diff options
Diffstat (limited to 'ssh-keygen.1')
-rw-r--r-- | ssh-keygen.1 | 37 |
1 files changed, 5 insertions, 32 deletions
diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 624995617..d8ae3fada 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: ssh-keygen.1,v 1.139 2017/05/02 17:04:09 jmc Exp $ | 1 | .\" $OpenBSD: ssh-keygen.1,v 1.140 2017/05/03 06:32:02 jmc Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -35,7 +35,7 @@ | |||
35 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 35 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
36 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 36 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
37 | .\" | 37 | .\" |
38 | .Dd $Mdocdate: May 2 2017 $ | 38 | .Dd $Mdocdate: May 3 2017 $ |
39 | .Dt SSH-KEYGEN 1 | 39 | .Dt SSH-KEYGEN 1 |
40 | .Os | 40 | .Os |
41 | .Sh NAME | 41 | .Sh NAME |
@@ -141,11 +141,7 @@ | |||
141 | generates, manages and converts authentication keys for | 141 | generates, manages and converts authentication keys for |
142 | .Xr ssh 1 . | 142 | .Xr ssh 1 . |
143 | .Nm | 143 | .Nm |
144 | can create keys for use by SSH protocol versions 1 and 2. | 144 | can create keys for use by SSH protocol version 2. |
145 | Protocol 1 should not be used | ||
146 | and is only offered to support legacy devices. | ||
147 | It suffers from a number of cryptographic weaknesses | ||
148 | and doesn't support many of the advanced features available for protocol 2. | ||
149 | .Pp | 145 | .Pp |
150 | The type of key to be generated is specified with the | 146 | The type of key to be generated is specified with the |
151 | .Fl t | 147 | .Fl t |
@@ -172,7 +168,6 @@ section for details. | |||
172 | Normally each user wishing to use SSH | 168 | Normally each user wishing to use SSH |
173 | with public key authentication runs this once to create the authentication | 169 | with public key authentication runs this once to create the authentication |
174 | key in | 170 | key in |
175 | .Pa ~/.ssh/identity , | ||
176 | .Pa ~/.ssh/id_dsa , | 171 | .Pa ~/.ssh/id_dsa , |
177 | .Pa ~/.ssh/id_ecdsa , | 172 | .Pa ~/.ssh/id_ecdsa , |
178 | .Pa ~/.ssh/id_ed25519 | 173 | .Pa ~/.ssh/id_ed25519 |
@@ -231,16 +226,14 @@ This is used by | |||
231 | .Pa /etc/rc | 226 | .Pa /etc/rc |
232 | to generate new host keys. | 227 | to generate new host keys. |
233 | .It Fl a Ar rounds | 228 | .It Fl a Ar rounds |
234 | When saving a new-format private key (i.e. an ed25519 key or any SSH protocol | 229 | When saving a new-format private key (i.e. an ed25519 key or when the |
235 | 2 key when the | ||
236 | .Fl o | 230 | .Fl o |
237 | flag is set), this option specifies the number of KDF (key derivation function) | 231 | flag is set), this option specifies the number of KDF (key derivation function) |
238 | rounds used. | 232 | rounds used. |
239 | Higher numbers result in slower passphrase verification and increased | 233 | Higher numbers result in slower passphrase verification and increased |
240 | resistance to brute-force password cracking (should the keys be stolen). | 234 | resistance to brute-force password cracking (should the keys be stolen). |
241 | .Pp | 235 | .Pp |
242 | When screening DH-GEX candidates ( | 236 | When screening DH-GEX candidates (using the |
243 | using the | ||
244 | .Fl T | 237 | .Fl T |
245 | command). | 238 | command). |
246 | This option specifies the number of primality tests to perform. | 239 | This option specifies the number of primality tests to perform. |
@@ -819,26 +812,6 @@ will exit with a non-zero exit status. | |||
819 | A zero exit status will only be returned if no key was revoked. | 812 | A zero exit status will only be returned if no key was revoked. |
820 | .Sh FILES | 813 | .Sh FILES |
821 | .Bl -tag -width Ds -compact | 814 | .Bl -tag -width Ds -compact |
822 | .It Pa ~/.ssh/identity | ||
823 | Contains the protocol version 1 RSA authentication identity of the user. | ||
824 | This file should not be readable by anyone but the user. | ||
825 | It is possible to | ||
826 | specify a passphrase when generating the key; that passphrase will be | ||
827 | used to encrypt the private part of this file using 3DES. | ||
828 | This file is not automatically accessed by | ||
829 | .Nm | ||
830 | but it is offered as the default file for the private key. | ||
831 | .Xr ssh 1 | ||
832 | will read this file when a login attempt is made. | ||
833 | .Pp | ||
834 | .It Pa ~/.ssh/identity.pub | ||
835 | Contains the protocol version 1 RSA public key for authentication. | ||
836 | The contents of this file should be added to | ||
837 | .Pa ~/.ssh/authorized_keys | ||
838 | on all machines | ||
839 | where the user wishes to log in using RSA authentication. | ||
840 | There is no need to keep the contents of this file secret. | ||
841 | .Pp | ||
842 | .It Pa ~/.ssh/id_dsa | 815 | .It Pa ~/.ssh/id_dsa |
843 | .It Pa ~/.ssh/id_ecdsa | 816 | .It Pa ~/.ssh/id_ecdsa |
844 | .It Pa ~/.ssh/id_ed25519 | 817 | .It Pa ~/.ssh/id_ed25519 |