summaryrefslogtreecommitdiff
path: root/ssh-keygen.0
diff options
context:
space:
mode:
Diffstat (limited to 'ssh-keygen.0')
-rw-r--r--ssh-keygen.0569
1 files changed, 569 insertions, 0 deletions
diff --git a/ssh-keygen.0 b/ssh-keygen.0
new file mode 100644
index 000000000..2b749ae9f
--- /dev/null
+++ b/ssh-keygen.0
@@ -0,0 +1,569 @@
1SSH-KEYGEN(1) General Commands Manual SSH-KEYGEN(1)
2
3NAME
4 ssh-keygen M-bM-^@M-^S authentication key generation, management and conversion
5
6SYNOPSIS
7 ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1]
8 [-N new_passphrase] [-C comment] [-f output_keyfile]
9 ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]
10 ssh-keygen -i [-m key_format] [-f input_keyfile]
11 ssh-keygen -e [-m key_format] [-f input_keyfile]
12 ssh-keygen -y [-f input_keyfile]
13 ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]
14 ssh-keygen -l [-v] [-E fingerprint_hash] [-f input_keyfile]
15 ssh-keygen -B [-f input_keyfile]
16 ssh-keygen -D pkcs11
17 ssh-keygen -F hostname [-f known_hosts_file] [-l]
18 ssh-keygen -H [-f known_hosts_file]
19 ssh-keygen -R hostname [-f known_hosts_file]
20 ssh-keygen -r hostname [-f input_keyfile] [-g]
21 ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point]
22 ssh-keygen -T output_file -f input_file [-v] [-a rounds] [-J num_lines]
23 [-j start_line] [-K checkpt] [-W generator]
24 ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals]
25 [-O option] [-V validity_interval] [-z serial_number] file ...
26 ssh-keygen -L [-f input_keyfile]
27 ssh-keygen -A
28 ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number]
29 file ...
30 ssh-keygen -Q -f krl_file file ...
31
32DESCRIPTION
33 ssh-keygen generates, manages and converts authentication keys for
34 ssh(1). ssh-keygen can create keys for use by SSH protocol versions 1
35 and 2. Protocol 1 should not be used and is only offered to support
36 legacy devices. It suffers from a number of cryptographic weaknesses and
37 doesn't support many of the advanced features available for protocol 2.
38
39 The type of key to be generated is specified with the -t option. If
40 invoked without any arguments, ssh-keygen will generate an RSA key for
41 use in SSH protocol 2 connections.
42
43 ssh-keygen is also used to generate groups for use in Diffie-Hellman
44 group exchange (DH-GEX). See the MODULI GENERATION section for details.
45
46 Finally, ssh-keygen can be used to generate and update Key Revocation
47 Lists, and to test whether given keys have been revoked by one. See the
48 KEY REVOCATION LISTS section for details.
49
50 Normally each user wishing to use SSH with public key authentication runs
51 this once to create the authentication key in ~/.ssh/identity,
52 ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519 or ~/.ssh/id_rsa.
53 Additionally, the system administrator may use this to generate host
54 keys, as seen in /etc/rc.
55
56 Normally this program generates the key and asks for a file in which to
57 store the private key. The public key is stored in a file with the same
58 name but M-bM-^@M-^\.pubM-bM-^@M-^] appended. The program also asks for a passphrase. The
59 passphrase may be empty to indicate no passphrase (host keys must have an
60 empty passphrase), or it may be a string of arbitrary length. A
61 passphrase is similar to a password, except it can be a phrase with a
62 series of words, punctuation, numbers, whitespace, or any string of
63 characters you want. Good passphrases are 10-30 characters long, are not
64 simple sentences or otherwise easily guessable (English prose has only
65 1-2 bits of entropy per character, and provides very bad passphrases),
66 and contain a mix of upper and lowercase letters, numbers, and non-
67 alphanumeric characters. The passphrase can be changed later by using
68 the -p option.
69
70 There is no way to recover a lost passphrase. If the passphrase is lost
71 or forgotten, a new key must be generated and the corresponding public
72 key copied to other machines.
73
74 For RSA1 keys, there is also a comment field in the key file that is only
75 for convenience to the user to help identify the key. The comment can
76 tell what the key is for, or whatever is useful. The comment is
77 initialized to M-bM-^@M-^\user@hostM-bM-^@M-^] when the key is created, but can be changed
78 using the -c option.
79
80 After a key is generated, instructions below detail where the keys should
81 be placed to be activated.
82
83 The options are as follows:
84
85 -A For each of the key types (rsa1, rsa, dsa, ecdsa and ed25519) for
86 which host keys do not exist, generate the host keys with the
87 default key file path, an empty passphrase, default bits for the
88 key type, and default comment. This is used by /etc/rc to
89 generate new host keys.
90
91 -a rounds
92 When saving a new-format private key (i.e. an ed25519 key or any
93 SSH protocol 2 key when the -o flag is set), this option
94 specifies the number of KDF (key derivation function) rounds
95 used. Higher numbers result in slower passphrase verification
96 and increased resistance to brute-force password cracking (should
97 the keys be stolen).
98
99 When screening DH-GEX candidates ( using the -T command). This
100 option specifies the number of primality tests to perform.
101
102 -B Show the bubblebabble digest of specified private or public key
103 file.
104
105 -b bits
106 Specifies the number of bits in the key to create. For RSA keys,
107 the minimum size is 1024 bits and the default is 2048 bits.
108 Generally, 2048 bits is considered sufficient. DSA keys must be
109 exactly 1024 bits as specified by FIPS 186-2. For ECDSA keys,
110 the -b flag determines the key length by selecting from one of
111 three elliptic curve sizes: 256, 384 or 521 bits. Attempting to
112 use bit lengths other than these three values for ECDSA keys will
113 fail. Ed25519 keys have a fixed length and the -b flag will be
114 ignored.
115
116 -C comment
117 Provides a new comment.
118
119 -c Requests changing the comment in the private and public key
120 files. This operation is only supported for RSA1 keys. The
121 program will prompt for the file containing the private keys, for
122 the passphrase if the key has one, and for the new comment.
123
124 -D pkcs11
125 Download the RSA public keys provided by the PKCS#11 shared
126 library pkcs11. When used in combination with -s, this option
127 indicates that a CA key resides in a PKCS#11 token (see the
128 CERTIFICATES section for details).
129
130 -E fingerprint_hash
131 Specifies the hash algorithm used when displaying key
132 fingerprints. Valid options are: M-bM-^@M-^\md5M-bM-^@M-^] and M-bM-^@M-^\sha256M-bM-^@M-^]. The
133 default is M-bM-^@M-^\sha256M-bM-^@M-^].
134
135 -e This option will read a private or public OpenSSH key file and
136 print to stdout the key in one of the formats specified by the -m
137 option. The default export format is M-bM-^@M-^\RFC4716M-bM-^@M-^]. This option
138 allows exporting OpenSSH keys for use by other programs,
139 including several commercial SSH implementations.
140
141 -F hostname
142 Search for the specified hostname in a known_hosts file, listing
143 any occurrences found. This option is useful to find hashed host
144 names or addresses and may also be used in conjunction with the
145 -H option to print found keys in a hashed format.
146
147 -f filename
148 Specifies the filename of the key file.
149
150 -G output_file
151 Generate candidate primes for DH-GEX. These primes must be
152 screened for safety (using the -T option) before use.
153
154 -g Use generic DNS format when printing fingerprint resource records
155 using the -r command.
156
157 -H Hash a known_hosts file. This replaces all hostnames and
158 addresses with hashed representations within the specified file;
159 the original content is moved to a file with a .old suffix.
160 These hashes may be used normally by ssh and sshd, but they do
161 not reveal identifying information should the file's contents be
162 disclosed. This option will not modify existing hashed hostnames
163 and is therefore safe to use on files that mix hashed and non-
164 hashed names.
165
166 -h When signing a key, create a host certificate instead of a user
167 certificate. Please see the CERTIFICATES section for details.
168
169 -I certificate_identity
170 Specify the key identity when signing a public key. Please see
171 the CERTIFICATES section for details.
172
173 -i This option will read an unencrypted private (or public) key file
174 in the format specified by the -m option and print an OpenSSH
175 compatible private (or public) key to stdout. This option allows
176 importing keys from other software, including several commercial
177 SSH implementations. The default import format is M-bM-^@M-^\RFC4716M-bM-^@M-^].
178
179 -J num_lines
180 Exit after screening the specified number of lines while
181 performing DH candidate screening using the -T option.
182
183 -j start_line
184 Start screening at the specified line number while performing DH
185 candidate screening using the -T option.
186
187 -K checkpt
188 Write the last line processed to the file checkpt while
189 performing DH candidate screening using the -T option. This will
190 be used to skip lines in the input file that have already been
191 processed if the job is restarted.
192
193 -k Generate a KRL file. In this mode, ssh-keygen will generate a
194 KRL file at the location specified via the -f flag that revokes
195 every key or certificate presented on the command line.
196 Keys/certificates to be revoked may be specified by public key
197 file or using the format described in the KEY REVOCATION LISTS
198 section.
199
200 -L Prints the contents of one or more certificates.
201
202 -l Show fingerprint of specified public key file. Private RSA1 keys
203 are also supported. For RSA and DSA keys ssh-keygen tries to
204 find the matching public key file and prints its fingerprint. If
205 combined with -v, an ASCII art representation of the key is
206 supplied with the fingerprint.
207
208 -M memory
209 Specify the amount of memory to use (in megabytes) when
210 generating candidate moduli for DH-GEX.
211
212 -m key_format
213 Specify a key format for the -i (import) or -e (export)
214 conversion options. The supported key formats are: M-bM-^@M-^\RFC4716M-bM-^@M-^]
215 (RFC 4716/SSH2 public or private key), M-bM-^@M-^\PKCS8M-bM-^@M-^] (PEM PKCS8 public
216 key) or M-bM-^@M-^\PEMM-bM-^@M-^] (PEM public key). The default conversion format is
217 M-bM-^@M-^\RFC4716M-bM-^@M-^].
218
219 -N new_passphrase
220 Provides the new passphrase.
221
222 -n principals
223 Specify one or more principals (user or host names) to be
224 included in a certificate when signing a key. Multiple
225 principals may be specified, separated by commas. Please see the
226 CERTIFICATES section for details.
227
228 -O option
229 Specify a certificate option when signing a key. This option may
230 be specified multiple times. Please see the CERTIFICATES section
231 for details. The options that are valid for user certificates
232 are:
233
234 clear Clear all enabled permissions. This is useful for
235 clearing the default set of permissions so permissions
236 may be added individually.
237
238 force-command=command
239 Forces the execution of command instead of any shell or
240 command specified by the user when the certificate is
241 used for authentication.
242
243 no-agent-forwarding
244 Disable ssh-agent(1) forwarding (permitted by default).
245
246 no-port-forwarding
247 Disable port forwarding (permitted by default).
248
249 no-pty Disable PTY allocation (permitted by default).
250
251 no-user-rc
252 Disable execution of ~/.ssh/rc by sshd(8) (permitted by
253 default).
254
255 no-x11-forwarding
256 Disable X11 forwarding (permitted by default).
257
258 permit-agent-forwarding
259 Allows ssh-agent(1) forwarding.
260
261 permit-port-forwarding
262 Allows port forwarding.
263
264 permit-pty
265 Allows PTY allocation.
266
267 permit-user-rc
268 Allows execution of ~/.ssh/rc by sshd(8).
269
270 permit-x11-forwarding
271 Allows X11 forwarding.
272
273 source-address=address_list
274 Restrict the source addresses from which the certificate
275 is considered valid. The address_list is a comma-
276 separated list of one or more address/netmask pairs in
277 CIDR format.
278
279 At present, no options are valid for host keys.
280
281 -o Causes ssh-keygen to save private keys using the new OpenSSH
282 format rather than the more compatible PEM format. The new
283 format has increased resistance to brute-force password cracking
284 but is not supported by versions of OpenSSH prior to 6.5.
285 Ed25519 keys always use the new private key format.
286
287 -P passphrase
288 Provides the (old) passphrase.
289
290 -p Requests changing the passphrase of a private key file instead of
291 creating a new private key. The program will prompt for the file
292 containing the private key, for the old passphrase, and twice for
293 the new passphrase.
294
295 -Q Test whether keys have been revoked in a KRL.
296
297 -q Silence ssh-keygen.
298
299 -R hostname
300 Removes all keys belonging to hostname from a known_hosts file.
301 This option is useful to delete hashed hosts (see the -H option
302 above).
303
304 -r hostname
305 Print the SSHFP fingerprint resource record named hostname for
306 the specified public key file.
307
308 -S start
309 Specify start point (in hex) when generating candidate moduli for
310 DH-GEX.
311
312 -s ca_key
313 Certify (sign) a public key using the specified CA key. Please
314 see the CERTIFICATES section for details.
315
316 When generating a KRL, -s specifies a path to a CA public key
317 file used to revoke certificates directly by key ID or serial
318 number. See the KEY REVOCATION LISTS section for details.
319
320 -T output_file
321 Test DH group exchange candidate primes (generated using the -G
322 option) for safety.
323
324 -t dsa | ecdsa | ed25519 | rsa | rsa1
325 Specifies the type of key to create. The possible values are
326 M-bM-^@M-^\rsa1M-bM-^@M-^] for protocol version 1 and M-bM-^@M-^\dsaM-bM-^@M-^], M-bM-^@M-^\ecdsaM-bM-^@M-^], M-bM-^@M-^\ed25519M-bM-^@M-^], or
327 M-bM-^@M-^\rsaM-bM-^@M-^] for protocol version 2.
328
329 -u Update a KRL. When specified with -k, keys listed via the
330 command line are added to the existing KRL rather than a new KRL
331 being created.
332
333 -V validity_interval
334 Specify a validity interval when signing a certificate. A
335 validity interval may consist of a single time, indicating that
336 the certificate is valid beginning now and expiring at that time,
337 or may consist of two times separated by a colon to indicate an
338 explicit time interval. The start time may be specified as a
339 date in YYYYMMDD format, a time in YYYYMMDDHHMMSS format or a
340 relative time (to the current time) consisting of a minus sign
341 followed by a relative time in the format described in the TIME
342 FORMATS section of sshd_config(5). The end time may be specified
343 as a YYYYMMDD date, a YYYYMMDDHHMMSS time or a relative time
344 starting with a plus character.
345
346 For example: M-bM-^@M-^\+52w1dM-bM-^@M-^] (valid from now to 52 weeks and one day
347 from now), M-bM-^@M-^\-4w:+4wM-bM-^@M-^] (valid from four weeks ago to four weeks
348 from now), M-bM-^@M-^\20100101123000:20110101123000M-bM-^@M-^] (valid from 12:30 PM,
349 January 1st, 2010 to 12:30 PM, January 1st, 2011), M-bM-^@M-^\-1d:20110101M-bM-^@M-^]
350 (valid from yesterday to midnight, January 1st, 2011).
351
352 -v Verbose mode. Causes ssh-keygen to print debugging messages
353 about its progress. This is helpful for debugging moduli
354 generation. Multiple -v options increase the verbosity. The
355 maximum is 3.
356
357 -W generator
358 Specify desired generator when testing candidate moduli for DH-
359 GEX.
360
361 -y This option will read a private OpenSSH format file and print an
362 OpenSSH public key to stdout.
363
364 -z serial_number
365 Specifies a serial number to be embedded in the certificate to
366 distinguish this certificate from others from the same CA. The
367 default serial number is zero.
368
369 When generating a KRL, the -z flag is used to specify a KRL
370 version number.
371
372MODULI GENERATION
373 ssh-keygen may be used to generate groups for the Diffie-Hellman Group
374 Exchange (DH-GEX) protocol. Generating these groups is a two-step
375 process: first, candidate primes are generated using a fast, but memory
376 intensive process. These candidate primes are then tested for
377 suitability (a CPU-intensive process).
378
379 Generation of primes is performed using the -G option. The desired
380 length of the primes may be specified by the -b option. For example:
381
382 # ssh-keygen -G moduli-2048.candidates -b 2048
383
384 By default, the search for primes begins at a random point in the desired
385 length range. This may be overridden using the -S option, which
386 specifies a different start point (in hex).
387
388 Once a set of candidates have been generated, they must be screened for
389 suitability. This may be performed using the -T option. In this mode
390 ssh-keygen will read candidates from standard input (or a file specified
391 using the -f option). For example:
392
393 # ssh-keygen -T moduli-2048 -f moduli-2048.candidates
394
395 By default, each candidate will be subjected to 100 primality tests.
396 This may be overridden using the -a option. The DH generator value will
397 be chosen automatically for the prime under consideration. If a specific
398 generator is desired, it may be requested using the -W option. Valid
399 generator values are 2, 3, and 5.
400
401 Screened DH groups may be installed in /etc/moduli. It is important that
402 this file contains moduli of a range of bit lengths and that both ends of
403 a connection share common moduli.
404
405CERTIFICATES
406 ssh-keygen supports signing of keys to produce certificates that may be
407 used for user or host authentication. Certificates consist of a public
408 key, some identity information, zero or more principal (user or host)
409 names and a set of options that are signed by a Certification Authority
410 (CA) key. Clients or servers may then trust only the CA key and verify
411 its signature on a certificate rather than trusting many user/host keys.
412 Note that OpenSSH certificates are a different, and much simpler, format
413 to the X.509 certificates used in ssl(8).
414
415 ssh-keygen supports two types of certificates: user and host. User
416 certificates authenticate users to servers, whereas host certificates
417 authenticate server hosts to users. To generate a user certificate:
418
419 $ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub
420
421 The resultant certificate will be placed in /path/to/user_key-cert.pub.
422 A host certificate requires the -h option:
423
424 $ ssh-keygen -s /path/to/ca_key -I key_id -h /path/to/host_key.pub
425
426 The host certificate will be output to /path/to/host_key-cert.pub.
427
428 It is possible to sign using a CA key stored in a PKCS#11 token by
429 providing the token library using -D and identifying the CA key by
430 providing its public half as an argument to -s:
431
432 $ ssh-keygen -s ca_key.pub -D libpkcs11.so -I key_id user_key.pub
433
434 In all cases, key_id is a "key identifier" that is logged by the server
435 when the certificate is used for authentication.
436
437 Certificates may be limited to be valid for a set of principal
438 (user/host) names. By default, generated certificates are valid for all
439 users or hosts. To generate a certificate for a specified set of
440 principals:
441
442 $ ssh-keygen -s ca_key -I key_id -n user1,user2 user_key.pub
443 $ ssh-keygen -s ca_key -I key_id -h -n host.domain host_key.pub
444
445 Additional limitations on the validity and use of user certificates may
446 be specified through certificate options. A certificate option may
447 disable features of the SSH session, may be valid only when presented
448 from particular source addresses or may force the use of a specific
449 command. For a list of valid certificate options, see the documentation
450 for the -O option above.
451
452 Finally, certificates may be defined with a validity lifetime. The -V
453 option allows specification of certificate start and end times. A
454 certificate that is presented at a time outside this range will not be
455 considered valid. By default, certificates are valid from UNIX Epoch to
456 the distant future.
457
458 For certificates to be used for user or host authentication, the CA
459 public key must be trusted by sshd(8) or ssh(1). Please refer to those
460 manual pages for details.
461
462KEY REVOCATION LISTS
463 ssh-keygen is able to manage OpenSSH format Key Revocation Lists (KRLs).
464 These binary files specify keys or certificates to be revoked using a
465 compact format, taking as little as one bit per certificate if they are
466 being revoked by serial number.
467
468 KRLs may be generated using the -k flag. This option reads one or more
469 files from the command line and generates a new KRL. The files may
470 either contain a KRL specification (see below) or public keys, listed one
471 per line. Plain public keys are revoked by listing their hash or
472 contents in the KRL and certificates revoked by serial number or key ID
473 (if the serial is zero or not available).
474
475 Revoking keys using a KRL specification offers explicit control over the
476 types of record used to revoke keys and may be used to directly revoke
477 certificates by serial number or key ID without having the complete
478 original certificate on hand. A KRL specification consists of lines
479 containing one of the following directives followed by a colon and some
480 directive-specific information.
481
482 serial: serial_number[-serial_number]
483 Revokes a certificate with the specified serial number. Serial
484 numbers are 64-bit values, not including zero and may be
485 expressed in decimal, hex or octal. If two serial numbers are
486 specified separated by a hyphen, then the range of serial numbers
487 including and between each is revoked. The CA key must have been
488 specified on the ssh-keygen command line using the -s option.
489
490 id: key_id
491 Revokes a certificate with the specified key ID string. The CA
492 key must have been specified on the ssh-keygen command line using
493 the -s option.
494
495 key: public_key
496 Revokes the specified key. If a certificate is listed, then it
497 is revoked as a plain public key.
498
499 sha1: public_key
500 Revokes the specified key by its SHA1 hash.
501
502 KRLs may be updated using the -u flag in addition to -k. When this
503 option is specified, keys listed via the command line are merged into the
504 KRL, adding to those already there.
505
506 It is also possible, given a KRL, to test whether it revokes a particular
507 key (or keys). The -Q flag will query an existing KRL, testing each key
508 specified on the command line. If any key listed on the command line has
509 been revoked (or an error encountered) then ssh-keygen will exit with a
510 non-zero exit status. A zero exit status will only be returned if no key
511 was revoked.
512
513FILES
514 ~/.ssh/identity
515 Contains the protocol version 1 RSA authentication identity of
516 the user. This file should not be readable by anyone but the
517 user. It is possible to specify a passphrase when generating the
518 key; that passphrase will be used to encrypt the private part of
519 this file using 3DES. This file is not automatically accessed by
520 ssh-keygen but it is offered as the default file for the private
521 key. ssh(1) will read this file when a login attempt is made.
522
523 ~/.ssh/identity.pub
524 Contains the protocol version 1 RSA public key for
525 authentication. The contents of this file should be added to
526 ~/.ssh/authorized_keys on all machines where the user wishes to
527 log in using RSA authentication. There is no need to keep the
528 contents of this file secret.
529
530 ~/.ssh/id_dsa
531 ~/.ssh/id_ecdsa
532 ~/.ssh/id_ed25519
533 ~/.ssh/id_rsa
534 Contains the protocol version 2 DSA, ECDSA, Ed25519 or RSA
535 authentication identity of the user. This file should not be
536 readable by anyone but the user. It is possible to specify a
537 passphrase when generating the key; that passphrase will be used
538 to encrypt the private part of this file using 128-bit AES. This
539 file is not automatically accessed by ssh-keygen but it is
540 offered as the default file for the private key. ssh(1) will
541 read this file when a login attempt is made.
542
543 ~/.ssh/id_dsa.pub
544 ~/.ssh/id_ecdsa.pub
545 ~/.ssh/id_ed25519.pub
546 ~/.ssh/id_rsa.pub
547 Contains the protocol version 2 DSA, ECDSA, Ed25519 or RSA public
548 key for authentication. The contents of this file should be
549 added to ~/.ssh/authorized_keys on all machines where the user
550 wishes to log in using public key authentication. There is no
551 need to keep the contents of this file secret.
552
553 /etc/moduli
554 Contains Diffie-Hellman groups used for DH-GEX. The file format
555 is described in moduli(5).
556
557SEE ALSO
558 ssh(1), ssh-add(1), ssh-agent(1), moduli(5), sshd(8)
559
560 The Secure Shell (SSH) Public Key File Format, RFC 4716, 2006.
561
562AUTHORS
563 OpenSSH is a derivative of the original and free ssh 1.2.12 release by
564 Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
565 de Raadt and Dug Song removed many bugs, re-added newer features and
566 created OpenSSH. Markus Friedl contributed the support for SSH protocol
567 versions 1.5 and 2.0.
568
569OpenBSD 5.9 February 17, 2016 OpenBSD 5.9
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-01 08:57:57 +0000