version 1.117, 2013/12/07 08:08:26 |
version 1.118, 2013/12/07 11:58:46 |
|
|
generates, manages and converts authentication keys for |
generates, manages and converts authentication keys for |
.Xr ssh 1 . |
.Xr ssh 1 . |
.Nm |
.Nm |
can create RSA keys for use by SSH protocol version 1 and DSA, ECDSA or RSA |
can create RSA keys for use by SSH protocol version 1 and |
keys for use by SSH protocol version 2. |
DSA, ECDSA, ED25519 or RSA keys for use by SSH protocol version 2. |
The type of key to be generated is specified with the |
The type of key to be generated is specified with the |
.Fl t |
.Fl t |
option. |
option. |
|
|
with public key authentication runs this once to create the authentication |
with public key authentication runs this once to create the authentication |
key in |
key in |
.Pa ~/.ssh/identity , |
.Pa ~/.ssh/identity , |
|
.Pa ~/.ssh/id_dsa , |
.Pa ~/.ssh/id_ecdsa , |
.Pa ~/.ssh/id_ecdsa , |
.Pa ~/.ssh/id_dsa |
.Pa ~/.ssh/id_ed25519 |
or |
or |
.Pa ~/.ssh/id_rsa . |
.Pa ~/.ssh/id_rsa . |
Additionally, the system administrator may use this to generate host keys, |
Additionally, the system administrator may use this to generate host keys, |
|
|
The options are as follows: |
The options are as follows: |
.Bl -tag -width Ds |
.Bl -tag -width Ds |
.It Fl A |
.It Fl A |
For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys |
For each of the key types (rsa1, rsa, dsa, ecdsa and ed25519) |
|
for which host keys |
do not exist, generate the host keys with the default key file path, |
do not exist, generate the host keys with the default key file path, |
an empty passphrase, default bits for the key type, and default comment. |
an empty passphrase, default bits for the key type, and default comment. |
This is used by |
This is used by |
|
|
curve sizes: 256, 384 or 521 bits. |
curve sizes: 256, 384 or 521 bits. |
Attempting to use bit lengths other than these three values for ECDSA keys |
Attempting to use bit lengths other than these three values for ECDSA keys |
will fail. |
will fail. |
|
ED25519 keys have a fixed length and the |
|
.Fl b |
|
flag will be ignored. |
.It Fl C Ar comment |
.It Fl C Ar comment |
Provides a new comment. |
Provides a new comment. |
.It Fl c |
.It Fl c |
|
|
.Dq rsa1 |
.Dq rsa1 |
for protocol version 1 and |
for protocol version 1 and |
.Dq dsa , |
.Dq dsa , |
.Dq ecdsa |
.Dq ecdsa , |
|
.Dq ed25519 , |
or |
or |
.Dq rsa |
.Dq rsa |
for protocol version 2. |
for protocol version 2. |
|
|
.Pp |
.Pp |
.It Pa ~/.ssh/id_dsa |
.It Pa ~/.ssh/id_dsa |
.It Pa ~/.ssh/id_ecdsa |
.It Pa ~/.ssh/id_ecdsa |
|
.It Pa ~/.ssh/id_ed25519 |
.It Pa ~/.ssh/id_rsa |
.It Pa ~/.ssh/id_rsa |
Contains the protocol version 2 DSA, ECDSA or RSA authentication identity of the user. |
Contains the protocol version 2 DSA, ECDSA, ED25519 or RSA |
|
authentication identity of the user. |
This file should not be readable by anyone but the user. |
This file should not be readable by anyone but the user. |
It is possible to |
It is possible to |
specify a passphrase when generating the key; that passphrase will be |
specify a passphrase when generating the key; that passphrase will be |
|
|
.Pp |
.Pp |
.It Pa ~/.ssh/id_dsa.pub |
.It Pa ~/.ssh/id_dsa.pub |
.It Pa ~/.ssh/id_ecdsa.pub |
.It Pa ~/.ssh/id_ecdsa.pub |
|
.It Pa ~/.ssh/id_ed25519.pub |
.It Pa ~/.ssh/id_rsa.pub |
.It Pa ~/.ssh/id_rsa.pub |
Contains the protocol version 2 DSA, ECDSA or RSA public key for authentication. |
Contains the protocol version 2 DSA, ECDSA, ED25519 or RSA |
|
public key for authentication. |
The contents of this file should be added to |
The contents of this file should be added to |
.Pa ~/.ssh/authorized_keys |
.Pa ~/.ssh/authorized_keys |
on all machines |
on all machines |