summaryrefslogtreecommitdiff
path: root/ssh-keygen.0
diff options
context:
space:
mode:
Diffstat (limited to 'ssh-keygen.0')
-rw-r--r--ssh-keygen.021
1 files changed, 16 insertions, 5 deletions
diff --git a/ssh-keygen.0 b/ssh-keygen.0
index a01b30db0..6c1763d4d 100644
--- a/ssh-keygen.0
+++ b/ssh-keygen.0
@@ -24,6 +24,7 @@ SYNOPSIS
24 ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals] 24 ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals]
25 [-O option] [-V validity_interval] [-z serial_number] file ... 25 [-O option] [-V validity_interval] [-z serial_number] file ...
26 ssh-keygen -L [-f input_keyfile] 26 ssh-keygen -L [-f input_keyfile]
27 ssh-keygen -A
27 28
28DESCRIPTION 29DESCRIPTION
29 ssh-keygen generates, manages and converts authentication keys for 30 ssh-keygen generates, manages and converts authentication keys for
@@ -57,8 +58,8 @@ DESCRIPTION
57 the -p option. 58 the -p option.
58 59
59 There is no way to recover a lost passphrase. If the passphrase is lost 60 There is no way to recover a lost passphrase. If the passphrase is lost
60 or forgotten, a new key must be generated and copied to the corresponding 61 or forgotten, a new key must be generated and the corresponding public
61 public key to other machines. 62 key copied to other machines.
62 63
63 For RSA1 keys, there is also a comment field in the key file that is only 64 For RSA1 keys, there is also a comment field in the key file that is only
64 for convenience to the user to help identify the key. The comment can 65 for convenience to the user to help identify the key. The comment can
@@ -71,6 +72,12 @@ DESCRIPTION
71 72
72 The options are as follows: 73 The options are as follows:
73 74
75 -A For each of the key types (rsa1, rsa, dsa and ecdsa) for which
76 host keys do not exist, generate the host keys with the default
77 key file path, an empty passphrase, default bits for the key
78 type, and default comment. This is used by /etc/rc to generate
79 new host keys.
80
74 -a trials 81 -a trials
75 Specifies the number of primality tests to perform when screening 82 Specifies the number of primality tests to perform when screening
76 DH-GEX candidates using the -T command. 83 DH-GEX candidates using the -T command.
@@ -82,7 +89,11 @@ DESCRIPTION
82 Specifies the number of bits in the key to create. For RSA keys, 89 Specifies the number of bits in the key to create. For RSA keys,
83 the minimum size is 768 bits and the default is 2048 bits. 90 the minimum size is 768 bits and the default is 2048 bits.
84 Generally, 2048 bits is considered sufficient. DSA keys must be 91 Generally, 2048 bits is considered sufficient. DSA keys must be
85 exactly 1024 bits as specified by FIPS 186-2. 92 exactly 1024 bits as specified by FIPS 186-2. For ECDSA keys,
93 the -b flag determines they key length by selecting from one of
94 three elliptic curve sizes: 256, 384 or 521 bits. Attempting to
95 use bit lengths other than these three values for ECDSA keys will
96 fail.
86 97
87 -C comment 98 -C comment
88 Provides a new comment. 99 Provides a new comment.
@@ -231,7 +242,7 @@ DESCRIPTION
231 containing the private key, for the old passphrase, and twice for 242 containing the private key, for the old passphrase, and twice for
232 the new passphrase. 243 the new passphrase.
233 244
234 -q Silence ssh-keygen. Used by /etc/rc when creating a new key. 245 -q Silence ssh-keygen.
235 246
236 -R hostname 247 -R hostname
237 Removes all keys belonging to hostname from a known_hosts file. 248 Removes all keys belonging to hostname from a known_hosts file.
@@ -440,4 +451,4 @@ AUTHORS
440 created OpenSSH. Markus Friedl contributed the support for SSH protocol 451 created OpenSSH. Markus Friedl contributed the support for SSH protocol
441 versions 1.5 and 2.0. 452 versions 1.5 and 2.0.
442 453
443OpenBSD 4.9 October 28, 2010 OpenBSD 4.9 454OpenBSD 5.0 April 13, 2011 OpenBSD 5.0
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-29 06:02:02 +0000