| version 1.147, 2018/03/12 00:52:01 |
version 1.148, 2018/08/08 01:16:01 |
|
|
| .Pa /etc/rc |
.Pa /etc/rc |
| to generate new host keys. |
to generate new host keys. |
| .It Fl a Ar rounds |
.It Fl a Ar rounds |
| When saving a new-format private key (i.e. an ed25519 key or when the |
When saving a private key this option specifies the number of KDF |
| .Fl o |
(key derivation function) rounds used. |
| flag is set), this option specifies the number of KDF (key derivation function) |
|
| rounds used. |
|
| Higher numbers result in slower passphrase verification and increased |
Higher numbers result in slower passphrase verification and increased |
| resistance to brute-force password cracking (should the keys be stolen). |
resistance to brute-force password cracking (should the keys be stolen). |
| .Pp |
.Pp |
|
|
| Provides a new comment. |
Provides a new comment. |
| .It Fl c |
.It Fl c |
| Requests changing the comment in the private and public key files. |
Requests changing the comment in the private and public key files. |
| This operation is only supported for keys stored in the |
|
| newer OpenSSH format. |
|
| The program will prompt for the file containing the private keys, for |
The program will prompt for the file containing the private keys, for |
| the passphrase if the key has one, and for the new comment. |
the passphrase if the key has one, and for the new comment. |
| .It Fl D Ar pkcs11 |
.It Fl D Ar pkcs11 |
|
|
| (PEM public key). |
(PEM public key). |
| The default conversion format is |
The default conversion format is |
| .Dq RFC4716 . |
.Dq RFC4716 . |
| |
Setting a format of |
| |
.Dq PEM |
| |
when generating or updating a supported private key type will cause the |
| |
key to be stored in the legacy PEM private key format. |
| .It Fl N Ar new_passphrase |
.It Fl N Ar new_passphrase |
| Provides the new passphrase. |
Provides the new passphrase. |
| .It Fl n Ar principals |
.It Fl n Ar principals |
|
|
| is a comma-separated list of one or more address/netmask pairs in CIDR |
is a comma-separated list of one or more address/netmask pairs in CIDR |
| format. |
format. |
| .El |
.El |
| .It Fl o |
|
| Causes |
|
| .Nm |
|
| to save private keys using the new OpenSSH format rather than |
|
| the more compatible PEM format. |
|
| The new format has increased resistance to brute-force password cracking |
|
| but is not supported by versions of OpenSSH prior to 6.5. |
|
| Ed25519 keys always use the new private key format. |
|
| .It Fl P Ar passphrase |
.It Fl P Ar passphrase |
| Provides the (old) passphrase. |
Provides the (old) passphrase. |
| .It Fl p |
.It Fl p |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh-keygen.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh