1 files changed, 42 insertions, 15 deletions
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 151cab0ef..299ccf8dd 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: ssh-keygen.1,v 1.116 2013/06/27 14:05:37 jmc Exp $
+.\"     $OpenBSD: ssh-keygen.1,v 1.119 2013/12/21 07:10:47 tedu Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: June 27 2013 $
+.Dd $Mdocdate: December 21 2013 $
 .Dt SSH-KEYGEN 1
 .Os
 .Sh NAME
@@ -103,7 +103,7 @@
 .Fl T Ar output_file
 .Fl f Ar input_file
 .Op Fl v
-.Op Fl a Ar num_trials
+.Op Fl a Ar rounds
 .Op Fl J Ar num_lines
 .Op Fl j Ar start_line
 .Op Fl K Ar checkpt
@@ -139,8 +139,8 @@
 generates, manages and converts authentication keys for
 .Xr ssh 1 .
 .Nm
-can create RSA keys for use by SSH protocol version 1 and DSA, ECDSA or RSA
+can create RSA keys for use by SSH protocol version 1 and
-keys for use by SSH protocol version 2.
+DSA, ECDSA, ED25519 or RSA keys for use by SSH protocol version 2.
 The type of key to be generated is specified with the
 .Fl t
 option.
@@ -167,8 +167,9 @@ Normally each user wishing to use SSH
 with public key authentication runs this once to create the authentication
 key in
 .Pa ~/.ssh/identity ,
+.Pa ~/.ssh/id_dsa ,
 .Pa ~/.ssh/id_ecdsa ,
-.Pa ~/.ssh/id_dsa
+.Pa ~/.ssh/id_ed25519
 or
 .Pa ~/.ssh/id_rsa .
 Additionally, the system administrator may use this to generate host keys.
@@ -214,15 +215,25 @@ should be placed to be activated.
 The options are as follows:
 .Bl -tag -width Ds
 .It Fl A
-For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys
+For each of the key types (rsa1, rsa, dsa, ecdsa and ed25519)
+for which host keys
 do not exist, generate the host keys with the default key file path,
 an empty passphrase, default bits for the key type, and default comment.
 This is used by system administration scripts to generate new host keys.
-.It Fl a Ar trials
+.It Fl a Ar rounds
-Specifies the number of primality tests to perform when screening DH-GEX
+When saving a new-format private key (i.e. an ed25519 key or any SSH protocol
-candidates using the
+2 key when the
+.Fl o
+flag is set), this option specifies the number of KDF (key derivation function)
+rounds used.
+Higher numbers result in slower passphrase verification and increased
+resistance to brute-force password cracking (should the keys be stolen).
+.Pp
+When screening DH-GEX candidates (
+using the
 .Fl T
-command.
+command).
+This option specifies the number of primality tests to perform.
 .It Fl B
 Show the bubblebabble digest of specified private or public key file.
 .It Fl b Ar bits
@@ -236,6 +247,9 @@ flag determines the key length by selecting from one of three elliptic
 curve sizes: 256, 384 or 521 bits.
 Attempting to use bit lengths other than these three values for ECDSA keys
 will fail.
+ED25519 keys have a fixed length and the
+.Fl b
+flag will be ignored.
 .It Fl C Ar comment
 Provides a new comment.
 .It Fl c
@@ -443,6 +457,14 @@ format.
 .El
 .Pp
 At present, no options are valid for host keys.
+.It Fl o
+Causes
+.Nm
+to save SSH protocol 2 private keys using the new OpenSSH format rather than
+the more compatible PEM format.
+The new format has increased resistance to brute-force password cracking
+but is not supported by versions of OpenSSH prior to 6.5.
+Ed25519 keys always use the new private key format.
 .It Fl P Ar passphrase
 Provides the (old) passphrase.
 .It Fl p
@@ -494,7 +516,8 @@ The possible values are
 .Dq rsa1
 for protocol version 1 and
 .Dq dsa ,
-.Dq ecdsa
+.Dq ecdsa ,
+.Dq ed25519 ,
 or
 .Dq rsa
 for protocol version 2.
@@ -687,7 +710,7 @@ Please refer to those manual pages for details.
 .Nm
 is able to manage OpenSSH format Key Revocation Lists (KRLs).
 These binary files specify keys or certificates to be revoked using a
-compact format, taking as little a one bit per certificate if they are being
+compact format, taking as little as one bit per certificate if they are being
 revoked by serial number.
 .Pp
 KRLs may be generated using the
@@ -774,8 +797,10 @@ There is no need to keep the contents of this file secret.
 .Pp
 .It Pa ~/.ssh/id_dsa
 .It Pa ~/.ssh/id_ecdsa
+.It Pa ~/.ssh/id_ed25519
 .It Pa ~/.ssh/id_rsa
-Contains the protocol version 2 DSA, ECDSA or RSA authentication identity of the user.
+Contains the protocol version 2 DSA, ECDSA, ED25519 or RSA
+authentication identity of the user.
 This file should not be readable by anyone but the user.
 It is possible to
 specify a passphrase when generating the key; that passphrase will be
@@ -788,8 +813,10 @@ will read this file when a login attempt is made.
 .Pp
 .It Pa ~/.ssh/id_dsa.pub
 .It Pa ~/.ssh/id_ecdsa.pub
+.It Pa ~/.ssh/id_ed25519.pub
 .It Pa ~/.ssh/id_rsa.pub
-Contains the protocol version 2 DSA, ECDSA or RSA public key for authentication.
+Contains the protocol version 2 DSA, ECDSA, ED25519 or RSA
+public key for authentication.
 The contents of this file should be added to
 .Pa ~/.ssh/authorized_keys
 on all machines

diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 151cab0ef..299ccf8dd 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: ssh-keygen.1,v 1.116 2013/06/27 14:05:37 jmc Exp $	1	.\" $OpenBSD: ssh-keygen.1,v 1.119 2013/12/21 07:10:47 tedu Exp $
2	.\"	2	.\"
3	.\" Author: Tatu Ylonen <ylo@cs.hut.fi>	3	.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4	.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
35	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	35	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
36	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	36	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
37	.\"	37	.\"
38	.Dd $Mdocdate: June 27 2013 $	38	.Dd $Mdocdate: December 21 2013 $
39	.Dt SSH-KEYGEN 1	39	.Dt SSH-KEYGEN 1
40	.Os	40	.Os
41	.Sh NAME	41	.Sh NAME
@@ -103,7 +103,7 @@
103	.Fl T Ar output_file	103	.Fl T Ar output_file
104	.Fl f Ar input_file	104	.Fl f Ar input_file
105	.Op Fl v	105	.Op Fl v
106	.Op Fl a Ar num_trials	106	.Op Fl a Ar rounds
107	.Op Fl J Ar num_lines	107	.Op Fl J Ar num_lines
108	.Op Fl j Ar start_line	108	.Op Fl j Ar start_line
109	.Op Fl K Ar checkpt	109	.Op Fl K Ar checkpt
@@ -139,8 +139,8 @@
139	generates, manages and converts authentication keys for	139	generates, manages and converts authentication keys for
140	.Xr ssh 1 .	140	.Xr ssh 1 .
141	.Nm	141	.Nm
142	can create RSA keys for use by SSH protocol version 1 and DSA, ECDSA or RSA	142	can create RSA keys for use by SSH protocol version 1 and
143	keys for use by SSH protocol version 2.	143	DSA, ECDSA, ED25519 or RSA keys for use by SSH protocol version 2.
144	The type of key to be generated is specified with the	144	The type of key to be generated is specified with the
145	.Fl t	145	.Fl t
146	option.	146	option.
@@ -167,8 +167,9 @@ Normally each user wishing to use SSH
167	with public key authentication runs this once to create the authentication	167	with public key authentication runs this once to create the authentication
168	key in	168	key in
169	.Pa ~/.ssh/identity ,	169	.Pa ~/.ssh/identity ,
		170	.Pa ~/.ssh/id_dsa ,
170	.Pa ~/.ssh/id_ecdsa ,	171	.Pa ~/.ssh/id_ecdsa ,
171	.Pa ~/.ssh/id_dsa	172	.Pa ~/.ssh/id_ed25519
172	or	173	or
173	.Pa ~/.ssh/id_rsa .	174	.Pa ~/.ssh/id_rsa .
174	Additionally, the system administrator may use this to generate host keys.	175	Additionally, the system administrator may use this to generate host keys.
@@ -214,15 +215,25 @@ should be placed to be activated.
214	The options are as follows:	215	The options are as follows:
215	.Bl -tag -width Ds	216	.Bl -tag -width Ds
216	.It Fl A	217	.It Fl A
217	For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys	218	For each of the key types (rsa1, rsa, dsa, ecdsa and ed25519)
		219	for which host keys
218	do not exist, generate the host keys with the default key file path,	220	do not exist, generate the host keys with the default key file path,
219	an empty passphrase, default bits for the key type, and default comment.	221	an empty passphrase, default bits for the key type, and default comment.
220	This is used by system administration scripts to generate new host keys.	222	This is used by system administration scripts to generate new host keys.
221	.It Fl a Ar trials	223	.It Fl a Ar rounds
222	Specifies the number of primality tests to perform when screening DH-GEX	224	When saving a new-format private key (i.e. an ed25519 key or any SSH protocol
223	candidates using the	225	2 key when the
		226	.Fl o
		227	flag is set), this option specifies the number of KDF (key derivation function)
		228	rounds used.
		229	Higher numbers result in slower passphrase verification and increased
		230	resistance to brute-force password cracking (should the keys be stolen).
		231	.Pp
		232	When screening DH-GEX candidates (
		233	using the
224	.Fl T	234	.Fl T
225	command.	235	command).
		236	This option specifies the number of primality tests to perform.
226	.It Fl B	237	.It Fl B
227	Show the bubblebabble digest of specified private or public key file.	238	Show the bubblebabble digest of specified private or public key file.
228	.It Fl b Ar bits	239	.It Fl b Ar bits
@@ -236,6 +247,9 @@ flag determines the key length by selecting from one of three elliptic
236	curve sizes: 256, 384 or 521 bits.	247	curve sizes: 256, 384 or 521 bits.
237	Attempting to use bit lengths other than these three values for ECDSA keys	248	Attempting to use bit lengths other than these three values for ECDSA keys
238	will fail.	249	will fail.
		250	ED25519 keys have a fixed length and the
		251	.Fl b
		252	flag will be ignored.
239	.It Fl C Ar comment	253	.It Fl C Ar comment
240	Provides a new comment.	254	Provides a new comment.
241	.It Fl c	255	.It Fl c
@@ -443,6 +457,14 @@ format.
443	.El	457	.El
444	.Pp	458	.Pp
445	At present, no options are valid for host keys.	459	At present, no options are valid for host keys.
		460	.It Fl o
		461	Causes
		462	.Nm
		463	to save SSH protocol 2 private keys using the new OpenSSH format rather than
		464	the more compatible PEM format.
		465	The new format has increased resistance to brute-force password cracking
		466	but is not supported by versions of OpenSSH prior to 6.5.
		467	Ed25519 keys always use the new private key format.
446	.It Fl P Ar passphrase	468	.It Fl P Ar passphrase
447	Provides the (old) passphrase.	469	Provides the (old) passphrase.
448	.It Fl p	470	.It Fl p
@@ -494,7 +516,8 @@ The possible values are
494	.Dq rsa1	516	.Dq rsa1
495	for protocol version 1 and	517	for protocol version 1 and
496	.Dq dsa ,	518	.Dq dsa ,
497	.Dq ecdsa	519	.Dq ecdsa ,
		520	.Dq ed25519 ,
498	or	521	or
499	.Dq rsa	522	.Dq rsa
500	for protocol version 2.	523	for protocol version 2.
@@ -687,7 +710,7 @@ Please refer to those manual pages for details.
687	.Nm	710	.Nm
688	is able to manage OpenSSH format Key Revocation Lists (KRLs).	711	is able to manage OpenSSH format Key Revocation Lists (KRLs).
689	These binary files specify keys or certificates to be revoked using a	712	These binary files specify keys or certificates to be revoked using a
690	compact format, taking as little a one bit per certificate if they are being	713	compact format, taking as little as one bit per certificate if they are being
691	revoked by serial number.	714	revoked by serial number.
692	.Pp	715	.Pp
693	KRLs may be generated using the	716	KRLs may be generated using the
@@ -774,8 +797,10 @@ There is no need to keep the contents of this file secret.
774	.Pp	797	.Pp
775	.It Pa ~/.ssh/id_dsa	798	.It Pa ~/.ssh/id_dsa
776	.It Pa ~/.ssh/id_ecdsa	799	.It Pa ~/.ssh/id_ecdsa
		800	.It Pa ~/.ssh/id_ed25519
777	.It Pa ~/.ssh/id_rsa	801	.It Pa ~/.ssh/id_rsa
778	Contains the protocol version 2 DSA, ECDSA or RSA authentication identity of the user.	802	Contains the protocol version 2 DSA, ECDSA, ED25519 or RSA
		803	authentication identity of the user.
779	This file should not be readable by anyone but the user.	804	This file should not be readable by anyone but the user.
780	It is possible to	805	It is possible to
781	specify a passphrase when generating the key; that passphrase will be	806	specify a passphrase when generating the key; that passphrase will be
@@ -788,8 +813,10 @@ will read this file when a login attempt is made.
788	.Pp	813	.Pp
789	.It Pa ~/.ssh/id_dsa.pub	814	.It Pa ~/.ssh/id_dsa.pub
790	.It Pa ~/.ssh/id_ecdsa.pub	815	.It Pa ~/.ssh/id_ecdsa.pub
		816	.It Pa ~/.ssh/id_ed25519.pub
791	.It Pa ~/.ssh/id_rsa.pub	817	.It Pa ~/.ssh/id_rsa.pub
792	Contains the protocol version 2 DSA, ECDSA or RSA public key for authentication.	818	Contains the protocol version 2 DSA, ECDSA, ED25519 or RSA
		819	public key for authentication.
793	The contents of this file should be added to	820	The contents of this file should be added to
794	.Pa ~/.ssh/authorized_keys	821	.Pa ~/.ssh/authorized_keys
795	on all machines	822	on all machines