summaryrefslogtreecommitdiff
path: root/ssh-keygen.1
diff options
context:
space:
mode:
Diffstat (limited to 'ssh-keygen.1')
-rw-r--r--ssh-keygen.148
1 files changed, 19 insertions, 29 deletions
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 9acd8f8c9..205f741b8 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,6 +1,4 @@
1.\" $OpenBSD: ssh-keygen.1,v 1.98 2010/08/04 06:07:11 djm Exp $ 1.\" $OpenBSD: ssh-keygen.1,v 1.101 2010/10/28 18:33:28 jmc Exp $
2.\"
3.\" -*- nroff -*-
4.\" 2.\"
5.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 3.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
6.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -37,7 +35,7 @@
37.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 35.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
38.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 36.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
39.\" 37.\"
40.Dd $Mdocdate: August 4 2010 $ 38.Dd $Mdocdate: October 28 2010 $
41.Dt SSH-KEYGEN 1 39.Dt SSH-KEYGEN 1
42.Os 40.Os
43.Sh NAME 41.Sh NAME
@@ -125,7 +123,7 @@
125generates, manages and converts authentication keys for 123generates, manages and converts authentication keys for
126.Xr ssh 1 . 124.Xr ssh 1 .
127.Nm 125.Nm
128can create RSA keys for use by SSH protocol version 1 and RSA or DSA 126can create RSA keys for use by SSH protocol version 1 and DSA, ECDSA or RSA
129keys for use by SSH protocol version 2. 127keys for use by SSH protocol version 2.
130The type of key to be generated is specified with the 128The type of key to be generated is specified with the
131.Fl t 129.Fl t
@@ -142,9 +140,10 @@ See the
142section for details. 140section for details.
143.Pp 141.Pp
144Normally each user wishing to use SSH 142Normally each user wishing to use SSH
145with RSA or DSA authentication runs this once to create the authentication 143with public key authentication runs this once to create the authentication
146key in 144key in
147.Pa ~/.ssh/identity , 145.Pa ~/.ssh/identity ,
146.Pa ~/.ssh/id_ecdsa ,
148.Pa ~/.ssh/id_dsa 147.Pa ~/.ssh/id_dsa
149or 148or
150.Pa ~/.ssh/id_rsa . 149.Pa ~/.ssh/id_rsa .
@@ -426,9 +425,10 @@ Specifies the type of key to create.
426The possible values are 425The possible values are
427.Dq rsa1 426.Dq rsa1
428for protocol version 1 and 427for protocol version 1 and
429.Dq rsa 428.Dq dsa ,
429.Dq ecdsa
430or 430or
431.Dq dsa 431.Dq rsa
432for protocol version 2. 432for protocol version 2.
433.It Fl V Ar validity_interval 433.It Fl V Ar validity_interval
434Specify a validity interval when signing a certificate. 434Specify a validity interval when signing a certificate.
@@ -605,18 +605,19 @@ or
605.Xr ssh 1 . 605.Xr ssh 1 .
606Please refer to those manual pages for details. 606Please refer to those manual pages for details.
607.Sh FILES 607.Sh FILES
608.Bl -tag -width Ds 608.Bl -tag -width Ds -compact
609.It Pa ~/.ssh/identity 609.It Pa ~/.ssh/identity
610Contains the protocol version 1 RSA authentication identity of the user. 610Contains the protocol version 1 RSA authentication identity of the user.
611This file should not be readable by anyone but the user. 611This file should not be readable by anyone but the user.
612It is possible to 612It is possible to
613specify a passphrase when generating the key; that passphrase will be 613specify a passphrase when generating the key; that passphrase will be
614used to encrypt the private part of this file using 128-bit AES. 614used to encrypt the private part of this file using 3DES.
615This file is not automatically accessed by 615This file is not automatically accessed by
616.Nm 616.Nm
617but it is offered as the default file for the private key. 617but it is offered as the default file for the private key.
618.Xr ssh 1 618.Xr ssh 1
619will read this file when a login attempt is made. 619will read this file when a login attempt is made.
620.Pp
620.It Pa ~/.ssh/identity.pub 621.It Pa ~/.ssh/identity.pub
621Contains the protocol version 1 RSA public key for authentication. 622Contains the protocol version 1 RSA public key for authentication.
622The contents of this file should be added to 623The contents of this file should be added to
@@ -624,26 +625,11 @@ The contents of this file should be added to
624on all machines 625on all machines
625where the user wishes to log in using RSA authentication. 626where the user wishes to log in using RSA authentication.
626There is no need to keep the contents of this file secret. 627There is no need to keep the contents of this file secret.
628.Pp
627.It Pa ~/.ssh/id_dsa 629.It Pa ~/.ssh/id_dsa
628Contains the protocol version 2 DSA authentication identity of the user. 630.It Pa ~/.ssh/id_ecdsa
629This file should not be readable by anyone but the user.
630It is possible to
631specify a passphrase when generating the key; that passphrase will be
632used to encrypt the private part of this file using 128-bit AES.
633This file is not automatically accessed by
634.Nm
635but it is offered as the default file for the private key.
636.Xr ssh 1
637will read this file when a login attempt is made.
638.It Pa ~/.ssh/id_dsa.pub
639Contains the protocol version 2 DSA public key for authentication.
640The contents of this file should be added to
641.Pa ~/.ssh/authorized_keys
642on all machines
643where the user wishes to log in using public key authentication.
644There is no need to keep the contents of this file secret.
645.It Pa ~/.ssh/id_rsa 631.It Pa ~/.ssh/id_rsa
646Contains the protocol version 2 RSA authentication identity of the user. 632Contains the protocol version 2 DSA, ECDSA or RSA authentication identity of the user.
647This file should not be readable by anyone but the user. 633This file should not be readable by anyone but the user.
648It is possible to 634It is possible to
649specify a passphrase when generating the key; that passphrase will be 635specify a passphrase when generating the key; that passphrase will be
@@ -653,13 +639,17 @@ This file is not automatically accessed by
653but it is offered as the default file for the private key. 639but it is offered as the default file for the private key.
654.Xr ssh 1 640.Xr ssh 1
655will read this file when a login attempt is made. 641will read this file when a login attempt is made.
642.Pp
643.It Pa ~/.ssh/id_dsa.pub
644.It Pa ~/.ssh/id_ecdsa.pub
656.It Pa ~/.ssh/id_rsa.pub 645.It Pa ~/.ssh/id_rsa.pub
657Contains the protocol version 2 RSA public key for authentication. 646Contains the protocol version 2 DSA, ECDSA or RSA public key for authentication.
658The contents of this file should be added to 647The contents of this file should be added to
659.Pa ~/.ssh/authorized_keys 648.Pa ~/.ssh/authorized_keys
660on all machines 649on all machines
661where the user wishes to log in using public key authentication. 650where the user wishes to log in using public key authentication.
662There is no need to keep the contents of this file secret. 651There is no need to keep the contents of this file secret.
652.Pp
663.It Pa /etc/moduli 653.It Pa /etc/moduli
664Contains Diffie-Hellman groups used for DH-GEX. 654Contains Diffie-Hellman groups used for DH-GEX.
665The file format is described in 655The file format is described in