| version 1.1, 1999/09/26 20:53:37 |
version 1.2, 1999/09/26 22:30:06 |
|
|
| .\" |
.\" |
| .\" $Id$ |
.\" $Id$ |
| .\" |
.\" |
| .TH SSH-KEYGEN 1 "November 8, 1995" "SSH" "SSH" |
.Dd September 25, 1999 |
| |
.Dt SSH-KEYGEN 1 |
| .SH NAME |
.Os |
| ssh-keygen \- authentication key generation |
.Sh NAME |
| |
.Nm ssh-keygen |
| .SH SYNOPSIS |
.Nd authentication key generation |
| .LP |
.Sh SYNOPSIS |
| .B ssh-keygen |
.Nm ssh-keygen |
| [\c |
.Op Fl b Ar bits |
| .BI \-b \ bits\c |
.Op Fl N Ar new_passphrase |
| ] |
.Op Fl C Ar comment |
| [\c |
.Nm ssh-keygen |
| .BI \-N \ new_passphrase\c |
.Fl p |
| ] |
.Op Fl P Ar old_passphrase |
| [\c |
.Op Fl N Ar new_passphrase |
| .BI \-C \ comment\c |
.Nm ssh-keygen |
| ] |
.Fl c |
| |
.Op Fl P Ar passphrase |
| .B "ssh-keygen \-p |
.Op Fl C Ar comment |
| [\c |
.Sh DESCRIPTION |
| .BI \-P \ old_passphrase\c |
.Nm |
| ] |
|
| [\c |
|
| .BI \-N \ new_passphrase\c |
|
| ] |
|
| |
|
| .B "ssh-keygen \-c |
|
| [\c |
|
| .BI \-P \ passphrase\c |
|
| ] |
|
| [\c |
|
| .BI \-C \ comment\c |
|
| ] |
|
| |
|
| .SH DESCRIPTION |
|
| .LP |
|
| .B Ssh-keygen |
|
| generates and manages authentication keys for |
generates and manages authentication keys for |
| .BR ssh (1). |
.Xr ssh 1 . |
| Normally each user wishing to use |
Normally each user wishing to use SSH |
| .B ssh |
|
| with RSA authentication runs this once to create the authentication |
with RSA authentication runs this once to create the authentication |
| key in |
key in |
| .IR \&$HOME/\s+2.\s0ssh/identity ". |
.Pa $HOME/.ssh/identity . |
| Additionally, the system administrator may use this to generate host keys. |
Additionally, the system administrator may use this to generate host keys. |
| .LP |
.Pp |
| Normally this program generates the key and asks for a file in which |
Normally this program generates the key and asks for a file in which |
| to store the private key. The public key is stored in a file with the |
to store the private key. The public key is stored in a file with the |
| same name but ".pub" appended. The program also asks for a |
same name but |
| |
.Dq .pub |
| |
appended. The program also asks for a |
| passphrase. The passphrase may be empty to indicate no passphrase |
passphrase. The passphrase may be empty to indicate no passphrase |
| (host keys must have empty passphrase), or it may be a string of |
(host keys must have empty passphrase), or it may be a string of |
| arbitrary length. Good passphrases are 10-30 characters long and are |
arbitrary length. Good passphrases are 10-30 characters long and are |
| not simple sentences or otherwise easily guessable (English |
not simple sentences or otherwise easily guessable (English |
| prose has only 1-2 bits of entropy per word, and provides very bad |
prose has only 1-2 bits of entropy per word, and provides very bad |
| passphrases). The passphrase can be changed later by using the |
passphrases). The passphrase can be changed later by using the |
| .B \-p |
.Fl p |
| option. |
option. |
| .LP |
.Pp |
| There is no way to recover a lost passphrase. If the passphrase is |
There is no way to recover a lost passphrase. If the passphrase is |
| lost or forgotten, you will have to generate a new key and copy the |
lost or forgotten, you will have to generate a new key and copy the |
| corresponding public key to other machines. |
corresponding public key to other machines. |
| .LP |
.Pp |
| There is also a comment field in the key file that is only for |
There is also a comment field in the key file that is only for |
| convenience to the user to help identify the key. The comment can |
convenience to the user to help identify the key. The comment can |
| tell what the key is for, or whatever is useful. The comment is |
tell what the key is for, or whatever is useful. The comment is |
| initialized to user@host when the key is created, but can be changed |
initialized to |
| using the |
.Dq user@host |
| .B \-c |
when the key is created, but can be changed using the |
| |
.Fl c |
| option. |
option. |
| |
.Pp |
| .SH OPTIONS |
The options are as follows: |
| .TP 0.6i |
.Pp |
| .BI \-b \ bits |
.Bl -tag -width Ds |
| |
.It Fl b Ar bits |
| Specifies the number of bits in the key to create. Minimum is 512 |
Specifies the number of bits in the key to create. Minimum is 512 |
| bits. Generally 1024 bits is considered sufficient, and key sizes |
bits. Generally 1024 bits is considered sufficient, and key sizes |
| above that no longer improve security but make things slower. The |
above that no longer improve security but make things slower. The |
| default is 1024 bits. |
default is 1024 bits. |
| .TP |
.It Fl c |
| .B \-c |
|
| Requests changing the comment in the private and public key files. |
Requests changing the comment in the private and public key files. |
| The program will prompt for the file containing the private keys, for |
The program will prompt for the file containing the private keys, for |
| passphrase if the key has one, and for the new comment. |
passphrase if the key has one, and for the new comment. |
| .TP |
.It Fl p |
| .B \-p |
|
| Requests changing the passphrase of a private key file instead of |
Requests changing the passphrase of a private key file instead of |
| creating a new private key. The program will prompt for the file |
creating a new private key. The program will prompt for the file |
| containing the private key, for the old passphrase, and twice for the |
containing the private key, for the old passphrase, and twice for the |
| new passphrase. |
new passphrase. |
| .TP |
.It Fl C Ar comment |
| .B \-C |
|
| Provides the new comment. |
Provides the new comment. |
| .TP |
.It Fl N Ar new_passphrase |
| .B \-N |
|
| Provides the new passphrase. |
Provides the new passphrase. |
| .TP |
.It Fl P Ar passphrase |
| .B \-P |
|
| Provides the (old) passphrase. |
Provides the (old) passphrase. |
| |
.El |
| .SH FILES |
.Sh FILES |
| .TP 0.6i |
.Bl -tag -width Ds |
| .I \&$HOME/\s+2.\s0ssh/random_seed |
.It Pa $HOME/.ssh/random_seed |
| Used for seeding the random number generator. This file should not be |
Used for seeding the random number generator. This file should not be |
| readable by anyone but the user. This file is created the first time |
readable by anyone but the user. This file is created the first time |
| the program is run, and is updated every time. |
the program is run, and is updated every time. |
| .TP |
.It Pa $HOME/.ssh/identity |
| .I \&$HOME/\s+2.\s0ssh/identity |
|
| Contains the RSA authentication identity of the user. This file |
Contains the RSA authentication identity of the user. This file |
| should not be readable by anyone but the user. It is possible to |
should not be readable by anyone but the user. It is possible to |
| specify a passphrase when generating the key; that passphrase will be |
specify a passphrase when generating the key; that passphrase will be |
| used to encrypt the private part of this file using IDEA. This file |
used to encrypt the private part of this file using IDEA. This file |
| is not automatically accessed by |
is not automatically accessed by |
| .BR ssh-keygen ", |
.Nm |
| but it is offered as the default file for the private key. |
but it is offered as the default file for the private key. |
| .TP |
.It Pa $HOME/.ssh/identity.pub |
| .I \&$HOME/\s+2.\s0ssh/identity.pub |
|
| Contains the public key for authentication. The contents of this file |
Contains the public key for authentication. The contents of this file |
| should be added to \f4$HOME/\s+2.\s0ssh/authorized_keys\f1 on all machines |
should be added to |
| |
.Pa $HOME/.ssh/authorized_keys |
| |
on all machines |
| where you wish to log in using RSA authentication. There is no |
where you wish to log in using RSA authentication. There is no |
| need to keep the contents of this file secret. |
need to keep the contents of this file secret. |
| |
.Sh AUTHOR |
| .SH AUTHOR |
|
| .LP |
|
| Tatu Ylonen <ylo@cs.hut.fi> |
Tatu Ylonen <ylo@cs.hut.fi> |
| |
.Sh SEE ALSO |
| .SH SEE ALSO |
.Xr ssh 1 , |
| .LP |
.Xr ssh-add 1 , |
| .BR ssh (1), |
.Xr ssh-agent 1, |
| .BR sshd (8), |
.Xr sshd 8 |
| .BR ssh-agent (1), |
|
| .BR ssh-add (1) |
|
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh-keygen.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh