summaryrefslogtreecommitdiff
path: root/ssh-keygen.1
diff options
context:
space:
mode:
Diffstat (limited to 'ssh-keygen.1')
-rw-r--r--ssh-keygen.126
1 files changed, 18 insertions, 8 deletions
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 689db22ff..09e401bf8 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: ssh-keygen.1,v 1.117 2013/12/07 08:08:26 djm Exp $ 1.\" $OpenBSD: ssh-keygen.1,v 1.118 2013/12/07 11:58:46 naddy Exp $
2.\" 2.\"
3.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 3.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -139,8 +139,8 @@
139generates, manages and converts authentication keys for 139generates, manages and converts authentication keys for
140.Xr ssh 1 . 140.Xr ssh 1 .
141.Nm 141.Nm
142can create RSA keys for use by SSH protocol version 1 and DSA, ECDSA or RSA 142can create RSA keys for use by SSH protocol version 1 and
143keys for use by SSH protocol version 2. 143DSA, ECDSA, ED25519 or RSA keys for use by SSH protocol version 2.
144The type of key to be generated is specified with the 144The type of key to be generated is specified with the
145.Fl t 145.Fl t
146option. 146option.
@@ -167,8 +167,9 @@ Normally each user wishing to use SSH
167with public key authentication runs this once to create the authentication 167with public key authentication runs this once to create the authentication
168key in 168key in
169.Pa ~/.ssh/identity , 169.Pa ~/.ssh/identity ,
170.Pa ~/.ssh/id_dsa ,
170.Pa ~/.ssh/id_ecdsa , 171.Pa ~/.ssh/id_ecdsa ,
171.Pa ~/.ssh/id_dsa 172.Pa ~/.ssh/id_ed25519
172or 173or
173.Pa ~/.ssh/id_rsa . 174.Pa ~/.ssh/id_rsa .
174Additionally, the system administrator may use this to generate host keys, 175Additionally, the system administrator may use this to generate host keys,
@@ -216,7 +217,8 @@ should be placed to be activated.
216The options are as follows: 217The options are as follows:
217.Bl -tag -width Ds 218.Bl -tag -width Ds
218.It Fl A 219.It Fl A
219For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys 220For each of the key types (rsa1, rsa, dsa, ecdsa and ed25519)
221for which host keys
220do not exist, generate the host keys with the default key file path, 222do not exist, generate the host keys with the default key file path,
221an empty passphrase, default bits for the key type, and default comment. 223an empty passphrase, default bits for the key type, and default comment.
222This is used by 224This is used by
@@ -249,6 +251,9 @@ flag determines the key length by selecting from one of three elliptic
249curve sizes: 256, 384 or 521 bits. 251curve sizes: 256, 384 or 521 bits.
250Attempting to use bit lengths other than these three values for ECDSA keys 252Attempting to use bit lengths other than these three values for ECDSA keys
251will fail. 253will fail.
254ED25519 keys have a fixed length and the
255.Fl b
256flag will be ignored.
252.It Fl C Ar comment 257.It Fl C Ar comment
253Provides a new comment. 258Provides a new comment.
254.It Fl c 259.It Fl c
@@ -515,7 +520,8 @@ The possible values are
515.Dq rsa1 520.Dq rsa1
516for protocol version 1 and 521for protocol version 1 and
517.Dq dsa , 522.Dq dsa ,
518.Dq ecdsa 523.Dq ecdsa ,
524.Dq ed25519 ,
519or 525or
520.Dq rsa 526.Dq rsa
521for protocol version 2. 527for protocol version 2.
@@ -795,8 +801,10 @@ There is no need to keep the contents of this file secret.
795.Pp 801.Pp
796.It Pa ~/.ssh/id_dsa 802.It Pa ~/.ssh/id_dsa
797.It Pa ~/.ssh/id_ecdsa 803.It Pa ~/.ssh/id_ecdsa
804.It Pa ~/.ssh/id_ed25519
798.It Pa ~/.ssh/id_rsa 805.It Pa ~/.ssh/id_rsa
799Contains the protocol version 2 DSA, ECDSA or RSA authentication identity of the user. 806Contains the protocol version 2 DSA, ECDSA, ED25519 or RSA
807authentication identity of the user.
800This file should not be readable by anyone but the user. 808This file should not be readable by anyone but the user.
801It is possible to 809It is possible to
802specify a passphrase when generating the key; that passphrase will be 810specify a passphrase when generating the key; that passphrase will be
@@ -809,8 +817,10 @@ will read this file when a login attempt is made.
809.Pp 817.Pp
810.It Pa ~/.ssh/id_dsa.pub 818.It Pa ~/.ssh/id_dsa.pub
811.It Pa ~/.ssh/id_ecdsa.pub 819.It Pa ~/.ssh/id_ecdsa.pub
820.It Pa ~/.ssh/id_ed25519.pub
812.It Pa ~/.ssh/id_rsa.pub 821.It Pa ~/.ssh/id_rsa.pub
813Contains the protocol version 2 DSA, ECDSA or RSA public key for authentication. 822Contains the protocol version 2 DSA, ECDSA, ED25519 or RSA
823public key for authentication.
814The contents of this file should be added to 824The contents of this file should be added to
815.Pa ~/.ssh/authorized_keys 825.Pa ~/.ssh/authorized_keys
816on all machines 826on all machines