summaryrefslogtreecommitdiff
path: root/ssh-keygen.1
AgeCommit message (Collapse)Author
2018-09-12upstream: fix edit mistake; spotted by jmc@djm@openbsd.org
OpenBSD-Commit-ID: dd724e1c52c9d6084f4cd260ec7e1b2b138261c6
2018-09-12upstream: allow key revocation by SHA256 hash and allow ssh-keygendjm@openbsd.org
to create KRLs using SHA256/base64 key fingerprints; ok markus@ OpenBSD-Commit-ID: a0590fd34e7f1141f2873ab3acc57442560e6a94
2018-08-08upstream: Use new private key format by default. This format isdjm@openbsd.org
suported by OpenSSH >= 6.5 (released January 2014), so it should be supported by most OpenSSH versions in active use. It is possible to convert new-format private keys to the older format using "ssh-keygen -f /path/key -pm PEM". ok deraadt dtucker OpenBSD-Commit-ID: e3bd4f2509a2103bfa2f710733426af3ad6d8ab8
2018-03-14upstream: add valid-before="[time]" authorized_keys option. Adjm@openbsd.org
simple way of giving a key an expiry date. ok markus@ OpenBSD-Commit-ID: 1793b4dd5184fa87f42ed33c7b0f4f02bc877947
2018-02-07upstream commitdjm@openbsd.org
certificate options are case-sensitive; fix case on one that had it wrong. move a badly-place sentence to a less bad place OpenBSD-Commit-ID: 231e516bba860699a1eece6d48532d825f5f747b
2017-11-03upstream commitdjm@openbsd.org@openbsd.org
allow certificate validity intervals that specify only a start or stop time (we already support specifying both or neither) OpenBSD-Commit-ID: 9be486545603c003030bdb5c467d1318b46b4e42
2017-07-21upstream commitjmc@openbsd.org
slightly rework previous, to avoid an article issue; Upstream-ID: 15a315f0460ddd3d4e2ade1f16d6c640a8c41b30
2017-07-21upstream commitdjm@openbsd.org
When generating all hostkeys (ssh-keygen -A), clobber existing keys if they exist but are zero length. zero-length keys could previously be made if ssh-keygen failed part way through generating them, so avoid that case too. bz#2561 reported by Krzysztof Cieplucha; ok dtucker@ Upstream-ID: f662201c28ab8e1f086b5d43c59cddab5ade4044
2017-06-28upstream commitdjm@openbsd.org
Allow ssh-keygen to use a key held in ssh-agent as a CA when signing certificates. bz#2377 ok markus Upstream-ID: fb42e920b592edcbb5b50465739a867c09329c8f
2017-05-08upstream commitnaddy@openbsd.org
remove superfluous protocol 2 mentions; ok jmc@ Upstream-ID: 0aaf7567c9f2e50fac5906b6a500a39c33c4664d
2017-05-08upstream commitjmc@openbsd.org
more protocol 1 stuff to go; ok djm Upstream-ID: 307a30441d2edda480fd1661d998d36665671e47
2017-05-08upstream commitjmc@openbsd.org
rsa1 is no longer valid; Upstream-ID: 9953d09ed9841c44b7dcf7019fa874783a709d89
2017-05-08upstream commitjmc@openbsd.org
more -O shuffle; ok djm Upstream-ID: c239991a3a025cdbb030b73e990188dd9bfbeceb
2017-05-08upstream commitjmc@openbsd.org
tidy up -O somewhat; ok djm Upstream-ID: 804405f716bf7ef15c1f36ab48581ca16aeb4d52
2017-05-01upstream commitdjm@openbsd.org
remove KEY_RSA1 ok markus@ Upstream-ID: 7408517b077c892a86b581e19f82a163069bf133
2017-05-01upstream commitjmc@openbsd.org
tweak previous; Upstream-ID: a3abc6857455299aa42a046d232b7984568bceb9
2017-05-01upstream commitdjm@openbsd.org
allow ssh-keygen to include arbitrary string or flag certificate extensions and critical options. ok markus@ dtucker@ Upstream-ID: 2cf28dd6c5489eb9fc136e0b667ac3ea10241646
2016-06-24upstream commitjmc@openbsd.org
keys stored in openssh format can have comments too; diff from yonas yanfa, tweaked a bit; ok djm Upstream-ID: 03d48536da6e51510d73ade6fcd44ace731ceb27
2016-05-05upstream commitjmc@openbsd.org
correct article; Upstream-ID: 1fbd5b7ab16d2d9834ec79c3cedd4738fa42a168
2016-05-04upstream commitdjm@openbsd.org
make nethack^wrandomart fingerprint flag more readily searchable pointed out by Matt Johnston Upstream-ID: cb40d0235dc153c478c1aad3bc60b195422a54fb
2016-02-18upstream commitjmc@openbsd.org
since these pages now clearly tell folks to avoid v1, normalise the docs from a v2 perspective (i.e. stop pointing out which bits are v2 only); ok/tweaks djm ok markus Upstream-ID: eb474f8c36fb6a532dc05c282f7965e38dcfa129
2015-11-16upstream commitdjm@openbsd.org
support multiple certificates (one per line) and reading from standard input (using "-f -") for "ssh-keygen -L"; ok dtucker@ Upstream-ID: ecbadeeef3926e5be6281689b7250a32a80e88db
2015-11-09upstream commitjmc@openbsd.org
"commandline" -> "command line", since there are so few examples of the former in the pages, so many of the latter, and in some of these pages we had multiple spellings; prompted by tj Upstream-ID: 78459d59bff74223f8139d9001ccd56fc4310659
2015-08-21upstream commitnaddy@openbsd.org
In the certificates section, be consistent about using "host_key" and "user_key" for the respective key types. ok sthen@ deraadt@ Upstream-ID: 9e037ea3b15577b238604c5533e082a3947f13cb
2015-07-15upstream commitdjm@openbsd.org
refuse to generate or accept RSA keys smaller than 1024 bits; feedback and ok dtucker@ Upstream-ID: 7ea3d31271366ba264f06e34a3539bf1ac30f0ba
2015-02-26upstream commitnaddy@openbsd.org
add -v (show ASCII art) to -l's synopsis; ok djm@
2014-12-22upstream commitdjm@openbsd.org
Add FingerprintHash option to control algorithm used for key fingerprints. Default changes from MD5 to SHA256 and format from hex to base64. Feedback and ok naddy@ markus@
2014-10-13upstream commitsobrado@openbsd.org
improve capitalization for the Ed25519 public-key signature system. ok djm@
2014-04-20 - jmc@cvs.openbsd.org 2014/03/31 13:39:34Damien Miller
[ssh-keygen.1] the text for the -K option was inserted in the wrong place in -r1.108; fix From: Matthew Clarke
2014-04-20 - deraadt@cvs.openbsd.org 2014/03/15 17:28:26Damien Miller
[ssh-agent.c ssh-keygen.1 ssh-keygen.c] Improve usage() and documentation towards the standard form. In particular, this line saves a lot of man page reading time. usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1] [-N new_passphrase] [-C comment] [-f output_keyfile] ok schwarze jmc
2014-02-07 - naddy@cvs.openbsd.org 2014/02/05 20:13:25Damien Miller
[ssh-keygen.1 ssh-keygen.c] tweak synopsis: calling ssh-keygen without any arguments is fine; ok jmc@ while here, fix ordering in usage(); requested by jmc@
2013-12-29 - tedu@cvs.openbsd.org 2013/12/21 07:10:47Damien Miller
[ssh-keygen.1] small typo
2013-12-18 - naddy@cvs.openbsd.org 2013/12/07 11:58:46Damien Miller
[ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8 ssh.1] [ssh_config.5 sshd.8 sshd_config.5] add missing mentions of ed25519; ok djm@
2013-12-18 - djm@cvs.openbsd.org 2013/12/07 08:08:26Damien Miller
[ssh-keygen.1] document -a and -o wrt new key format
2013-07-18 - jmc@cvs.openbsd.org 2013/06/27 14:05:37Damien Miller
[ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5] do not use Sx for sections outwith the man page - ingo informs me that stuff like html will render with broken links; issue reported by Eric S. Raymond, via djm
2013-01-20 - jmc@cvs.openbsd.org 2013/01/19 07:13:25Damien Miller
[ssh-keygen.1] fix some formatting; ok djm
2013-01-20 - jmc@cvs.openbsd.org 2013/01/18 21:48:43Damien Miller
[ssh-keygen.1] command-line (adj.) -> command line (n.);
2013-01-20 - jmc@cvs.openbsd.org 2013/01/18 08:39:04Damien Miller
[ssh-keygen.1] add -Q to the options list; ok djm
2013-01-20 - jmc@cvs.openbsd.org 2013/01/18 07:57:47Damien Miller
[ssh-keygen.1] tweak previous;
2013-01-18 - djm@cvs.openbsd.org 2013/01/17 23:00:01Damien Miller
[auth.c key.c key.h ssh-keygen.1 ssh-keygen.c sshd_config.5] [krl.c krl.h PROTOCOL.krl] add support for Key Revocation Lists (KRLs). These are a compact way to represent lists of revoked keys and certificates, taking as little as a single bit of incremental cost to revoke a certificate by serial number. KRLs are loaded via the existing RevokedKeys sshd_config option. feedback and ok markus@
2012-09-06 - jmc@cvs.openbsd.org 2012/08/15 18:25:50Darren Tucker
[ssh-keygen.1] a little more info on certificate validity; requested by Ross L Richardson, and provided by djm
2012-07-06 - dtucker@cvs.openbsd.org 2012/07/06 00:41:59Damien Miller
[moduli.c ssh-keygen.1 ssh-keygen.c] Add options to specify starting line number and number of lines to process when screening moduli candidates. This allows processing of different parts of a candidate moduli file in parallel. man page help jmc@, ok djm@
2011-10-18 - dtucker@cvs.openbsd.org 2011/10/16 11:02:46Damien Miller
[moduli.c ssh-keygen.1 ssh-keygen.c] Add optional checkpoints for moduli screening. feedback & ok deraadt
2011-09-22 - deraadt@cvs.openbsd.org 2011/09/07 02:18:31Damien Miller
[ssh-keygen.1] typo (they vs the) found by Lawrence Teo
2011-05-05 - djm@cvs.openbsd.org 2011/04/13 04:09:37Damien Miller
[ssh-keygen.1] mention valid -b sizes for ECDSA keys; bz#1862
2011-05-05 - djm@cvs.openbsd.org 2011/04/13 04:02:48Damien Miller
[ssh-keygen.1] improve wording; bz#1861
2011-05-05 - jmc@cvs.openbsd.org 2011/03/24 15:29:30Damien Miller
[ssh-keygen.1] zap trailing whitespace;
2011-05-05 - stevesk@cvs.openbsd.org 2011/03/23 16:24:56Damien Miller
[ssh-keygen.1] -q not used in /etc/rc now so remove statement.
2011-05-05 - stevesk@cvs.openbsd.org 2011/03/23 15:16:22Damien Miller
[ssh-keygen.1 ssh-keygen.c] Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys do not exist, generate the host keys with the default key file path, an empty passphrase, default bits for the key type, and default comment. This will be used by /etc/rc to generate new host keys. Idea from deraadt. ok deraadt
2010-11-05 - jmc@cvs.openbsd.org 2010/10/28 18:33:28Damien Miller
[scp.1 ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5] knock out some "-*- nroff -*-" lines;