91 +47,90 @@ DESCRIPTION
47 47
48 For RSA1 keys, there is also a comment field in the key file that is only 48 For RSA1 keys, there is also a comment field in the key file that is only
49 for convenience to the user to help identify the key. The comment can 49 for convenience to the user to help identify the key. The comment can
50 tell what the key is for, or whatever is useful. The comment is initialM-- 50 tell what the key is for, or whatever is useful. The comment is initialM-bM-^@M-^P
51 ized to ``user@host'' when the key is created, but can be changed using 51 ized to M-bM-^@M-^\user@hostM-bM-^@M-^] when the key is created, but can be changed using the
52 the -c option. 52 ^[[1mM-bMM-^Rc ^[[22moption.
53 53
54 After a key is generated, instructions below detail where the keys should 54 After a key is generated, instructions below detail where the keys should
55 be placed to be activated. 55 be placed to be activated.
56 56
57 The options are as follows: 57 The options are as follows:
58 58
59 -b bits 59 ^[[1mM-bMM-^Rb ^[[4m^[[22mbits^[[0m
60 Specifies the number of bits in the key to create. Minimum is 60 Specifies the number of bits in the key to create. Minimum is
61 512 bits. Generally 1024 bits is considered sufficient, and key 61 512 bits. Generally, 1024 bits is considered sufficient. The
62 sizes above that no longer improve security but make things 62 default is 1024 bits.
63 slower. The default is 1024 bits.
64 63
65 -c Requests changing the comment in the private and public key 64 ^[[1mM-bMM-^Rc ^[[22mRequests changing the comment in the private and public key
66 files. This operation is only supported for RSA1 keys. The proM-- 65 files. This operation is only supported for RSA1 keys. The proM-bM-^@M-^P
67 gram will prompt for the file containing the private keys, for 66 gram will prompt for the file containing the private keys, for
68 the passphrase if the key has one, and for the new comment. 67 the passphrase if the key has one, and for the new comment.
69 68
70 -e This option will read a private or public OpenSSH key file and 69 ^[[1mM-bMM-^Re ^[[22mThis option will read a private or public OpenSSH key file and
71 print the key in a `SECSH Public Key File Format' to stdout. 70 print the key in a M-bM-^@M-^XSECSH Public Key File FormatM-bM-^@M-^Y to stdout.
72 This option allows exporting keys for use by several commercial 71 This option allows exporting keys for use by several commercial
73 SSH implementations. 72 SSH implementations.
74 73
75 -f filename 74 ^[[1mM-bMM-^Rf ^[[4m^[[22mfilename^[[0m
76 Specifies the filename of the key file. 75 Specifies the filename of the key file.
77 76
78 -i This option will read an unencrypted private (or public) key file 77 ^[[1mM-bMM-^Ri ^[[22mThis option will read an unencrypted private (or public) key file
79 in SSH2-compatible format and print an OpenSSH compatible private 78 in SSH2M-bM-^@M-^Pcompatible format and print an OpenSSH compatible private
80 (or public) key to stdout. ssh-keygen also reads the `SECSH 79 (or public) key to stdout. ^[[1msshM-bM-^@M-^Pkeygen ^[[22malso reads the M-bM-^@M-^XSECSH
81 Public Key File Format'. This option allows importing keys from 80 Public Key File FormatM-bM-^@M-^Y. This option allows importing keys from
82 several commercial SSH implementations. 81 several commercial SSH implementations.
83 82
84 -l Show fingerprint of specified public key file. Private RSA1 keys 83 ^[[1mM-bMM-^Rl ^[[22mShow fingerprint of specified public key file. Private RSA1 keys
85 are also supported. For RSA and DSA keys ssh-keygen tries to 84 are also supported. For RSA and DSA keys ^[[1msshM-bM-^@M-^Pkeygen ^[[22mtries to
86 find the matching public key file and prints its fingerprint. 85 find the matching public key file and prints its fingerprint.
87 86
88 -p Requests changing the passphrase of a private key file instead of 87 ^[[1mM-bMM-^Rp ^[[22mRequests changing the passphrase of a private key file instead of
89 creating a new private key. The program will prompt for the file 88 creating a new private key. The program will prompt for the file
90 containing the private key, for the old passphrase, and twice for 89 containing the private key, for the old passphrase, and twice for
91 the new passphrase. 90 the new passphrase.
92 91
93 -q Silence ssh-keygen. Used by /etc/rc when creating a new key. 92 ^[[1mM-bMM-^Rq ^[[22mSilence ^[[1msshM-bM-^@M-^Pkeygen^[[22m. Used by ^[[4m/etc/rc^[[24m when creating a new key.
94 93
95 -y This option will read a private OpenSSH format file and print an 94 ^[[1mM-bMM-^Ry ^[[22mThis option will read a private OpenSSH format file and print an
96 OpenSSH public key to stdout. 95 OpenSSH public key to stdout.
97 96
98 -t type 97 ^[[1mM-bMM-^Rt ^[[4m^[[22mtype^[[0m
99 Specifies the type of the key to create. The possible values are 98 Specifies the type of the key to create. The possible values are
100 ``rsa1'' for protocol version 1 and ``rsa'' or ``dsa'' for protoM-- 99 M-bM-^@M-^\rsa1M-bM-^@M-^] for protocol version 1 and M-bM-^@M-^\rsaM-bM-^@M-^] or M-bM-^@M-^\dsaM-bM-^@M-^] for protocol
101 col version 2. 100 version 2.
102 101
103 -B Show the bubblebabble digest of specified private or public key 102 ^[[1mM-bMM-^RB ^[[22mShow the bubblebabble digest of specified private or public key
104 file. 103 file.
105 104
106 -C comment 105 ^[[1mM-bMM-^RC ^[[4m^[[22mcomment^[[0m
107 Provides the new comment. 106 Provides the new comment.
108 107
109 -D reader 108 ^[[1mM-bMM-^RD ^[[4m^[[22mreader^[[0m
110 Download the RSA public key stored in the smartcard in reader. 109 Download the RSA public key stored in the smartcard in ^[[4mreader^[[24m.
111 110
112 -N new_passphrase 111 ^[[1mM-bMM-^RN ^[[4m^[[22mnew_passphrase^[[0m
113 Provides the new passphrase. 112 Provides the new passphrase.
114 113
115 -P passphrase 114 ^[[1mM-bMM-^RP ^[[4m^[[22mpassphrase^[[0m
116 Provides the (old) passphrase. 115 Provides the (old) passphrase.
117 116
118 -U reader 117 ^[[1mM-bMM-^RU ^[[4m^[[22mreader^[[0m
119 Upload an existing RSA private key into the smartcard in reader. 118 Upload an existing RSA private key into the smartcard in ^[[4mreader^[[24m.
120 119
121FILES 120^[[1mFILES^[[0m
122 $HOME/.ssh/identity 121 $HOME/.ssh/identity
123 Contains the protocol version 1 RSA authentication identity of 122 Contains the protocol version 1 RSA authentication identity of
124 the user. This file should not be readable by anyone but the 123 the user. This file should not be readable by anyone but the
125 user. It is possible to specify a passphrase when generating the 124 user. It is possible to specify a passphrase when generating the
126 key; that passphrase will be used to encrypt the private part of 125 key; that passphrase will be used to encrypt the private part of
127 this file using 3DES. This file is not automatically accessed by 126 this file using 3DES. This file is not automatically accessed by
128 ssh-keygen but it is offered as the default file for the private 127 ^[[1msshM-bM-^@M-^Pkeygen ^[[22mbut it is offered as the default file for the private
129 key. ssh(1) will read this file when a login attempt is made. 128 key. ssh(1) will read this file when a login attempt is made.
130 129
131 $HOME/.ssh/identity.pub 130 $HOME/.ssh/identity.pub
132 Contains the protocol version 1 RSA public key for authenticaM-- 131 Contains the protocol version 1 RSA public key for authenticaM-bM-^@M-^P
133 tion. The contents of this file should be added to 132 tion. The contents of this file should be added to
134 $HOME/.ssh/authorized_keys on all machines where the user wishes 133 ^[[4m$HOME/.ssh/authorized_keys^[[24m on all machines where the user wishes
135 to log in using RSA authentication. There is no need to keep the 134 to log in using RSA authentication. There is no need to keep the
136 contents of this file secret. 135 contents of this file secret.
137 136
@@ -141,13 +140,13 @@ FILES
141 user. It is possible to specify a passphrase when generating the 140 user. It is possible to specify a passphrase when generating the
142 key; that passphrase will be used to encrypt the private part of 141 key; that passphrase will be used to encrypt the private part of
143 this file using 3DES. This file is not automatically accessed by 142 this file using 3DES. This file is not automatically accessed by
144 ssh-keygen but it is offered as the default file for the private 143 ^[[1msshM-bM-^@M-^Pkeygen ^[[22mbut it is offered as the default file for the private
145 key. ssh(1) will read this file when a login attempt is made. 144 key. ssh(1) will read this file when a login attempt is made.
146 145
147 $HOME/.ssh/id_dsa.pub 146 $HOME/.ssh/id_dsa.pub
148 Contains the protocol version 2 DSA public key for authenticaM-- 147 Contains the protocol version 2 DSA public key for authenticaM-bM-^@M-^P
149 tion. The contents of this file should be added to 148 tion. The contents of this file should be added to
150 $HOME/.ssh/authorized_keys on all machines where the user wishes 149 ^[[4m$HOME/.ssh/authorized_keys^[[24m on all machines where the user wishes
151 to log in using public key authentication. There is no need to 150 to log in using public key authentication. There is no need to
152 keep the contents of this file secret. 151 keep the contents of this file secret.
153 152
@@ -157,27 +156,27 @@ FILES
157 user. It is possible to specify a passphrase when generating the 156 user. It is possible to specify a passphrase when generating the
158 key; that passphrase will be used to encrypt the private part of 157 key; that passphrase will be used to encrypt the private part of
159 this file using 3DES. This file is not automatically accessed by 158 this file using 3DES. This file is not automatically accessed by
160 ssh-keygen but it is offered as the default file for the private 159 ^[[1msshM-bM-^@M-^Pkeygen ^[[22mbut it is offered as the default file for the private
161 key. ssh(1) will read this file when a login attempt is made. 160 key. ssh(1) will read this file when a login attempt is made.
162 161
163 $HOME/.ssh/id_rsa.pub 162 $HOME/.ssh/id_rsa.pub
164 Contains the protocol version 2 RSA public key for authenticaM-- 163 Contains the protocol version 2 RSA public key for authenticaM-bM-^@M-^P
165 tion. The contents of this file should be added to 164 tion. The contents of this file should be added to
166 $HOME/.ssh/authorized_keys on all machines where the user wishes 165 ^[[4m$HOME/.ssh/authorized_keys^[[24m on all machines where the user wishes
167 to log in using public key authentication. There is no need to 166 to log in using public key authentication. There is no need to
168 keep the contents of this file secret. 167 keep the contents of this file secret.
169 168
170AUTHORS 169^[[1mAUTHORS^[[0m
171 OpenSSH is a derivative of the original and free ssh 1.2.12 release by 170 OpenSSH is a derivative of the original and free ssh 1.2.12 release by
172 Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo 171 Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
173 de Raadt and Dug Song removed many bugs, re-added newer features and creM-- 172 de Raadt and Dug Song removed many bugs, reM-bM-^@M-^Padded newer features and creM-bM-^@M-^P
174 ated OpenSSH. Markus Friedl contributed the support for SSH protocol 173 ated OpenSSH. Markus Friedl contributed the support for SSH protocol
175 versions 1.5 and 2.0. 174 versions 1.5 and 2.0.
176 175
177SEE ALSO 176^[[1mSEE ALSO^[[0m
178 ssh(1), ssh-add(1), ssh-agent(1), sshd(8) 177 ssh(1), sshM-bM-^@M-^Padd(1), sshM-bM-^@M-^Pagent(1), sshd(8)
179 178
180 J. Galbraith and R. Thayer, SECSH Public Key File Format, draft-ietf- 179 J. Galbraith and R. Thayer, ^[[4mSECSH^[[24m ^[[4mPublic^[[24m ^[[4mKey^[[24m ^[[4mFile^[[24m ^[[4mFormat^[[24m, draftM-bM-^@M-^PietfM-bM-^@M-^P
181 secsh-publickeyfile-01.txt, March 2001, work in progress material. 180 secshM-bM-^@M-^PpublickeyfileM-bM-^@M-^P01.txt, March 2001, work in progress material.
182 181
183BSD September 25, 1999 BSD 182BSD September 25, 1999 BSD
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-29 05:47:32 +0000