version 1.116, 2013/06/27 14:05:37 |
version 1.117, 2013/12/07 08:08:26 |
|
|
.Fl T Ar output_file |
.Fl T Ar output_file |
.Fl f Ar input_file |
.Fl f Ar input_file |
.Op Fl v |
.Op Fl v |
.Op Fl a Ar num_trials |
.Op Fl a Ar rounds |
.Op Fl J Ar num_lines |
.Op Fl J Ar num_lines |
.Op Fl j Ar start_line |
.Op Fl j Ar start_line |
.Op Fl K Ar checkpt |
.Op Fl K Ar checkpt |
|
|
This is used by |
This is used by |
.Pa /etc/rc |
.Pa /etc/rc |
to generate new host keys. |
to generate new host keys. |
.It Fl a Ar trials |
.It Fl a Ar rounds |
Specifies the number of primality tests to perform when screening DH-GEX |
When saving a new-format private key (i.e. an ed25519 key or any SSH protocol |
candidates using the |
2 key when the |
|
.Fl o |
|
flag is set), this option specifies the number of KDF (key derivation function) |
|
rounds used. |
|
Higher numbers result in slower passphrase verification and increased |
|
resistance to brute-force password cracking (should the keys be stolen). |
|
.Pp |
|
When screening DH-GEX candidates ( |
|
using the |
.Fl T |
.Fl T |
command. |
command). |
|
This option specifies the number of primality tests to perform. |
.It Fl B |
.It Fl B |
Show the bubblebabble digest of specified private or public key file. |
Show the bubblebabble digest of specified private or public key file. |
.It Fl b Ar bits |
.It Fl b Ar bits |
|
|
.El |
.El |
.Pp |
.Pp |
At present, no options are valid for host keys. |
At present, no options are valid for host keys. |
|
.It Fl o |
|
Causes |
|
.Nm |
|
to save SSH protocol 2 private keys using the new OpenSSH format rather than |
|
the more compatible PEM format. |
|
The new format has increased resistance to brute-force password cracking |
|
but is not supported by versions of OpenSSH prior to 6.5. |
|
Ed25519 keys always use the new private key format. |
.It Fl P Ar passphrase |
.It Fl P Ar passphrase |
Provides the (old) passphrase. |
Provides the (old) passphrase. |
.It Fl p |
.It Fl p |