version 1.152, 2018/12/07 03:33:18 |
version 1.153, 2019/01/22 11:00:15 |
|
|
If the passphrase is lost or forgotten, a new key must be generated |
If the passphrase is lost or forgotten, a new key must be generated |
and the corresponding public key copied to other machines. |
and the corresponding public key copied to other machines. |
.Pp |
.Pp |
For keys stored in the newer OpenSSH format, |
.Nm |
there is also a comment field in the key file that is only for |
will by default write keys in an OpenSSH-specific format. |
convenience to the user to help identify the key. |
This format is preferred as it offers better protection for |
The comment can tell what the key is for, or whatever is useful. |
keys at rest as well as allowing storage of key comments within |
|
the private key file itself. |
|
The key comment may be useful to help identify the key. |
The comment is initialized to |
The comment is initialized to |
.Dq user@host |
.Dq user@host |
when the key is created, but can be changed using the |
when the key is created, but can be changed using the |
.Fl c |
.Fl c |
option. |
option. |
|
.Pp |
|
It is still possible for |
|
.Nm |
|
to write the previously-used PEM format private keys using the |
|
.Fl m |
|
flag. |
|
This may be used when generating new keys, and existing new-format |
|
keys may be converted using this option in conjunction with the |
|
.Fl p |
|
(change passphrase) flag. |
.Pp |
.Pp |
After a key is generated, instructions below detail where the keys |
After a key is generated, instructions below detail where the keys |
should be placed to be activated. |
should be placed to be activated. |