diff options
Diffstat (limited to 'ssh-keygen.0')
-rw-r--r-- | ssh-keygen.0 | 60 |
1 files changed, 30 insertions, 30 deletions
diff --git a/ssh-keygen.0 b/ssh-keygen.0 index 2db957554..ff3848cfd 100644 --- a/ssh-keygen.0 +++ b/ssh-keygen.0 | |||
@@ -1,4 +1,4 @@ | |||
1 | SSH-KEYGEN(1) BSD General Commands Manual SSH-KEYGEN(1) | 1 | SSH-KEYGEN(1) OpenBSD Reference Manual SSH-KEYGEN(1) |
2 | 2 | ||
3 | NAME | 3 | NAME |
4 | ssh-keygen - authentication key generation, management and conversion | 4 | ssh-keygen - authentication key generation, management and conversion |
@@ -35,17 +35,17 @@ DESCRIPTION | |||
35 | 35 | ||
36 | Normally this program generates the key and asks for a file in which to | 36 | Normally this program generates the key and asks for a file in which to |
37 | store the private key. The public key is stored in a file with the same | 37 | store the private key. The public key is stored in a file with the same |
38 | name but M-bM-^@M-^\.pubM-bM-^@M-^] appended. The program also asks for a passphrase. The | 38 | name but ``.pub'' appended. The program also asks for a passphrase. The |
39 | passphrase may be empty to indicate no passphrase (host keys must have an | 39 | passphrase may be empty to indicate no passphrase (host keys must have an |
40 | empty passphrase), or it may be a string of arbitrary length. A | 40 | empty passphrase), or it may be a string of arbitrary length. A |
41 | passphrase is similar to a password, except it can be a phrase with a | 41 | passphrase is similar to a password, except it can be a phrase with a se- |
42 | series of words, punctuation, numbers, whitespace, or any string of char- | 42 | ries of words, punctuation, numbers, whitespace, or any string of charac- |
43 | acters you want. Good passphrases are 10-30 characters long, are not | 43 | ters you want. Good passphrases are 10-30 characters long, are not sim- |
44 | simple sentences or otherwise easily guessable (English prose has only | 44 | ple sentences or otherwise easily guessable (English prose has only 1-2 |
45 | 1-2 bits of entropy per character, and provides very bad passphrases), | 45 | bits of entropy per character, and provides very bad passphrases), and |
46 | and contain a mix of upper and lowercase letters, numbers, and non- | 46 | contain a mix of upper and lowercase letters, numbers, and non-alphanu- |
47 | alphanumeric characters. The passphrase can be changed later by using | 47 | meric characters. The passphrase can be changed later by using the -p |
48 | the -p option. | 48 | option. |
49 | 49 | ||
50 | There is no way to recover a lost passphrase. If the passphrase is lost | 50 | There is no way to recover a lost passphrase. If the passphrase is lost |
51 | or forgotten, a new key must be generated and copied to the corresponding | 51 | or forgotten, a new key must be generated and copied to the corresponding |
@@ -54,8 +54,8 @@ DESCRIPTION | |||
54 | For RSA1 keys, there is also a comment field in the key file that is only | 54 | For RSA1 keys, there is also a comment field in the key file that is only |
55 | for convenience to the user to help identify the key. The comment can | 55 | for convenience to the user to help identify the key. The comment can |
56 | tell what the key is for, or whatever is useful. The comment is initial- | 56 | tell what the key is for, or whatever is useful. The comment is initial- |
57 | ized to M-bM-^@M-^\user@hostM-bM-^@M-^] when the key is created, but can be changed using the | 57 | ized to ``user@host'' when the key is created, but can be changed using |
58 | -c option. | 58 | the -c option. |
59 | 59 | ||
60 | After a key is generated, instructions below detail where the keys should | 60 | After a key is generated, instructions below detail where the keys should |
61 | be placed to be activated. | 61 | be placed to be activated. |
@@ -77,7 +77,7 @@ DESCRIPTION | |||
77 | the passphrase if the key has one, and for the new comment. | 77 | the passphrase if the key has one, and for the new comment. |
78 | 78 | ||
79 | -e This option will read a private or public OpenSSH key file and | 79 | -e This option will read a private or public OpenSSH key file and |
80 | print the key in a M-bM-^@M-^XSECSH Public Key File FormatM-bM-^@M-^Y to stdout. | 80 | print the key in a `SECSH Public Key File Format' to stdout. |
81 | This option allows exporting keys for use by several commercial | 81 | This option allows exporting keys for use by several commercial |
82 | SSH implementations. | 82 | SSH implementations. |
83 | 83 | ||
@@ -88,8 +88,8 @@ DESCRIPTION | |||
88 | 88 | ||
89 | -i This option will read an unencrypted private (or public) key file | 89 | -i This option will read an unencrypted private (or public) key file |
90 | in SSH2-compatible format and print an OpenSSH compatible private | 90 | in SSH2-compatible format and print an OpenSSH compatible private |
91 | (or public) key to stdout. ssh-keygen also reads the M-bM-^@M-^XSECSH | 91 | (or public) key to stdout. ssh-keygen also reads the `SECSH |
92 | Public Key File FormatM-bM-^@M-^Y. This option allows importing keys from | 92 | Public Key File Format'. This option allows importing keys from |
93 | several commercial SSH implementations. | 93 | several commercial SSH implementations. |
94 | 94 | ||
95 | -l Show fingerprint of specified public key file. Private RSA1 keys | 95 | -l Show fingerprint of specified public key file. Private RSA1 keys |
@@ -108,8 +108,8 @@ DESCRIPTION | |||
108 | 108 | ||
109 | -t type | 109 | -t type |
110 | Specifies the type of the key to create. The possible values are | 110 | Specifies the type of the key to create. The possible values are |
111 | M-bM-^@M-^\rsa1M-bM-^@M-^] for protocol version 1 and M-bM-^@M-^\rsaM-bM-^@M-^] or M-bM-^@M-^\dsaM-bM-^@M-^] for protocol | 111 | ``rsa1'' for protocol version 1 and ``rsa'' or ``dsa'' for proto- |
112 | version 2. | 112 | col version 2. |
113 | 113 | ||
114 | -B Show the bubblebabble digest of specified private or public key | 114 | -B Show the bubblebabble digest of specified private or public key |
115 | file. | 115 | file. |
@@ -155,9 +155,9 @@ DESCRIPTION | |||
155 | MODULI GENERATION | 155 | MODULI GENERATION |
156 | ssh-keygen may be used to generate groups for the Diffie-Hellman Group | 156 | ssh-keygen may be used to generate groups for the Diffie-Hellman Group |
157 | Exchange (DH-GEX) protocol. Generating these groups is a two-step pro- | 157 | Exchange (DH-GEX) protocol. Generating these groups is a two-step pro- |
158 | cess: first, candidate primes are generated using a fast, but memory | 158 | cess: first, candidate primes are generated using a fast, but memory in- |
159 | intensive process. These candidate primes are then tested for suitabil- | 159 | tensive process. These candidate primes are then tested for suitability |
160 | ity (a CPU-intensive process). | 160 | (a CPU-intensive process). |
161 | 161 | ||
162 | Generation of primes is performed using the -G option. The desired | 162 | Generation of primes is performed using the -G option. The desired |
163 | length of the primes may be specified by the -b option. For example: | 163 | length of the primes may be specified by the -b option. For example: |
@@ -188,8 +188,8 @@ MODULI GENERATION | |||
188 | FILES | 188 | FILES |
189 | $HOME/.ssh/identity | 189 | $HOME/.ssh/identity |
190 | Contains the protocol version 1 RSA authentication identity of | 190 | Contains the protocol version 1 RSA authentication identity of |
191 | the user. This file should not be readable by anyone but the | 191 | the user. This file should not be readable by anyone but the us- |
192 | user. It is possible to specify a passphrase when generating the | 192 | er. It is possible to specify a passphrase when generating the |
193 | key; that passphrase will be used to encrypt the private part of | 193 | key; that passphrase will be used to encrypt the private part of |
194 | this file using 3DES. This file is not automatically accessed by | 194 | this file using 3DES. This file is not automatically accessed by |
195 | ssh-keygen but it is offered as the default file for the private | 195 | ssh-keygen but it is offered as the default file for the private |
@@ -204,8 +204,8 @@ FILES | |||
204 | 204 | ||
205 | $HOME/.ssh/id_dsa | 205 | $HOME/.ssh/id_dsa |
206 | Contains the protocol version 2 DSA authentication identity of | 206 | Contains the protocol version 2 DSA authentication identity of |
207 | the user. This file should not be readable by anyone but the | 207 | the user. This file should not be readable by anyone but the us- |
208 | user. It is possible to specify a passphrase when generating the | 208 | er. It is possible to specify a passphrase when generating the |
209 | key; that passphrase will be used to encrypt the private part of | 209 | key; that passphrase will be used to encrypt the private part of |
210 | this file using 3DES. This file is not automatically accessed by | 210 | this file using 3DES. This file is not automatically accessed by |
211 | ssh-keygen but it is offered as the default file for the private | 211 | ssh-keygen but it is offered as the default file for the private |
@@ -220,8 +220,8 @@ FILES | |||
220 | 220 | ||
221 | $HOME/.ssh/id_rsa | 221 | $HOME/.ssh/id_rsa |
222 | Contains the protocol version 2 RSA authentication identity of | 222 | Contains the protocol version 2 RSA authentication identity of |
223 | the user. This file should not be readable by anyone but the | 223 | the user. This file should not be readable by anyone but the us- |
224 | user. It is possible to specify a passphrase when generating the | 224 | er. It is possible to specify a passphrase when generating the |
225 | key; that passphrase will be used to encrypt the private part of | 225 | key; that passphrase will be used to encrypt the private part of |
226 | this file using 3DES. This file is not automatically accessed by | 226 | this file using 3DES. This file is not automatically accessed by |
227 | ssh-keygen but it is offered as the default file for the private | 227 | ssh-keygen but it is offered as the default file for the private |
@@ -241,14 +241,14 @@ FILES | |||
241 | SEE ALSO | 241 | SEE ALSO |
242 | ssh(1), ssh-add(1), ssh-agent(1), moduli(5), sshd(8) | 242 | ssh(1), ssh-add(1), ssh-agent(1), moduli(5), sshd(8) |
243 | 243 | ||
244 | J. Galbraith and R. Thayer, SECSH Public Key File Format, draft-ietf- | 244 | J. Galbraith, and R. Thayer, SECSH Public Key File Format, draft-ietf- |
245 | secsh-publickeyfile-01.txt, March 2001, work in progress material. | 245 | secsh-publickeyfile-01.txt, March 2001, work in progress material. |
246 | 246 | ||
247 | AUTHORS | 247 | AUTHORS |
248 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by | 248 | OpenSSH is a derivative of the original and free ssh 1.2.12 release by |
249 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo | 249 | Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo |
250 | de Raadt and Dug Song removed many bugs, re-added newer features and cre- | 250 | de Raadt and Dug Song removed many bugs, re-added newer features and |
251 | ated OpenSSH. Markus Friedl contributed the support for SSH protocol | 251 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
252 | versions 1.5 and 2.0. | 252 | versions 1.5 and 2.0. |
253 | 253 | ||
254 | BSD September 25, 1999 BSD | 254 | OpenBSD 3.4 September 25, 1999 4 |