version 1.14, 2000/04/26 21:55:04 |
version 1.15, 2000/05/02 23:33:46 |
|
|
.Nd authentication key generation |
.Nd authentication key generation |
.Sh SYNOPSIS |
.Sh SYNOPSIS |
.Nm ssh-keygen |
.Nm ssh-keygen |
.Op Fl q |
.Op Fl dq |
.Op Fl b Ar bits |
.Op Fl b Ar bits |
.Op Fl N Ar new_passphrase |
.Op Fl N Ar new_passphrase |
.Op Fl C Ar comment |
.Op Fl C Ar comment |
|
|
.Nm |
.Nm |
generates and manages authentication keys for |
generates and manages authentication keys for |
.Xr ssh 1 . |
.Xr ssh 1 . |
|
.Nm |
|
defaults to generating an RSA key for use by protocols 1.3 and 1.5; |
|
specifying the |
|
.Fl d |
|
flag will create a DSA key instead for use by protocol 2.0. |
|
.Pp |
Normally each user wishing to use SSH |
Normally each user wishing to use SSH |
with RSA authentication runs this once to create the authentication |
with RSA or DSA authentication runs this once to create the authentication |
key in |
key in |
.Pa $HOME/.ssh/identity . |
.Pa $HOME/.ssh/identity |
Additionally, the system administrator may use this to generate host keys. |
or |
|
.Pa $HOME/.ssh/id_dsa . |
|
Additionally, the system administrator may use this to generate host keys, |
|
as seen in |
|
.Pa /etc/rc . |
.Pp |
.Pp |
Normally this program generates the key and asks for a file in which |
Normally this program generates the key and asks for a file in which |
to store the private key. |
to store the private key. |
|
|
lost or forgotten, you will have to generate a new key and copy the |
lost or forgotten, you will have to generate a new key and copy the |
corresponding public key to other machines. |
corresponding public key to other machines. |
.Pp |
.Pp |
There is also a comment field in the key file that is only for |
For RSA, there is also a comment field in the key file that is only for |
convenience to the user to help identify the key. |
convenience to the user to help identify the key. |
The comment can tell what the key is for, or whatever is useful. |
The comment can tell what the key is for, or whatever is useful. |
The comment is initialized to |
The comment is initialized to |
|
|
.Fl c |
.Fl c |
option. |
option. |
.Pp |
.Pp |
|
After a key is generated, instructions below detail where the keys |
|
should be placed to be activated. |
|
.Pp |
The options are as follows: |
The options are as follows: |
.Bl -tag -width Ds |
.Bl -tag -width Ds |
.It Fl b Ar bits |
.It Fl b Ar bits |
|
|
This file is not automatically accessed by |
This file is not automatically accessed by |
.Nm |
.Nm |
but it is offered as the default file for the private key. |
but it is offered as the default file for the private key. |
|
.Xr sshd 8 |
|
will read this file when a login attempt is made. |
.It Pa $HOME/.ssh/identity.pub |
.It Pa $HOME/.ssh/identity.pub |
Contains the public key for authentication. |
Contains the public key for authentication. |
The contents of this file should be added to |
The contents of this file should be added to |
.Pa $HOME/.ssh/authorized_keys |
.Pa $HOME/.ssh/authorized_keys |
on all machines |
on all machines |
where you wish to log in using RSA authentication. |
where you wish to log in using RSA authentication. |
|
There is no need to keep the contents of this file secret. |
|
.It Pa $HOME/.ssh/id_dsa |
|
Contains the DSA authentication identity of the user. |
|
This file should not be readable by anyone but the user. |
|
It is possible to |
|
specify a passphrase when generating the key; that passphrase will be |
|
used to encrypt the private part of this file using 3DES. |
|
This file is not automatically accessed by |
|
.Nm |
|
but it is offered as the default file for the private key. |
|
.Xr sshd 8 |
|
will read this file when a login attempt is made. |
|
.It Pa $HOME/.ssh/id_dsa.pub |
|
Contains the public key for authentication. |
|
The contents of this file should be added to |
|
.Pa $HOME/.ssh/authorized_keys2 |
|
on all machines |
|
where you wish to log in using DSA authentication. |
There is no need to keep the contents of this file secret. |
There is no need to keep the contents of this file secret. |
.Sh AUTHOR |
.Sh AUTHOR |
Tatu Ylonen <ylo@cs.hut.fi> |
Tatu Ylonen <ylo@cs.hut.fi> |