summaryrefslogtreecommitdiff
path: root/ssh-keygen.1
AgeCommit message (Collapse)Author
2007-01-05 - markus@cvs.openbsd.org 2006/12/11 21:25:46Damien Miller
[ssh-keygen.1 ssh.1] add rfc 4716 (public key format); ok jmc
2005-11-28 [ssh-keygen.1 ssh-keygen.c]Darren Tucker
Enforce DSA key length of exactly 1024 bits to comply with FIPS-186-2, increase minumum RSA key size to 768 bits and update man page to reflect these. Patch originally bz#1119 (senthilkumar_sen at hotpop.com), ok djm@, grudging ok deraadt@.
2005-11-05 - jmc@cvs.openbsd.org 2005/10/31 19:55:25Damien Miller
[ssh-keygen.1] grammar;
2005-11-05 - djm@cvs.openbsd.org 2005/10/31 11:12:49Damien Miller
[ssh-keygen.1 ssh-keygen.c] generate a protocol 2 RSA key by default
2005-06-16 - djm@cvs.openbsd.org 2005/06/08 03:50:00Damien Miller
[ssh-keygen.1 ssh-keygen.c sshd.8] increase default rsa/dsa key length from 1024 to 2048 bits; ok markus@ deraadt@
2005-05-26 - djm@cvs.openbsd.org 2005/04/21 06:17:50Damien Miller
[ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8] [sshd_config.5] OpenSSH doesn't ever look at the $HOME environment variable, so don't say that we do (bz #623); ok deraadt@
2005-03-14 - dtucker@cvs.openbsd.org 2005/03/14 10:09:03Darren Tucker
[ssh-keygen.1] Correct description of -H (bz #997); ok markus@, punctuation jmc@
2005-03-02 - jmc@cvs.openbsd.org 2005/03/01 18:15:56Damien Miller
[ssh-keygen.1] sort options (no attempt made at synopsis clean up though); spelling (occurance -> occurrence); use prompt before examples; grammar;
2005-03-02 - jmc@cvs.openbsd.org 2005/03/01 15:05:00Damien Miller
[ssh-keygen.1] whitespace;
2005-03-01 - djm@cvs.openbsd.org 2005/03/01 10:42:49Damien Miller
[ssh-keygen.1 ssh-keygen.c ssh_config.5] add tools for managing known_hosts files with hashed hostnames, including hashing existing files and deleting hosts by name; ok markus@ deraadt@
2004-08-13 - jmc@cvs.openbsd.org 2004/08/13 00:01:43Darren Tucker
[ssh-keygen.1] kill whitespace at eol;
2004-08-13 - jakob@cvs.openbsd.org 2004/08/12 21:41:13Darren Tucker
[ssh-keygen.1 ssh.1] improve SSHFP documentation; ok deraadt@
2003-12-31 - djm@cvs.openbsd.org 2003/12/22 09:16:58Darren Tucker
[moduli.c ssh-keygen.1 ssh-keygen.c] tidy up moduli generation debugging, add -v (verbose/debug) option to ssh-keygen; ok markus@
2003-08-02 - djm@cvs.openbsd.org 2003/07/28 09:49:56Darren Tucker
[ssh-keygen.1 ssh-keygen.c] Support for generating Diffie-Hellman groups (/etc/moduli) from ssh-keygen. Based on code from Phil Karn, William Allen Simpson and Niels Provos. ok markus@, thanks jmc@
2003-06-11 - jmc@cvs.openbsd.org 2003/06/10 09:12:11Damien Miller
[scp.1 sftp-server.8 ssh.1 ssh-add.1 ssh-agent.1 ssh_config.5] [sshd.8 sshd_config.5 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8] - section reorder - COMPATIBILITY merge - macro cleanup - kill whitespace at EOL - new sentence, new line ssh pages ok markus@
2003-05-23 - jmc@cvs.openbsd.org 2003/05/20 12:09:31Damien Miller
[ssh.1 ssh_config.5 sshd.8 sshd_config.5 ssh-keygen.1] new sentence, new line
2003-05-15 - jakob@cvs.openbsd.org 2003/05/14 18:16:20Damien Miller
[key.c key.h readconf.c readconf.h ssh_config.5 sshconnect.c] [dns.c dns.h README.dns ssh-keygen.1 ssh-keygen.c] add experimental support for verifying hos keys using DNS as described in draft-ietf-secsh-dns-xx.txt. more information in README.dns. ok markus@ and henning@
2003-04-01 - (djm) OpenBSD CVS SyncDamien Miller
- jmc@cvs.openbsd.org 2003/03/28 10:11:43 [scp.1 sftp.1 ssh.1 ssh-add.1 ssh-agent.1 ssh_config.5 sshd_config.5] [ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8] - killed whitespace - new sentence new line - .Bk for arguments ok markus@
2002-12-23 - stevesk@cvs.openbsd.org 2002/11/26 02:35:30Ben Lindstrom
[ssh-keygen.1] remove outdated statement; ok markus@ deraadt@
2002-06-21 - deraadt@cvs.openbsd.org 2002/06/19 00:27:55Ben Lindstrom
[auth-bsdauth.c auth-skey.c auth1.c auth2-chall.c auth2-none.c authfd.c authfd.h monitor_wrap.c msg.c nchan.c radix.c readconf.c scp.c sftp.1 ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh-keysign.c ssh.1 sshconnect.c sshconnect.h sshconnect2.c ttymodes.c xmalloc.h] KNF done automatically while reading....
2002-02-19 - stevesk@cvs.openbsd.org 2002/02/16 14:53:37Damien Miller
[ssh-keygen.1] -t required now for key generation
2002-01-22 - djm@cvs.openbsd.org 2001/12/21 08:52:22Damien Miller
[ssh-keygen.1 ssh-keygen.c] Remove default (rsa1) key type; ok markus@
2001-12-06 - stevesk@cvs.openbsd.org 2001/11/21 18:49:14Ben Lindstrom
[ssh-keygen.1] more on passphrase construction; ok markus@
2001-11-12 - markus@cvs.openbsd.org 2001/10/25 21:14:32Damien Miller
[ssh-keygen.1 ssh-keygen.c] better docu for fingerprinting, ok deraadt@
2001-09-12 - deraadt@cvs.openbsd.org 2001/09/05 06:23:07Ben Lindstrom
[scp.1 sftp.1 ssh.1 ssh-agent.1 sshd.8 ssh-keygen.1 ssh-keyscan.1] avoid first person in manual pages
2001-08-06 - jakob@cvs.openbsd.org 2001/08/02 15:07:23Ben Lindstrom
[ssh-keygen.1] document smartcard upload/download. ok markus@
2001-08-06 - aaron@cvs.openbsd.org 2001/07/23 14:14:18Ben Lindstrom
[ssh-keygen.1] Fix typo.
2001-07-04 - markus@cvs.openbsd.org 2001/06/25 17:18:27Ben Lindstrom
[ssh-keygen.1] sshd(8) will never read the private keys, but ssh(1) does; hugh@mimosa.com
2001-06-25 - deraadt@cvs.openbsd.org 2001/06/23 05:57:09Ben Lindstrom
[sftp.1 sftp-server.8 ssh-keygen.1] ok, tmac is now fixed
2001-06-25 - deraadt@cvs.openbsd.org 2001/06/23 02:33:05Ben Lindstrom
[sftp.1 sftp-server.8 ssh-keygen.1] join .%A entries; most by bk@rt.fm
2001-06-25 - markus@cvs.openbsd.org 2001/06/22 21:55:49Ben Lindstrom
[auth2.c auth-rsa.c pathnames.h ssh.1 sshd.8 sshd_config ssh-keygen.1] merge authorized_keys2 into authorized_keys. authorized_keys2 is used for backward compat. (just append authorized_keys2 to authorized_keys).
2001-06-09 - markus@cvs.openbsd.org 2001/06/03 19:36:44Ben Lindstrom
[ssh-keygen.1] 1-2 bits of entrophy per character (not per word), ok stevesk@
2001-05-06 - stevesk@cvs.openbsd.org 2001/05/05 13:42:52Ben Lindstrom
[sftp.1 ssh-add.1 ssh-keygen.1] typos, grammar
2001-04-24 - markus@cvs.openbsd.org 2001/04/23 21:57:07Ben Lindstrom
[ssh-keygen.1 ssh-keygen.c] allow public key for -e, too
2001-04-23 - markus@cvs.openbsd.org 2001/04/22 23:58:36Ben Lindstrom
[ssh-keygen.1 ssh.1 sshd.8] document hostbased and other cleanup
2001-04-22 - markus@cvs.openbsd.org 2001/04/22 13:41:02Ben Lindstrom
[ssh-keygen.1 ssh-keygen.c] style, noted by stevesk; sort flags in usage
2001-04-22 - markus@cvs.openbsd.org 2001/04/22 13:25:37Ben Lindstrom
[ssh-keygen.1 ssh-keygen.c] rename arguments -x -> -e (export key), -X -> -i (import key) xref draft-ietf-secsh-publickeyfile-01.txt
2001-04-11 - itojun@cvs.openbsd.org 2001/04/10 09:13:22Ben Lindstrom
[ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8] document id_rsa{.pub,}. markus ok
2001-03-12 - markus@cvs.openbsd.org 2001/03/11 22:33:24Ben Lindstrom
[ssh-keygen.1 ssh-keygen.c] remove -v again. use -B instead for bubblebabble. make -B consistent with -l and make -B work with /path/to/known_hosts. ok deraadt@
2001-03-11 - jakob@cvs.openbsd.org 2001/03/11 15:04:16Ben Lindstrom
[ssh-keygen.1 ssh-keygen.c] print both md5, sha1 and bubblebabble fingerprints when using ssh-keygen -l -v. ok markus@.
2001-03-05 - deraadt@cvs.openbsd.org 2001/03/02 18:54:31Ben Lindstrom
[atomicio.c atomicio.h auth-chall.c auth.c auth2-chall.c crc32.h scp.c serverloop.c session.c sftp-server.8 sftp.1 ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh.1 sshd.8] make copyright lines the same format
2001-03-05 - deraadt@cvs.openbsd.org 2001/02/22 08:03:51Ben Lindstrom
[ssh-keygen.1 ssh-keygen.c] bye bye -d
2001-03-05 - deraadt@cvs.openbsd.org 2001/02/22 06:43:55Ben Lindstrom
[ssh-keygen.1 ssh-keygen.c] document -d, and -t defaults to rsa1
2001-02-10 - (bal) A bit more whitespace cleanupBen Lindstrom
2001-02-10Sync CVS ID w/ OpenBSDBen Lindstrom
2001-01-29 - markus@cvs.openbsd.org 2001/01/28 10:24:04Ben Lindstrom
[ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1] cleanup AUTHORS sections
2001-01-29 - niklas@cvs.openbsd.org 2001/01/2001Ben Lindstrom
[atomicio.h canohost.h clientloop.h deattack.h dh.h dispatch.h groupaccess.c groupaccess.h hmac.h hostfile.h includes.h kex.h key.h log.h login.h match.h misc.h myproposal.h nchan.ms pathnames.h radix.h readpass.h rijndael.h serverloop.h session.h sftp.h ssh-add.1 ssh-dss.h ssh-keygen.1 ssh-keyscan.1 ssh-rsa.h ssh1.h ssh_config sshconnect.h sshd_config tildexpand.h uidswap.h uuencode.h] $OpenBSD$
2001-01-22Hopefully things did not get mixed around too much. It compiles underBen Lindstrom
Linux and works. So that is at least a good sign. =) 20010122 - (bal) OpenBSD Resync - markus@cvs.openbsd.org 2001/01/19 12:45:26 GMT 2001 by markus [servconf.c ssh.h sshd.c] only auth-chall.c needs #ifdef SKEY - markus@cvs.openbsd.org 2001/01/19 15:55:10 GMT 2001 by markus [auth-krb4.c auth-options.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth1.c auth2.c channels.c clientloop.c dh.c dispatch.c nchan.c packet.c pathname.h readconf.c scp.c servconf.c serverloop.c session.c ssh-add.c ssh-keygen.c ssh-keyscan.c ssh.c ssh.h ssh1.h sshconnect1.c sshd.c ttymodes.c] move ssh1 definitions to ssh1.h, pathnames to pathnames.h - markus@cvs.openbsd.org 2001/01/19 16:48:14 [sshd.8] fix typo; from stevesk@ - markus@cvs.openbsd.org 2001/01/19 16:50:58 [ssh-dss.c] clear and free digest, make consistent with other code (use dlen); from stevesk@ - markus@cvs.openbsd.org 2001/01/20 15:55:20 GMT 2001 by markus [auth-options.c auth-options.h auth-rsa.c auth2.c] pass the filename to auth_parse_options() - markus@cvs.openbsd.org 2001/01/20 17:59:40 GMT 2001 [readconf.c] fix SIGSEGV from -o ""; problem noted by jehsom@togetherweb.com - stevesk@cvs.openbsd.org 2001/01/20 18:20:29 [sshconnect2.c] dh_new_group() does not return NULL. ok markus@ - markus@cvs.openbsd.org 2001/01/20 21:33:42 [ssh-add.c] do not loop forever if askpass does not exist; from andrew@pimlott.ne.mediaone.net - djm@cvs.openbsd.org 2001/01/20 23:00:56 [servconf.c] Check for NULL return from strdelim; ok markus - djm@cvs.openbsd.org 2001/01/20 23:02:07 [readconf.c] KNF; ok markus - jakob@cvs.openbsd.org 2001/01/21 9:00:33 [ssh-keygen.1] remove -R flag; ok markus@ - markus@cvs.openbsd.org 2001/01/21 19:05:40 [atomicio.c automicio.h auth-chall.c auth-krb4.c auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth.c auth.h auth1.c auth2-chall.c auth2.c authfd.c authfile.c bufaux.c bufaux.h buffer.c canahost.c canahost.h channels.c cipher.c cli.c clientloop.c clientloop.h compat.c compress.c deattack.c dh.c dispatch.c groupaccess.c hmac.c hostfile.c kex.c key.c key.h log-client.c log-server.c log.c log.h login.c login.h match.c misc.c misc.h nchan.c packet.c pty.c radix.h readconf.c readpass.c readpass.h rsa.c scp.c servconf.c serverloop.c serverloop.h session.c sftp-server.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-rsa.c ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c sshd.c tildexpand.c tildexpand.h ttysmodes.c uidswap.c xmalloc.c] split ssh.h and try to cleanup the #include mess. remove unnecessary #includes. rename util.[ch] -> misc.[ch] - (bal) renamed 'PIDDIR' to '_PATH_SSH_PIDDIR' to match OpenBSD tree - (bal) Moved #ifdef KRB4 in auth-krb4.c above the #include to resolve conflict when compiling for non-kerb install - (bal) removed the #ifdef SKEY in auth1.c to match Markus' changes on 1/19.
2001-01-18NOTE: This update changes the RSA key generation. *NEW RSA KEYSBen Lindstrom
NEED TO BE GENERATED* =) Refer to to entry "2001/01/16 19:20:06" for more details. 20010118 - (bal) Super Sized OpenBSD Resync - markus@cvs.openbsd.org 2001/01/11 22:14:20 GMT 2001 by markus [sshd.c] maxfd+1 - markus@cvs.openbsd.org 2001/01/13 17:59:18 [ssh-keygen.1] small ssh-keygen manpage cleanup; stevesk@pobox.com - markus@cvs.openbsd.org 2001/01/13 18:03:07 [scp.c ssh-keygen.c sshd.c] getopt() returns -1 not EOF; stevesk@pobox.com - markus@cvs.openbsd.org 2001/01/13 18:06:54 [ssh-keyscan.c] use SSH_DEFAULT_PORT; from stevesk@pobox.com - markus@cvs.openbsd.org 2001/01/13 18:12:47 [ssh-keyscan.c] free() -> xfree(); fix memory leak; from stevesk@pobox.com - markus@cvs.openbsd.org 2001/01/13 18:14:13 [ssh-add.c] typo, from stevesk@sweden.hp.com - markus@cvs.openbsd.org 2001/01/13 18:32:50 [packet.c session.c ssh.c sshconnect.c sshd.c] split out keepalive from packet_interactive (from dale@accentre.com) set IPTOS_LOWDELAY TCP_NODELAY IPTOS_THROUGHPUT for ssh2, too. - markus@cvs.openbsd.org 2001/01/13 18:36:45 [packet.c packet.h] reorder, typo - markus@cvs.openbsd.org 2001/01/13 18:38:00 [auth-options.c] fix comment - markus@cvs.openbsd.org 2001/01/13 18:43:31 [session.c] Wall - markus@cvs.openbsd.org 2001/01/13 19:14:08 [clientloop.h clientloop.c ssh.c] move callback to headerfile - markus@cvs.openbsd.org 2001/01/15 21:40:10 [ssh.c] use log() instead of stderr - markus@cvs.openbsd.org 2001/01/15 21:43:51 [dh.c] use error() not stderr! - markus@cvs.openbsd.org 2001/01/15 21:45:29 [sftp-server.c] rename must fail if newpath exists, debug off by default - markus@cvs.openbsd.org 2001/01/15 21:46:38 [sftp-server.c] readable long listing for sftp-server, ok deraadt@ - markus@cvs.openbsd.org 2001/01/16 19:20:06 [key.c ssh-rsa.c] make "ssh-rsa" key format for ssh2 confirm to the ietf-drafts; from galb@vandyke.com. note that you have to delete older ssh2-rsa keys, since they are in the wrong format, too. they must be removed from .ssh/authorized_keys2 and .ssh/known_hosts2, etc. (cd; grep -v ssh-rsa .ssh/authorized_keys2 > TMP && mv TMP .ssh/authorized_keys2) additionally, we now check that BN_num_bits(rsa->n) >= 768. - markus@cvs.openbsd.org 2001/01/16 20:54:27 [sftp-server.c] remove some statics. simpler handles; idea from nisse@lysator.liu.se - deraadt@cvs.openbsd.org 2001/01/16 23:58:08 [bufaux.c radix.c sshconnect.h sshconnect1.c] indent - (bal) Added bsd-strmode.[ch] since some non-OpenBSD platforms may be missing such feature.
2000-11-13 - (djm) Merge OpenBSD changes:Damien Miller
- markus@cvs.openbsd.org 2000/11/06 16:04:56 [channels.c channels.h clientloop.c nchan.c serverloop.c] [session.c ssh.c] agent forwarding and -R for ssh2, based on work from jhuuskon@messi.uku.fi - markus@cvs.openbsd.org 2000/11/06 16:13:27 [ssh.c sshconnect.c sshd.c] do not disabled rhosts(rsa) if server port > 1024; from pekkas@netcore.fi - markus@cvs.openbsd.org 2000/11/06 16:16:35 [sshconnect.c] downgrade client to 1.3 if server is 1.4; help from mdb@juniper.net - markus@cvs.openbsd.org 2000/11/09 18:04:40 [auth1.c] typo; from mouring@pconline.com - markus@cvs.openbsd.org 2000/11/12 12:03:28 [ssh-agent.c] off-by-one when removing a key from the agent - markus@cvs.openbsd.org 2000/11/12 12:50:39 [auth-rh-rsa.c auth2.c authfd.c authfd.h] [authfile.c hostfile.c kex.c kex.h key.c key.h myproposal.h] [readconf.c readconf.h rsa.c rsa.h servconf.c servconf.h ssh-add.c] [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config] [sshconnect1.c sshconnect2.c sshd.8 sshd.c sshd_config ssh-dss.c] [ssh-dss.h ssh-rsa.c ssh-rsa.h dsa.c dsa.h] add support for RSA to SSH2. please test. there are now 3 types of keys: RSA1 is used by ssh-1 only, RSA and DSA are used by SSH2. you can use 'ssh-keygen -t rsa -f ssh2_rsa_file' to generate RSA keys for SSH2 and use the RSA keys for hostkeys or for user keys. SSH2 RSA or DSA keys are added to .ssh/authorised_keys2 as before. - (djm) Fix up Makefile and Redhat init script to create RSA host keys - (djm) Change to interim version