diff options
Diffstat (limited to 'ssh-keygen.1')
-rw-r--r-- | ssh-keygen.1 | 194 |
1 files changed, 170 insertions, 24 deletions
diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 124456577..957d2f0f0 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: ssh-keygen.1,v 1.157 2019/03/05 16:17:12 naddy Exp $ | 1 | .\" $OpenBSD: ssh-keygen.1,v 1.171 2019/10/03 17:07:50 jmc Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -35,44 +35,43 @@ | |||
35 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 35 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
36 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 36 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
37 | .\" | 37 | .\" |
38 | .Dd $Mdocdate: March 5 2019 $ | 38 | .Dd $Mdocdate: October 3 2019 $ |
39 | .Dt SSH-KEYGEN 1 | 39 | .Dt SSH-KEYGEN 1 |
40 | .Os | 40 | .Os |
41 | .Sh NAME | 41 | .Sh NAME |
42 | .Nm ssh-keygen | 42 | .Nm ssh-keygen |
43 | .Nd authentication key generation, management and conversion | 43 | .Nd authentication key generation, management and conversion |
44 | .Sh SYNOPSIS | 44 | .Sh SYNOPSIS |
45 | .Bk -words | ||
46 | .Nm ssh-keygen | 45 | .Nm ssh-keygen |
47 | .Op Fl q | 46 | .Op Fl q |
48 | .Op Fl b Ar bits | 47 | .Op Fl b Ar bits |
49 | .Op Fl t Cm dsa | ecdsa | ed25519 | rsa | ||
50 | .Op Fl N Ar new_passphrase | ||
51 | .Op Fl C Ar comment | 48 | .Op Fl C Ar comment |
52 | .Op Fl f Ar output_keyfile | 49 | .Op Fl f Ar output_keyfile |
53 | .Op Fl m Ar format | 50 | .Op Fl m Ar format |
51 | .Op Fl N Ar new_passphrase | ||
52 | .Op Fl t Cm dsa | ecdsa | ed25519 | rsa | ||
54 | .Nm ssh-keygen | 53 | .Nm ssh-keygen |
55 | .Fl p | 54 | .Fl p |
56 | .Op Fl P Ar old_passphrase | ||
57 | .Op Fl N Ar new_passphrase | ||
58 | .Op Fl f Ar keyfile | 55 | .Op Fl f Ar keyfile |
59 | .Op Fl m Ar format | 56 | .Op Fl m Ar format |
57 | .Op Fl N Ar new_passphrase | ||
58 | .Op Fl P Ar old_passphrase | ||
60 | .Nm ssh-keygen | 59 | .Nm ssh-keygen |
61 | .Fl i | 60 | .Fl i |
62 | .Op Fl m Ar key_format | ||
63 | .Op Fl f Ar input_keyfile | 61 | .Op Fl f Ar input_keyfile |
62 | .Op Fl m Ar key_format | ||
64 | .Nm ssh-keygen | 63 | .Nm ssh-keygen |
65 | .Fl e | 64 | .Fl e |
66 | .Op Fl m Ar key_format | ||
67 | .Op Fl f Ar input_keyfile | 65 | .Op Fl f Ar input_keyfile |
66 | .Op Fl m Ar key_format | ||
68 | .Nm ssh-keygen | 67 | .Nm ssh-keygen |
69 | .Fl y | 68 | .Fl y |
70 | .Op Fl f Ar input_keyfile | 69 | .Op Fl f Ar input_keyfile |
71 | .Nm ssh-keygen | 70 | .Nm ssh-keygen |
72 | .Fl c | 71 | .Fl c |
73 | .Op Fl P Ar passphrase | ||
74 | .Op Fl C Ar comment | 72 | .Op Fl C Ar comment |
75 | .Op Fl f Ar keyfile | 73 | .Op Fl f Ar keyfile |
74 | .Op Fl P Ar passphrase | ||
76 | .Nm ssh-keygen | 75 | .Nm ssh-keygen |
77 | .Fl l | 76 | .Fl l |
78 | .Op Fl v | 77 | .Op Fl v |
@@ -85,8 +84,8 @@ | |||
85 | .Fl D Ar pkcs11 | 84 | .Fl D Ar pkcs11 |
86 | .Nm ssh-keygen | 85 | .Nm ssh-keygen |
87 | .Fl F Ar hostname | 86 | .Fl F Ar hostname |
87 | .Op Fl lv | ||
88 | .Op Fl f Ar known_hosts_file | 88 | .Op Fl f Ar known_hosts_file |
89 | .Op Fl l | ||
90 | .Nm ssh-keygen | 89 | .Nm ssh-keygen |
91 | .Fl H | 90 | .Fl H |
92 | .Op Fl f Ar known_hosts_file | 91 | .Op Fl f Ar known_hosts_file |
@@ -95,8 +94,8 @@ | |||
95 | .Op Fl f Ar known_hosts_file | 94 | .Op Fl f Ar known_hosts_file |
96 | .Nm ssh-keygen | 95 | .Nm ssh-keygen |
97 | .Fl r Ar hostname | 96 | .Fl r Ar hostname |
98 | .Op Fl f Ar input_keyfile | ||
99 | .Op Fl g | 97 | .Op Fl g |
98 | .Op Fl f Ar input_keyfile | ||
100 | .Nm ssh-keygen | 99 | .Nm ssh-keygen |
101 | .Fl G Ar output_file | 100 | .Fl G Ar output_file |
102 | .Op Fl v | 101 | .Op Fl v |
@@ -104,8 +103,8 @@ | |||
104 | .Op Fl M Ar memory | 103 | .Op Fl M Ar memory |
105 | .Op Fl S Ar start_point | 104 | .Op Fl S Ar start_point |
106 | .Nm ssh-keygen | 105 | .Nm ssh-keygen |
107 | .Fl T Ar output_file | ||
108 | .Fl f Ar input_file | 106 | .Fl f Ar input_file |
107 | .Fl T Ar output_file | ||
109 | .Op Fl v | 108 | .Op Fl v |
110 | .Op Fl a Ar rounds | 109 | .Op Fl a Ar rounds |
111 | .Op Fl J Ar num_lines | 110 | .Op Fl J Ar num_lines |
@@ -113,10 +112,9 @@ | |||
113 | .Op Fl K Ar checkpt | 112 | .Op Fl K Ar checkpt |
114 | .Op Fl W Ar generator | 113 | .Op Fl W Ar generator |
115 | .Nm ssh-keygen | 114 | .Nm ssh-keygen |
116 | .Fl s Ar ca_key | ||
117 | .Fl I Ar certificate_identity | 115 | .Fl I Ar certificate_identity |
118 | .Op Fl h | 116 | .Fl s Ar ca_key |
119 | .Op Fl U | 117 | .Op Fl hU |
120 | .Op Fl D Ar pkcs11_provider | 118 | .Op Fl D Ar pkcs11_provider |
121 | .Op Fl n Ar principals | 119 | .Op Fl n Ar principals |
122 | .Op Fl O Ar option | 120 | .Op Fl O Ar option |
@@ -140,7 +138,22 @@ | |||
140 | .Fl Q | 138 | .Fl Q |
141 | .Fl f Ar krl_file | 139 | .Fl f Ar krl_file |
142 | .Ar | 140 | .Ar |
143 | .Ek | 141 | .Nm ssh-keygen |
142 | .Fl Y Cm check-novalidate | ||
143 | .Fl n Ar namespace | ||
144 | .Fl s Ar signature_file | ||
145 | .Nm ssh-keygen | ||
146 | .Fl Y Cm sign | ||
147 | .Fl f Ar key_file | ||
148 | .Fl n Ar namespace | ||
149 | .Ar | ||
150 | .Nm ssh-keygen | ||
151 | .Fl Y Cm verify | ||
152 | .Fl f Ar allowed_signers_file | ||
153 | .Fl I Ar signer_identity | ||
154 | .Fl n Ar namespace | ||
155 | .Fl s Ar signature_file | ||
156 | .Op Fl r Ar revocation_file | ||
144 | .Sh DESCRIPTION | 157 | .Sh DESCRIPTION |
145 | .Nm | 158 | .Nm |
146 | generates, manages and converts authentication keys for | 159 | generates, manages and converts authentication keys for |
@@ -247,21 +260,21 @@ This is used by | |||
247 | .Pa /etc/rc | 260 | .Pa /etc/rc |
248 | to generate new host keys. | 261 | to generate new host keys. |
249 | .It Fl a Ar rounds | 262 | .It Fl a Ar rounds |
250 | When saving a private key this option specifies the number of KDF | 263 | When saving a private key, this option specifies the number of KDF |
251 | (key derivation function) rounds used. | 264 | (key derivation function) rounds used. |
252 | Higher numbers result in slower passphrase verification and increased | 265 | Higher numbers result in slower passphrase verification and increased |
253 | resistance to brute-force password cracking (should the keys be stolen). | 266 | resistance to brute-force password cracking (should the keys be stolen). |
254 | .Pp | 267 | .Pp |
255 | When screening DH-GEX candidates (using the | 268 | When screening DH-GEX candidates (using the |
256 | .Fl T | 269 | .Fl T |
257 | command). | 270 | command), |
258 | This option specifies the number of primality tests to perform. | 271 | this option specifies the number of primality tests to perform. |
259 | .It Fl B | 272 | .It Fl B |
260 | Show the bubblebabble digest of specified private or public key file. | 273 | Show the bubblebabble digest of specified private or public key file. |
261 | .It Fl b Ar bits | 274 | .It Fl b Ar bits |
262 | Specifies the number of bits in the key to create. | 275 | Specifies the number of bits in the key to create. |
263 | For RSA keys, the minimum size is 1024 bits and the default is 2048 bits. | 276 | For RSA keys, the minimum size is 1024 bits and the default is 3072 bits. |
264 | Generally, 2048 bits is considered sufficient. | 277 | Generally, 3072 bits is considered sufficient. |
265 | DSA keys must be exactly 1024 bits as specified by FIPS 186-2. | 278 | DSA keys must be exactly 1024 bits as specified by FIPS 186-2. |
266 | For ECDSA keys, the | 279 | For ECDSA keys, the |
267 | .Fl b | 280 | .Fl b |
@@ -419,11 +432,12 @@ The supported key formats are: | |||
419 | .Dq RFC4716 | 432 | .Dq RFC4716 |
420 | (RFC 4716/SSH2 public or private key), | 433 | (RFC 4716/SSH2 public or private key), |
421 | .Dq PKCS8 | 434 | .Dq PKCS8 |
422 | (PEM PKCS8 public key) | 435 | (PKCS8 public or private key) |
423 | or | 436 | or |
424 | .Dq PEM | 437 | .Dq PEM |
425 | (PEM public key). | 438 | (PEM public key). |
426 | The default conversion format is | 439 | By default OpenSSH will write newly-generated private keys in its own |
440 | format, but when converting public keys for export the default format is | ||
427 | .Dq RFC4716 . | 441 | .Dq RFC4716 . |
428 | Setting a format of | 442 | Setting a format of |
429 | .Dq PEM | 443 | .Dq PEM |
@@ -577,6 +591,16 @@ The possible values are | |||
577 | .Dq ed25519 , | 591 | .Dq ed25519 , |
578 | or | 592 | or |
579 | .Dq rsa . | 593 | .Dq rsa . |
594 | .Pp | ||
595 | This flag may also be used to specify the desired signature type when | ||
596 | signing certificates using an RSA CA key. | ||
597 | The available RSA signature variants are | ||
598 | .Dq ssh-rsa | ||
599 | (SHA1 signatures, not recommended), | ||
600 | .Dq rsa-sha2-256 , | ||
601 | and | ||
602 | .Dq rsa-sha2-512 | ||
603 | (the default). | ||
580 | .It Fl U | 604 | .It Fl U |
581 | When used in combination with | 605 | When used in combination with |
582 | .Fl s , | 606 | .Fl s , |
@@ -637,6 +661,77 @@ Specify desired generator when testing candidate moduli for DH-GEX. | |||
637 | .It Fl y | 661 | .It Fl y |
638 | This option will read a private | 662 | This option will read a private |
639 | OpenSSH format file and print an OpenSSH public key to stdout. | 663 | OpenSSH format file and print an OpenSSH public key to stdout. |
664 | .It Fl Y Cm sign | ||
665 | Cryptographically sign a file or some data using a SSH key. | ||
666 | When signing, | ||
667 | .Nm | ||
668 | accepts zero or more files to sign on the command-line - if no files | ||
669 | are specified then | ||
670 | .Nm | ||
671 | will sign data presented on standard input. | ||
672 | Signatures are written to the path of the input file with | ||
673 | .Dq .sig | ||
674 | appended, or to standard output if the message to be signed was read from | ||
675 | standard input. | ||
676 | .Pp | ||
677 | The key used for signing is specified using the | ||
678 | .Fl f | ||
679 | option and may refer to either a private key, or a public key with the private | ||
680 | half available via | ||
681 | .Xr ssh-agent 1 . | ||
682 | An additional signature namespace, used to prevent signature confusion across | ||
683 | different domains of use (e.g. file signing vs email signing) must be provided | ||
684 | via the | ||
685 | .Fl n | ||
686 | flag. | ||
687 | Namespaces are arbitrary strings, and may include: | ||
688 | .Dq file | ||
689 | for file signing, | ||
690 | .Dq email | ||
691 | for email signing. | ||
692 | For custom uses, it is recommended to use names following a | ||
693 | NAMESPACE@YOUR.DOMAIN pattern to generate unambiguous namespaces. | ||
694 | .It Fl Y Cm verify | ||
695 | Request to verify a signature generated using | ||
696 | .Nm | ||
697 | .Fl Y Cm sign | ||
698 | as described above. | ||
699 | When verifying a signature, | ||
700 | .Nm | ||
701 | accepts a message on standard input and a signature namespace using | ||
702 | .Fl n . | ||
703 | A file containing the corresponding signature must also be supplied using the | ||
704 | .Fl s | ||
705 | flag, along with the identity of the signer using | ||
706 | .Fl I | ||
707 | and a list of allowed signers via the | ||
708 | .Fl f | ||
709 | flag. | ||
710 | The format of the allowed signers file is documented in the | ||
711 | .Sx ALLOWED SIGNERS | ||
712 | section below. | ||
713 | A file containing revoked keys can be passed using the | ||
714 | .Fl r | ||
715 | flag. | ||
716 | The revocation file may be a KRL or a one-per-line list of public keys. | ||
717 | Successful verification by an authorized signer is signalled by | ||
718 | .Nm | ||
719 | .It Fl Y Cm check-novalidate | ||
720 | Checks that a signature generated using | ||
721 | .Nm | ||
722 | .Fl Y Cm sign | ||
723 | has a valid structure. | ||
724 | This does not validate if a signature comes from an authorized signer. | ||
725 | When testing a signature, | ||
726 | .Nm | ||
727 | accepts a message on standard input and a signature namespace using | ||
728 | .Fl n . | ||
729 | A file containing the corresponding signature must also be supplied using the | ||
730 | .Fl s | ||
731 | flag. | ||
732 | Successful testing of the signature is signalled by | ||
733 | .Nm | ||
734 | returning a zero exit status. | ||
640 | .It Fl z Ar serial_number | 735 | .It Fl z Ar serial_number |
641 | Specifies a serial number to be embedded in the certificate to distinguish | 736 | Specifies a serial number to be embedded in the certificate to distinguish |
642 | this certificate from others from the same CA. | 737 | this certificate from others from the same CA. |
@@ -873,6 +968,57 @@ then | |||
873 | .Nm | 968 | .Nm |
874 | will exit with a non-zero exit status. | 969 | will exit with a non-zero exit status. |
875 | A zero exit status will only be returned if no key was revoked. | 970 | A zero exit status will only be returned if no key was revoked. |
971 | .Sh ALLOWED SIGNERS | ||
972 | When verifying signatures, | ||
973 | .Nm | ||
974 | uses a simple list of identities and keys to determine whether a signature | ||
975 | comes from an authorized source. | ||
976 | This "allowed signers" file uses a format patterned after the | ||
977 | AUTHORIZED_KEYS FILE FORMAT described in | ||
978 | .Xr sshd 8 . | ||
979 | Each line of the file contains the following space-separated fields: | ||
980 | principals, options, keytype, base64-encoded key. | ||
981 | Empty lines and lines starting with a | ||
982 | .Ql # | ||
983 | are ignored as comments. | ||
984 | .Pp | ||
985 | The principals field is a pattern-list (See PATTERNS in | ||
986 | .Xr ssh_config 5 ) | ||
987 | consisting of one or more comma-separated USER@DOMAIN identity patterns | ||
988 | that are accepted for signing. | ||
989 | When verifying, the identity presented via the | ||
990 | .Fl I option | ||
991 | must match a principals pattern in order for the corresponding key to be | ||
992 | considered acceptable for verification. | ||
993 | .Pp | ||
994 | The options (if present) consist of comma-separated option specifications. | ||
995 | No spaces are permitted, except within double quotes. | ||
996 | The following option specifications are supported (note that option keywords | ||
997 | are case-insensitive): | ||
998 | .Bl -tag -width Ds | ||
999 | .It Cm cert-authority | ||
1000 | Indicates that this key is accepted as a certificate authority (CA) and | ||
1001 | that certificates signed by this CA may be accepted for verification. | ||
1002 | .It Cm namespaces="namespace-list" | ||
1003 | Specifies a pattern-list of namespaces that are accepted for this key. | ||
1004 | If this option is present, the signature namespace embedded in the | ||
1005 | signature object and presented on the verification command-line must | ||
1006 | match the specified list before the key will be considered acceptable. | ||
1007 | .El | ||
1008 | .Pp | ||
1009 | When verifying signatures made by certificates, the expected principal | ||
1010 | name must match both the principals pattern in the allowed signers file and | ||
1011 | the principals embedded in the certificate itself. | ||
1012 | .Pp | ||
1013 | An example allowed signers file: | ||
1014 | .Bd -literal -offset 3n | ||
1015 | # Comments allowed at start of line | ||
1016 | user1@example.com,user2@example.com ssh-rsa AAAAX1... | ||
1017 | # A certificate authority, trusted for all principals in a domain. | ||
1018 | *@example.com cert-authority ssh-ed25519 AAAB4... | ||
1019 | # A key that is accepted only for file signing. | ||
1020 | user2@example.com namespaces="file" ssh-ed25519 AAA41... | ||
1021 | .Ed | ||
876 | .Sh FILES | 1022 | .Sh FILES |
877 | .Bl -tag -width Ds -compact | 1023 | .Bl -tag -width Ds -compact |
878 | .It Pa ~/.ssh/id_dsa | 1024 | .It Pa ~/.ssh/id_dsa |