diff options
Diffstat (limited to 'ssh-keygen.1')
| -rw-r--r-- | ssh-keygen.1 | 36 |
1 files changed, 28 insertions, 8 deletions
diff --git a/ssh-keygen.1 b/ssh-keygen.1 index dca566ca2..bdb5015d1 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | .\" $OpenBSD: ssh-keygen.1,v 1.172 2019/10/22 08:50:35 jmc Exp $ | 1 | .\" $OpenBSD: ssh-keygen.1,v 1.173 2019/11/07 08:38:38 naddy Exp $ |
| 2 | .\" | 2 | .\" |
| 3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -35,7 +35,7 @@ | |||
| 35 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 35 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 36 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 36 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 37 | .\" | 37 | .\" |
| 38 | .Dd $Mdocdate: October 22 2019 $ | 38 | .Dd $Mdocdate: November 7 2019 $ |
| 39 | .Dt SSH-KEYGEN 1 | 39 | .Dt SSH-KEYGEN 1 |
| 40 | .Os | 40 | .Os |
| 41 | .Sh NAME | 41 | .Sh NAME |
| @@ -48,8 +48,10 @@ | |||
| 48 | .Op Fl C Ar comment | 48 | .Op Fl C Ar comment |
| 49 | .Op Fl f Ar output_keyfile | 49 | .Op Fl f Ar output_keyfile |
| 50 | .Op Fl m Ar format | 50 | .Op Fl m Ar format |
| 51 | .Op Fl t Cm dsa | ecdsa | ecdsa-sk | ed25519 | rsa | ||
| 51 | .Op Fl N Ar new_passphrase | 52 | .Op Fl N Ar new_passphrase |
| 52 | .Op Fl t Cm dsa | ecdsa | ed25519 | rsa | 53 | .Op Fl w Ar provider |
| 54 | .Op Fl x Ar flags | ||
| 53 | .Nm ssh-keygen | 55 | .Nm ssh-keygen |
| 54 | .Fl p | 56 | .Fl p |
| 55 | .Op Fl f Ar keyfile | 57 | .Op Fl f Ar keyfile |
| @@ -188,6 +190,7 @@ with public key authentication runs this once to create the authentication | |||
| 188 | key in | 190 | key in |
| 189 | .Pa ~/.ssh/id_dsa , | 191 | .Pa ~/.ssh/id_dsa , |
| 190 | .Pa ~/.ssh/id_ecdsa , | 192 | .Pa ~/.ssh/id_ecdsa , |
| 193 | .Pa ~/.ssh/id_ecdsa_sk , | ||
| 191 | .Pa ~/.ssh/id_ed25519 | 194 | .Pa ~/.ssh/id_ed25519 |
| 192 | or | 195 | or |
| 193 | .Pa ~/.ssh/id_rsa . | 196 | .Pa ~/.ssh/id_rsa . |
| @@ -248,7 +251,7 @@ should be placed to be activated. | |||
| 248 | The options are as follows: | 251 | The options are as follows: |
| 249 | .Bl -tag -width Ds | 252 | .Bl -tag -width Ds |
| 250 | .It Fl A | 253 | .It Fl A |
| 251 | For each of the key types (rsa, dsa, ecdsa and ed25519) | 254 | For each of the key types (rsa, dsa, ecdsa, ecdsa-sk and ed25519) |
| 252 | for which host keys | 255 | for which host keys |
| 253 | do not exist, generate the host keys with the default key file path, | 256 | do not exist, generate the host keys with the default key file path, |
| 254 | an empty passphrase, default bits for the key type, and default comment. | 257 | an empty passphrase, default bits for the key type, and default comment. |
| @@ -282,7 +285,7 @@ flag determines the key length by selecting from one of three elliptic | |||
| 282 | curve sizes: 256, 384 or 521 bits. | 285 | curve sizes: 256, 384 or 521 bits. |
| 283 | Attempting to use bit lengths other than these three values for ECDSA keys | 286 | Attempting to use bit lengths other than these three values for ECDSA keys |
| 284 | will fail. | 287 | will fail. |
| 285 | Ed25519 keys have a fixed length and the | 288 | ECDSA-SK and Ed25519 keys have a fixed length and the |
| 286 | .Fl b | 289 | .Fl b |
| 287 | flag will be ignored. | 290 | flag will be ignored. |
| 288 | .It Fl C Ar comment | 291 | .It Fl C Ar comment |
| @@ -583,11 +586,12 @@ section for details. | |||
| 583 | Test DH group exchange candidate primes (generated using the | 586 | Test DH group exchange candidate primes (generated using the |
| 584 | .Fl G | 587 | .Fl G |
| 585 | option) for safety. | 588 | option) for safety. |
| 586 | .It Fl t Cm dsa | ecdsa | ed25519 | rsa | 589 | .It Fl t Cm dsa | ecdsa | ecdsa-sk | ed25519 | rsa |
| 587 | Specifies the type of key to create. | 590 | Specifies the type of key to create. |
| 588 | The possible values are | 591 | The possible values are |
| 589 | .Dq dsa , | 592 | .Dq dsa , |
| 590 | .Dq ecdsa , | 593 | .Dq ecdsa , |
| 594 | .Dq ecdsa-sk , | ||
| 591 | .Dq ed25519 , | 595 | .Dq ed25519 , |
| 592 | or | 596 | or |
| 593 | .Dq rsa . | 597 | .Dq rsa . |
| @@ -658,6 +662,14 @@ options increase the verbosity. | |||
| 658 | The maximum is 3. | 662 | The maximum is 3. |
| 659 | .It Fl W Ar generator | 663 | .It Fl W Ar generator |
| 660 | Specify desired generator when testing candidate moduli for DH-GEX. | 664 | Specify desired generator when testing candidate moduli for DH-GEX. |
| 665 | .It Fl w Ar provider | ||
| 666 | Specifies a path to a security key provider library that will be used when | ||
| 667 | creating any security key-hosted keys, overriding the default of using the | ||
| 668 | .Ev SSH_SK_PROVIDER | ||
| 669 | environment variable to specify a provider. | ||
| 670 | .It Fl x Ar flags | ||
| 671 | Specifies the security key flags to use when enrolling a security key-hosted | ||
| 672 | key. | ||
| 661 | .It Fl y | 673 | .It Fl y |
| 662 | This option will read a private | 674 | This option will read a private |
| 663 | OpenSSH format file and print an OpenSSH public key to stdout. | 675 | OpenSSH format file and print an OpenSSH public key to stdout. |
| @@ -1020,13 +1032,20 @@ user1@example.com,user2@example.com ssh-rsa AAAAX1... | |||
| 1020 | # A key that is accepted only for file signing. | 1032 | # A key that is accepted only for file signing. |
| 1021 | user2@example.com namespaces="file" ssh-ed25519 AAA41... | 1033 | user2@example.com namespaces="file" ssh-ed25519 AAA41... |
| 1022 | .Ed | 1034 | .Ed |
| 1035 | .Sh ENVIRONMENT | ||
| 1036 | .Bl -tag -width Ds | ||
| 1037 | .It Ev SSH_SK_PROVIDER | ||
| 1038 | Specifies the path to a security key provider library used to interact with | ||
| 1039 | hardware security keys. | ||
| 1040 | .El | ||
| 1023 | .Sh FILES | 1041 | .Sh FILES |
| 1024 | .Bl -tag -width Ds -compact | 1042 | .Bl -tag -width Ds -compact |
| 1025 | .It Pa ~/.ssh/id_dsa | 1043 | .It Pa ~/.ssh/id_dsa |
| 1026 | .It Pa ~/.ssh/id_ecdsa | 1044 | .It Pa ~/.ssh/id_ecdsa |
| 1045 | .It Pa ~/.ssh/id_ecdsa_sk | ||
| 1027 | .It Pa ~/.ssh/id_ed25519 | 1046 | .It Pa ~/.ssh/id_ed25519 |
| 1028 | .It Pa ~/.ssh/id_rsa | 1047 | .It Pa ~/.ssh/id_rsa |
| 1029 | Contains the DSA, ECDSA, Ed25519 or RSA | 1048 | Contains the DSA, ECDSA, security key-hosted ECDSA, Ed25519 or RSA |
| 1030 | authentication identity of the user. | 1049 | authentication identity of the user. |
| 1031 | This file should not be readable by anyone but the user. | 1050 | This file should not be readable by anyone but the user. |
| 1032 | It is possible to | 1051 | It is possible to |
| @@ -1040,9 +1059,10 @@ will read this file when a login attempt is made. | |||
| 1040 | .Pp | 1059 | .Pp |
| 1041 | .It Pa ~/.ssh/id_dsa.pub | 1060 | .It Pa ~/.ssh/id_dsa.pub |
| 1042 | .It Pa ~/.ssh/id_ecdsa.pub | 1061 | .It Pa ~/.ssh/id_ecdsa.pub |
| 1062 | .It Pa ~/.ssh/id_ecdsa_sk.pub | ||
| 1043 | .It Pa ~/.ssh/id_ed25519.pub | 1063 | .It Pa ~/.ssh/id_ed25519.pub |
| 1044 | .It Pa ~/.ssh/id_rsa.pub | 1064 | .It Pa ~/.ssh/id_rsa.pub |
| 1045 | Contains the DSA, ECDSA, Ed25519 or RSA | 1065 | Contains the DSA, ECDSA, security key-hosted ECDSA, Ed25519 or RSA |
| 1046 | public key for authentication. | 1066 | public key for authentication. |
| 1047 | The contents of this file should be added to | 1067 | The contents of this file should be added to |
| 1048 | .Pa ~/.ssh/authorized_keys | 1068 | .Pa ~/.ssh/authorized_keys |