From d984a3c6658e950881edcfb2aae464add93f68d4 Mon Sep 17 00:00:00 2001 From: Colin Watson Date: Mon, 1 Sep 2003 00:45:47 +0000 Subject: Import OpenSSH 3.4p1. --- ssh-keygen.0 | 183 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 183 insertions(+) create mode 100644 ssh-keygen.0 (limited to 'ssh-keygen.0') diff --git a/ssh-keygen.0 b/ssh-keygen.0 new file mode 100644 index 000000000..d3a2135b4 --- /dev/null +++ b/ssh-keygen.0 @@ -0,0 +1,183 @@ +SSH-KEYGEN(1) System General Commands Manual SSH-KEYGEN(1) + +NAME + ssh-keygen - authentication key generation, management and conversion + +SYNOPSIS + ssh-keygen [-q] [-b bits] -t type [-N new_passphrase] [-C comment] + [-f output_keyfile] + ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile] + ssh-keygen -i [-f input_keyfile] + ssh-keygen -e [-f input_keyfile] + ssh-keygen -y [-f input_keyfile] + ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile] + ssh-keygen -l [-f input_keyfile] + ssh-keygen -B [-f input_keyfile] + ssh-keygen -D reader + ssh-keygen -U reader [-f input_keyfile] + +DESCRIPTION + ssh-keygen generates, manages and converts authentication keys for + ssh(1). ssh-keygen can create RSA keys for use by SSH protocol version 1 + and RSA or DSA keys for use by SSH protocol version 2. The type of key to + be generated is specified with the -t option. + + Normally each user wishing to use SSH with RSA or DSA authentication runs + this once to create the authentication key in $HOME/.ssh/identity, + $HOME/.ssh/id_dsa or $HOME/.ssh/id_rsa. Additionally, the system adminM-- + istrator may use this to generate host keys, as seen in /etc/rc. + + Normally this program generates the key and asks for a file in which to + store the private key. The public key is stored in a file with the same + name but ``.pub'' appended. The program also asks for a passphrase. The + passphrase may be empty to indicate no passphrase (host keys must have an + empty passphrase), or it may be a string of arbitrary length. A + passphrase is similar to a password, except it can be a phrase with a + series of words, punctuation, numbers, whitespace, or any string of charM-- + acters you want. Good passphrases are 10-30 characters long, are not + simple sentences or otherwise easily guessable (English prose has only + 1-2 bits of entropy per character, and provides very bad passphrases), + and contain a mix of upper and lowercase letters, numbers, and non- + alphanumeric characters. The passphrase can be changed later by using + the -p option. + + There is no way to recover a lost passphrase. If the passphrase is lost + or forgotten, a new key must be generated and copied to the corresponding + public key to other machines. + + For RSA1 keys, there is also a comment field in the key file that is only + for convenience to the user to help identify the key. The comment can + tell what the key is for, or whatever is useful. The comment is initialM-- + ized to ``user@host'' when the key is created, but can be changed using + the -c option. + + After a key is generated, instructions below detail where the keys should + be placed to be activated. + + The options are as follows: + + -b bits + Specifies the number of bits in the key to create. Minimum is + 512 bits. Generally 1024 bits is considered sufficient, and key + sizes above that no longer improve security but make things + slower. The default is 1024 bits. + + -c Requests changing the comment in the private and public key + files. This operation is only supported for RSA1 keys. The proM-- + gram will prompt for the file containing the private keys, for + the passphrase if the key has one, and for the new comment. + + -e This option will read a private or public OpenSSH key file and + print the key in a `SECSH Public Key File Format' to stdout. + This option allows exporting keys for use by several commercial + SSH implementations. + + -f filename + Specifies the filename of the key file. + + -i This option will read an unencrypted private (or public) key file + in SSH2-compatible format and print an OpenSSH compatible private + (or public) key to stdout. ssh-keygen also reads the `SECSH + Public Key File Format'. This option allows importing keys from + several commercial SSH implementations. + + -l Show fingerprint of specified public key file. Private RSA1 keys + are also supported. For RSA and DSA keys ssh-keygen tries to + find the matching public key file and prints its fingerprint. + + -p Requests changing the passphrase of a private key file instead of + creating a new private key. The program will prompt for the file + containing the private key, for the old passphrase, and twice for + the new passphrase. + + -q Silence ssh-keygen. Used by /etc/rc when creating a new key. + + -y This option will read a private OpenSSH format file and print an + OpenSSH public key to stdout. + + -t type + Specifies the type of the key to create. The possible values are + ``rsa1'' for protocol version 1 and ``rsa'' or ``dsa'' for protoM-- + col version 2. + + -B Show the bubblebabble digest of specified private or public key + file. + + -C comment + Provides the new comment. + + -D reader + Download the RSA public key stored in the smartcard in reader. + + -N new_passphrase + Provides the new passphrase. + + -P passphrase + Provides the (old) passphrase. + + -U reader + Upload an existing RSA private key into the smartcard in reader. + +FILES + $HOME/.ssh/identity + Contains the protocol version 1 RSA authentication identity of + the user. This file should not be readable by anyone but the + user. It is possible to specify a passphrase when generating the + key; that passphrase will be used to encrypt the private part of + this file using 3DES. This file is not automatically accessed by + ssh-keygen but it is offered as the default file for the private + key. ssh(1) will read this file when a login attempt is made. + + $HOME/.ssh/identity.pub + Contains the protocol version 1 RSA public key for authenticaM-- + tion. The contents of this file should be added to + $HOME/.ssh/authorized_keys on all machines where the user wishes + to log in using RSA authentication. There is no need to keep the + contents of this file secret. + + $HOME/.ssh/id_dsa + Contains the protocol version 2 DSA authentication identity of + the user. This file should not be readable by anyone but the + user. It is possible to specify a passphrase when generating the + key; that passphrase will be used to encrypt the private part of + this file using 3DES. This file is not automatically accessed by + ssh-keygen but it is offered as the default file for the private + key. ssh(1) will read this file when a login attempt is made. + + $HOME/.ssh/id_dsa.pub + Contains the protocol version 2 DSA public key for authenticaM-- + tion. The contents of this file should be added to + $HOME/.ssh/authorized_keys on all machines where the user wishes + to log in using public key authentication. There is no need to + keep the contents of this file secret. + + $HOME/.ssh/id_rsa + Contains the protocol version 2 RSA authentication identity of + the user. This file should not be readable by anyone but the + user. It is possible to specify a passphrase when generating the + key; that passphrase will be used to encrypt the private part of + this file using 3DES. This file is not automatically accessed by + ssh-keygen but it is offered as the default file for the private + key. ssh(1) will read this file when a login attempt is made. + + $HOME/.ssh/id_rsa.pub + Contains the protocol version 2 RSA public key for authenticaM-- + tion. The contents of this file should be added to + $HOME/.ssh/authorized_keys on all machines where the user wishes + to log in using public key authentication. There is no need to + keep the contents of this file secret. + +AUTHORS + OpenSSH is a derivative of the original and free ssh 1.2.12 release by + Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo + de Raadt and Dug Song removed many bugs, re-added newer features and creM-- + ated OpenSSH. Markus Friedl contributed the support for SSH protocol + versions 1.5 and 2.0. + +SEE ALSO + ssh(1), ssh-add(1), ssh-agent(1), sshd(8) + + J. Galbraith and R. Thayer, SECSH Public Key File Format, draft-ietf- + secsh-publickeyfile-01.txt, March 2001, work in progress material. + +BSD September 25, 1999 BSD -- cgit v1.2.3