summaryrefslogtreecommitdiff
path: root/ssh-keygen.1
diff options
context:
space:
mode:
Diffstat (limited to 'ssh-keygen.1')
-rw-r--r--ssh-keygen.127
1 files changed, 19 insertions, 8 deletions
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 205f741b8..ede37921c 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: ssh-keygen.1,v 1.101 2010/10/28 18:33:28 jmc Exp $ 1.\" $OpenBSD: ssh-keygen.1,v 1.106 2011/04/13 04:09:37 djm Exp $
2.\" 2.\"
3.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 3.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
35.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 35.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
36.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 36.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
37.\" 37.\"
38.Dd $Mdocdate: October 28 2010 $ 38.Dd $Mdocdate: April 13 2011 $
39.Dt SSH-KEYGEN 1 39.Dt SSH-KEYGEN 1
40.Os 40.Os
41.Sh NAME 41.Sh NAME
@@ -117,6 +117,8 @@
117.Nm ssh-keygen 117.Nm ssh-keygen
118.Fl L 118.Fl L
119.Op Fl f Ar input_keyfile 119.Op Fl f Ar input_keyfile
120.Nm ssh-keygen
121.Fl A
120.Ek 122.Ek
121.Sh DESCRIPTION 123.Sh DESCRIPTION
122.Nm 124.Nm
@@ -173,9 +175,8 @@ The passphrase can be changed later by using the
173option. 175option.
174.Pp 176.Pp
175There is no way to recover a lost passphrase. 177There is no way to recover a lost passphrase.
176If the passphrase is 178If the passphrase is lost or forgotten, a new key must be generated
177lost or forgotten, a new key must be generated and copied to the 179and the corresponding public key copied to other machines.
178corresponding public key to other machines.
179.Pp 180.Pp
180For RSA1 keys, 181For RSA1 keys,
181there is also a comment field in the key file that is only for 182there is also a comment field in the key file that is only for
@@ -192,6 +193,13 @@ should be placed to be activated.
192.Pp 193.Pp
193The options are as follows: 194The options are as follows:
194.Bl -tag -width Ds 195.Bl -tag -width Ds
196.It Fl A
197For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys
198do not exist, generate the host keys with the default key file path,
199an empty passphrase, default bits for the key type, and default comment.
200This is used by
201.Pa /etc/rc
202to generate new host keys.
195.It Fl a Ar trials 203.It Fl a Ar trials
196Specifies the number of primality tests to perform when screening DH-GEX 204Specifies the number of primality tests to perform when screening DH-GEX
197candidates using the 205candidates using the
@@ -204,6 +212,12 @@ Specifies the number of bits in the key to create.
204For RSA keys, the minimum size is 768 bits and the default is 2048 bits. 212For RSA keys, the minimum size is 768 bits and the default is 2048 bits.
205Generally, 2048 bits is considered sufficient. 213Generally, 2048 bits is considered sufficient.
206DSA keys must be exactly 1024 bits as specified by FIPS 186-2. 214DSA keys must be exactly 1024 bits as specified by FIPS 186-2.
215For ECDSA keys, the
216.Fl b
217flag determines they key length by selecting from one of three elliptic
218curve sizes: 256, 384 or 521 bits.
219Attempting to use bit lengths other than these three values for ECDSA keys
220will fail.
207.It Fl C Ar comment 221.It Fl C Ar comment
208Provides a new comment. 222Provides a new comment.
209.It Fl c 223.It Fl c
@@ -393,9 +407,6 @@ new passphrase.
393.It Fl q 407.It Fl q
394Silence 408Silence
395.Nm ssh-keygen . 409.Nm ssh-keygen .
396Used by
397.Pa /etc/rc
398when creating a new key.
399.It Fl R Ar hostname 410.It Fl R Ar hostname
400Removes all keys belonging to 411Removes all keys belonging to
401.Ar hostname 412.Ar hostname
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-11 05:33:56 +0000