version 1.11, 2000/01/22 02:17:50 |
version 1.12, 2000/03/23 21:10:10 |
|
|
Additionally, the system administrator may use this to generate host keys. |
Additionally, the system administrator may use this to generate host keys. |
.Pp |
.Pp |
Normally this program generates the key and asks for a file in which |
Normally this program generates the key and asks for a file in which |
to store the private key. The public key is stored in a file with the |
to store the private key. |
same name but |
The public key is stored in a file with the same name but |
.Dq .pub |
.Dq .pub |
appended. The program also asks for a |
appended. |
passphrase. The passphrase may be empty to indicate no passphrase |
The program also asks for a passphrase. |
|
The passphrase may be empty to indicate no passphrase |
(host keys must have empty passphrase), or it may be a string of |
(host keys must have empty passphrase), or it may be a string of |
arbitrary length. Good passphrases are 10-30 characters long and are |
arbitrary length. |
|
Good passphrases are 10-30 characters long and are |
not simple sentences or otherwise easily guessable (English |
not simple sentences or otherwise easily guessable (English |
prose has only 1-2 bits of entropy per word, and provides very bad |
prose has only 1-2 bits of entropy per word, and provides very bad |
passphrases). The passphrase can be changed later by using the |
passphrases). |
|
The passphrase can be changed later by using the |
.Fl p |
.Fl p |
option. |
option. |
.Pp |
.Pp |
There is no way to recover a lost passphrase. If the passphrase is |
There is no way to recover a lost passphrase. |
|
If the passphrase is |
lost or forgotten, you will have to generate a new key and copy the |
lost or forgotten, you will have to generate a new key and copy the |
corresponding public key to other machines. |
corresponding public key to other machines. |
.Pp |
.Pp |
There is also a comment field in the key file that is only for |
There is also a comment field in the key file that is only for |
convenience to the user to help identify the key. The comment can |
convenience to the user to help identify the key. |
tell what the key is for, or whatever is useful. The comment is |
The comment can tell what the key is for, or whatever is useful. |
initialized to |
The comment is initialized to |
.Dq user@host |
.Dq user@host |
when the key is created, but can be changed using the |
when the key is created, but can be changed using the |
.Fl c |
.Fl c |
|
|
The options are as follows: |
The options are as follows: |
.Bl -tag -width Ds |
.Bl -tag -width Ds |
.It Fl b Ar bits |
.It Fl b Ar bits |
Specifies the number of bits in the key to create. Minimum is 512 |
Specifies the number of bits in the key to create. |
bits. Generally 1024 bits is considered sufficient, and key sizes |
Minimum is 512 bits. |
above that no longer improve security but make things slower. The |
Generally 1024 bits is considered sufficient, and key sizes |
default is 1024 bits. |
above that no longer improve security but make things slower. |
|
The default is 1024 bits. |
.It Fl c |
.It Fl c |
Requests changing the comment in the private and public key files. |
Requests changing the comment in the private and public key files. |
The program will prompt for the file containing the private keys, for |
The program will prompt for the file containing the private keys, for |
|
|
Show fingerprint of specified private or public key file. |
Show fingerprint of specified private or public key file. |
.It Fl p |
.It Fl p |
Requests changing the passphrase of a private key file instead of |
Requests changing the passphrase of a private key file instead of |
creating a new private key. The program will prompt for the file |
creating a new private key. |
|
The program will prompt for the file |
containing the private key, for the old passphrase, and twice for the |
containing the private key, for the old passphrase, and twice for the |
new passphrase. |
new passphrase. |
.It Fl q |
.It Fl q |
|
|
.Sh FILES |
.Sh FILES |
.Bl -tag -width Ds |
.Bl -tag -width Ds |
.It Pa $HOME/.ssh/identity |
.It Pa $HOME/.ssh/identity |
Contains the RSA authentication identity of the user. This file |
Contains the RSA authentication identity of the user. |
should not be readable by anyone but the user. It is possible to |
This file should not be readable by anyone but the user. |
|
It is possible to |
specify a passphrase when generating the key; that passphrase will be |
specify a passphrase when generating the key; that passphrase will be |
used to encrypt the private part of this file using 3DES. This file |
used to encrypt the private part of this file using 3DES. |
is not automatically accessed by |
This file is not automatically accessed by |
.Nm |
.Nm |
but it is offered as the default file for the private key. |
but it is offered as the default file for the private key. |
.It Pa $HOME/.ssh/identity.pub |
.It Pa $HOME/.ssh/identity.pub |
Contains the public key for authentication. The contents of this file |
Contains the public key for authentication. |
should be added to |
The contents of this file should be added to |
.Pa $HOME/.ssh/authorized_keys |
.Pa $HOME/.ssh/authorized_keys |
on all machines |
on all machines |
where you wish to log in using RSA authentication. There is no |
where you wish to log in using RSA authentication. |
need to keep the contents of this file secret. |
There is no need to keep the contents of this file secret. |
.Sh AUTHOR |
.Sh AUTHOR |
Tatu Ylonen <ylo@cs.hut.fi> |
Tatu Ylonen <ylo@cs.hut.fi> |
.Pp |
.Pp |
OpenSSH |
OpenSSH |
is a derivative of the original (free) ssh 1.2.12 release, but with bugs |
is a derivative of the original (free) ssh 1.2.12 release, but with bugs |
removed and newer features re-added. Rapidly after the 1.2.12 release, |
removed and newer features re-added. |
newer versions bore successively more restrictive licenses. This version |
Rapidly after the 1.2.12 release, |
of OpenSSH |
newer versions bore successively more restrictive licenses. |
|
This version of OpenSSH |
.Bl -bullet |
.Bl -bullet |
.It |
.It |
has all components of a restrictive nature (i.e., patents, see |
has all components of a restrictive nature (i.e., patents, see |