1 files changed, 18 insertions, 8 deletions
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 689db22ff..09e401bf8 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: ssh-keygen.1,v 1.117 2013/12/07 08:08:26 djm Exp $
+.\"     $OpenBSD: ssh-keygen.1,v 1.118 2013/12/07 11:58:46 naddy Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -139,8 +139,8 @@
 generates, manages and converts authentication keys for
 .Xr ssh 1 .
 .Nm
-can create RSA keys for use by SSH protocol version 1 and DSA, ECDSA or RSA
+can create RSA keys for use by SSH protocol version 1 and
-keys for use by SSH protocol version 2.
+DSA, ECDSA, ED25519 or RSA keys for use by SSH protocol version 2.
 The type of key to be generated is specified with the
 .Fl t
 option.
@@ -167,8 +167,9 @@ Normally each user wishing to use SSH
 with public key authentication runs this once to create the authentication
 key in
 .Pa ~/.ssh/identity ,
+.Pa ~/.ssh/id_dsa ,
 .Pa ~/.ssh/id_ecdsa ,
-.Pa ~/.ssh/id_dsa
+.Pa ~/.ssh/id_ed25519
 or
 .Pa ~/.ssh/id_rsa .
 Additionally, the system administrator may use this to generate host keys,
@@ -216,7 +217,8 @@ should be placed to be activated.
 The options are as follows:
 .Bl -tag -width Ds
 .It Fl A
-For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys
+For each of the key types (rsa1, rsa, dsa, ecdsa and ed25519)
+for which host keys
 do not exist, generate the host keys with the default key file path,
 an empty passphrase, default bits for the key type, and default comment.
 This is used by
@@ -249,6 +251,9 @@ flag determines the key length by selecting from one of three elliptic
 curve sizes: 256, 384 or 521 bits.
 Attempting to use bit lengths other than these three values for ECDSA keys
 will fail.
+ED25519 keys have a fixed length and the
+.Fl b
+flag will be ignored.
 .It Fl C Ar comment
 Provides a new comment.
 .It Fl c
@@ -515,7 +520,8 @@ The possible values are
 .Dq rsa1
 for protocol version 1 and
 .Dq dsa ,
-.Dq ecdsa
+.Dq ecdsa ,
+.Dq ed25519 ,
 or
 .Dq rsa
 for protocol version 2.
@@ -795,8 +801,10 @@ There is no need to keep the contents of this file secret.
 .Pp
 .It Pa ~/.ssh/id_dsa
 .It Pa ~/.ssh/id_ecdsa
+.It Pa ~/.ssh/id_ed25519
 .It Pa ~/.ssh/id_rsa
-Contains the protocol version 2 DSA, ECDSA or RSA authentication identity of the user.
+Contains the protocol version 2 DSA, ECDSA, ED25519 or RSA
+authentication identity of the user.
 This file should not be readable by anyone but the user.
 It is possible to
 specify a passphrase when generating the key; that passphrase will be
@@ -809,8 +817,10 @@ will read this file when a login attempt is made.
 .Pp
 .It Pa ~/.ssh/id_dsa.pub
 .It Pa ~/.ssh/id_ecdsa.pub
+.It Pa ~/.ssh/id_ed25519.pub
 .It Pa ~/.ssh/id_rsa.pub
-Contains the protocol version 2 DSA, ECDSA or RSA public key for authentication.
+Contains the protocol version 2 DSA, ECDSA, ED25519 or RSA
+public key for authentication.
 The contents of this file should be added to
 .Pa ~/.ssh/authorized_keys
 on all machines

diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 689db22ff..09e401bf8 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: ssh-keygen.1,v 1.117 2013/12/07 08:08:26 djm Exp $	1	.\" $OpenBSD: ssh-keygen.1,v 1.118 2013/12/07 11:58:46 naddy Exp $
2	.\"	2	.\"
3	.\" Author: Tatu Ylonen <ylo@cs.hut.fi>	3	.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4	.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -139,8 +139,8 @@
139	generates, manages and converts authentication keys for	139	generates, manages and converts authentication keys for
140	.Xr ssh 1 .	140	.Xr ssh 1 .
141	.Nm	141	.Nm
142	can create RSA keys for use by SSH protocol version 1 and DSA, ECDSA or RSA	142	can create RSA keys for use by SSH protocol version 1 and
143	keys for use by SSH protocol version 2.	143	DSA, ECDSA, ED25519 or RSA keys for use by SSH protocol version 2.
144	The type of key to be generated is specified with the	144	The type of key to be generated is specified with the
145	.Fl t	145	.Fl t
146	option.	146	option.
@@ -167,8 +167,9 @@ Normally each user wishing to use SSH
167	with public key authentication runs this once to create the authentication	167	with public key authentication runs this once to create the authentication
168	key in	168	key in
169	.Pa ~/.ssh/identity ,	169	.Pa ~/.ssh/identity ,
		170	.Pa ~/.ssh/id_dsa ,
170	.Pa ~/.ssh/id_ecdsa ,	171	.Pa ~/.ssh/id_ecdsa ,
171	.Pa ~/.ssh/id_dsa	172	.Pa ~/.ssh/id_ed25519
172	or	173	or
173	.Pa ~/.ssh/id_rsa .	174	.Pa ~/.ssh/id_rsa .
174	Additionally, the system administrator may use this to generate host keys,	175	Additionally, the system administrator may use this to generate host keys,
@@ -216,7 +217,8 @@ should be placed to be activated.
216	The options are as follows:	217	The options are as follows:
217	.Bl -tag -width Ds	218	.Bl -tag -width Ds
218	.It Fl A	219	.It Fl A
219	For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys	220	For each of the key types (rsa1, rsa, dsa, ecdsa and ed25519)
		221	for which host keys
220	do not exist, generate the host keys with the default key file path,	222	do not exist, generate the host keys with the default key file path,
221	an empty passphrase, default bits for the key type, and default comment.	223	an empty passphrase, default bits for the key type, and default comment.
222	This is used by	224	This is used by
@@ -249,6 +251,9 @@ flag determines the key length by selecting from one of three elliptic
249	curve sizes: 256, 384 or 521 bits.	251	curve sizes: 256, 384 or 521 bits.
250	Attempting to use bit lengths other than these three values for ECDSA keys	252	Attempting to use bit lengths other than these three values for ECDSA keys
251	will fail.	253	will fail.
		254	ED25519 keys have a fixed length and the
		255	.Fl b
		256	flag will be ignored.
252	.It Fl C Ar comment	257	.It Fl C Ar comment
253	Provides a new comment.	258	Provides a new comment.
254	.It Fl c	259	.It Fl c
@@ -515,7 +520,8 @@ The possible values are
515	.Dq rsa1	520	.Dq rsa1
516	for protocol version 1 and	521	for protocol version 1 and
517	.Dq dsa ,	522	.Dq dsa ,
518	.Dq ecdsa	523	.Dq ecdsa ,
		524	.Dq ed25519 ,
519	or	525	or
520	.Dq rsa	526	.Dq rsa
521	for protocol version 2.	527	for protocol version 2.
@@ -795,8 +801,10 @@ There is no need to keep the contents of this file secret.
795	.Pp	801	.Pp
796	.It Pa ~/.ssh/id_dsa	802	.It Pa ~/.ssh/id_dsa
797	.It Pa ~/.ssh/id_ecdsa	803	.It Pa ~/.ssh/id_ecdsa
		804	.It Pa ~/.ssh/id_ed25519
798	.It Pa ~/.ssh/id_rsa	805	.It Pa ~/.ssh/id_rsa
799	Contains the protocol version 2 DSA, ECDSA or RSA authentication identity of the user.	806	Contains the protocol version 2 DSA, ECDSA, ED25519 or RSA
		807	authentication identity of the user.
800	This file should not be readable by anyone but the user.	808	This file should not be readable by anyone but the user.
801	It is possible to	809	It is possible to
802	specify a passphrase when generating the key; that passphrase will be	810	specify a passphrase when generating the key; that passphrase will be
@@ -809,8 +817,10 @@ will read this file when a login attempt is made.
809	.Pp	817	.Pp
810	.It Pa ~/.ssh/id_dsa.pub	818	.It Pa ~/.ssh/id_dsa.pub
811	.It Pa ~/.ssh/id_ecdsa.pub	819	.It Pa ~/.ssh/id_ecdsa.pub
		820	.It Pa ~/.ssh/id_ed25519.pub
812	.It Pa ~/.ssh/id_rsa.pub	821	.It Pa ~/.ssh/id_rsa.pub
813	Contains the protocol version 2 DSA, ECDSA or RSA public key for authentication.	822	Contains the protocol version 2 DSA, ECDSA, ED25519 or RSA
		823	public key for authentication.
814	The contents of this file should be added to	824	The contents of this file should be added to
815	.Pa ~/.ssh/authorized_keys	825	.Pa ~/.ssh/authorized_keys
816	on all machines	826	on all machines