| version 1.14, 2000/04/26 21:55:04 |
version 1.15, 2000/05/02 23:33:46 |
|
|
| .Nd authentication key generation |
.Nd authentication key generation |
| .Sh SYNOPSIS |
.Sh SYNOPSIS |
| .Nm ssh-keygen |
.Nm ssh-keygen |
| .Op Fl q |
.Op Fl dq |
| .Op Fl b Ar bits |
.Op Fl b Ar bits |
| .Op Fl N Ar new_passphrase |
.Op Fl N Ar new_passphrase |
| .Op Fl C Ar comment |
.Op Fl C Ar comment |
|
|
| .Nm |
.Nm |
| generates and manages authentication keys for |
generates and manages authentication keys for |
| .Xr ssh 1 . |
.Xr ssh 1 . |
| |
.Nm |
| |
defaults to generating an RSA key for use by protocols 1.3 and 1.5; |
| |
specifying the |
| |
.Fl d |
| |
flag will create a DSA key instead for use by protocol 2.0. |
| |
.Pp |
| Normally each user wishing to use SSH |
Normally each user wishing to use SSH |
| with RSA authentication runs this once to create the authentication |
with RSA or DSA authentication runs this once to create the authentication |
| key in |
key in |
| .Pa $HOME/.ssh/identity . |
.Pa $HOME/.ssh/identity |
| Additionally, the system administrator may use this to generate host keys. |
or |
| |
.Pa $HOME/.ssh/id_dsa . |
| |
Additionally, the system administrator may use this to generate host keys, |
| |
as seen in |
| |
.Pa /etc/rc . |
| .Pp |
.Pp |
| Normally this program generates the key and asks for a file in which |
Normally this program generates the key and asks for a file in which |
| to store the private key. |
to store the private key. |
|
|
| lost or forgotten, you will have to generate a new key and copy the |
lost or forgotten, you will have to generate a new key and copy the |
| corresponding public key to other machines. |
corresponding public key to other machines. |
| .Pp |
.Pp |
| There is also a comment field in the key file that is only for |
For RSA, there is also a comment field in the key file that is only for |
| convenience to the user to help identify the key. |
convenience to the user to help identify the key. |
| The comment can tell what the key is for, or whatever is useful. |
The comment can tell what the key is for, or whatever is useful. |
| The comment is initialized to |
The comment is initialized to |
|
|
| .Fl c |
.Fl c |
| option. |
option. |
| .Pp |
.Pp |
| |
After a key is generated, instructions below detail where the keys |
| |
should be placed to be activated. |
| |
.Pp |
| The options are as follows: |
The options are as follows: |
| .Bl -tag -width Ds |
.Bl -tag -width Ds |
| .It Fl b Ar bits |
.It Fl b Ar bits |
|
|
| This file is not automatically accessed by |
This file is not automatically accessed by |
| .Nm |
.Nm |
| but it is offered as the default file for the private key. |
but it is offered as the default file for the private key. |
| |
.Xr sshd 8 |
| |
will read this file when a login attempt is made. |
| .It Pa $HOME/.ssh/identity.pub |
.It Pa $HOME/.ssh/identity.pub |
| Contains the public key for authentication. |
Contains the public key for authentication. |
| The contents of this file should be added to |
The contents of this file should be added to |
| .Pa $HOME/.ssh/authorized_keys |
.Pa $HOME/.ssh/authorized_keys |
| on all machines |
on all machines |
| where you wish to log in using RSA authentication. |
where you wish to log in using RSA authentication. |
| |
There is no need to keep the contents of this file secret. |
| |
.It Pa $HOME/.ssh/id_dsa |
| |
Contains the DSA authentication identity of the user. |
| |
This file should not be readable by anyone but the user. |
| |
It is possible to |
| |
specify a passphrase when generating the key; that passphrase will be |
| |
used to encrypt the private part of this file using 3DES. |
| |
This file is not automatically accessed by |
| |
.Nm |
| |
but it is offered as the default file for the private key. |
| |
.Xr sshd 8 |
| |
will read this file when a login attempt is made. |
| |
.It Pa $HOME/.ssh/id_dsa.pub |
| |
Contains the public key for authentication. |
| |
The contents of this file should be added to |
| |
.Pa $HOME/.ssh/authorized_keys2 |
| |
on all machines |
| |
where you wish to log in using DSA authentication. |
| There is no need to keep the contents of this file secret. |
There is no need to keep the contents of this file secret. |
| .Sh AUTHOR |
.Sh AUTHOR |
| Tatu Ylonen <ylo@cs.hut.fi> |
Tatu Ylonen <ylo@cs.hut.fi> |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh-keygen.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh