version 1.172, 2019/10/22 08:50:35 |
version 1.173, 2019/11/07 08:38:38 |
|
|
.Op Fl C Ar comment |
.Op Fl C Ar comment |
.Op Fl f Ar output_keyfile |
.Op Fl f Ar output_keyfile |
.Op Fl m Ar format |
.Op Fl m Ar format |
|
.Op Fl t Cm dsa | ecdsa | ecdsa-sk | ed25519 | rsa |
.Op Fl N Ar new_passphrase |
.Op Fl N Ar new_passphrase |
.Op Fl t Cm dsa | ecdsa | ed25519 | rsa |
.Op Fl w Ar provider |
|
.Op Fl x Ar flags |
.Nm ssh-keygen |
.Nm ssh-keygen |
.Fl p |
.Fl p |
.Op Fl f Ar keyfile |
.Op Fl f Ar keyfile |
|
|
key in |
key in |
.Pa ~/.ssh/id_dsa , |
.Pa ~/.ssh/id_dsa , |
.Pa ~/.ssh/id_ecdsa , |
.Pa ~/.ssh/id_ecdsa , |
|
.Pa ~/.ssh/id_ecdsa_sk , |
.Pa ~/.ssh/id_ed25519 |
.Pa ~/.ssh/id_ed25519 |
or |
or |
.Pa ~/.ssh/id_rsa . |
.Pa ~/.ssh/id_rsa . |
|
|
The options are as follows: |
The options are as follows: |
.Bl -tag -width Ds |
.Bl -tag -width Ds |
.It Fl A |
.It Fl A |
For each of the key types (rsa, dsa, ecdsa and ed25519) |
For each of the key types (rsa, dsa, ecdsa, ecdsa-sk and ed25519) |
for which host keys |
for which host keys |
do not exist, generate the host keys with the default key file path, |
do not exist, generate the host keys with the default key file path, |
an empty passphrase, default bits for the key type, and default comment. |
an empty passphrase, default bits for the key type, and default comment. |
|
|
curve sizes: 256, 384 or 521 bits. |
curve sizes: 256, 384 or 521 bits. |
Attempting to use bit lengths other than these three values for ECDSA keys |
Attempting to use bit lengths other than these three values for ECDSA keys |
will fail. |
will fail. |
Ed25519 keys have a fixed length and the |
ECDSA-SK and Ed25519 keys have a fixed length and the |
.Fl b |
.Fl b |
flag will be ignored. |
flag will be ignored. |
.It Fl C Ar comment |
.It Fl C Ar comment |
|
|
Test DH group exchange candidate primes (generated using the |
Test DH group exchange candidate primes (generated using the |
.Fl G |
.Fl G |
option) for safety. |
option) for safety. |
.It Fl t Cm dsa | ecdsa | ed25519 | rsa |
.It Fl t Cm dsa | ecdsa | ecdsa-sk | ed25519 | rsa |
Specifies the type of key to create. |
Specifies the type of key to create. |
The possible values are |
The possible values are |
.Dq dsa , |
.Dq dsa , |
.Dq ecdsa , |
.Dq ecdsa , |
|
.Dq ecdsa-sk , |
.Dq ed25519 , |
.Dq ed25519 , |
or |
or |
.Dq rsa . |
.Dq rsa . |
|
|
The maximum is 3. |
The maximum is 3. |
.It Fl W Ar generator |
.It Fl W Ar generator |
Specify desired generator when testing candidate moduli for DH-GEX. |
Specify desired generator when testing candidate moduli for DH-GEX. |
|
.It Fl w Ar provider |
|
Specifies a path to a security key provider library that will be used when |
|
creating any security key-hosted keys, overriding the default of using the |
|
.Ev SSH_SK_PROVIDER |
|
environment variable to specify a provider. |
|
.It Fl x Ar flags |
|
Specifies the security key flags to use when enrolling a security key-hosted |
|
key. |
.It Fl y |
.It Fl y |
This option will read a private |
This option will read a private |
OpenSSH format file and print an OpenSSH public key to stdout. |
OpenSSH format file and print an OpenSSH public key to stdout. |
|
|
# A key that is accepted only for file signing. |
# A key that is accepted only for file signing. |
user2@example.com namespaces="file" ssh-ed25519 AAA41... |
user2@example.com namespaces="file" ssh-ed25519 AAA41... |
.Ed |
.Ed |
|
.Sh ENVIRONMENT |
|
.Bl -tag -width Ds |
|
.It Ev SSH_SK_PROVIDER |
|
Specifies the path to a security key provider library used to interact with |
|
hardware security keys. |
|
.El |
.Sh FILES |
.Sh FILES |
.Bl -tag -width Ds -compact |
.Bl -tag -width Ds -compact |
.It Pa ~/.ssh/id_dsa |
.It Pa ~/.ssh/id_dsa |
.It Pa ~/.ssh/id_ecdsa |
.It Pa ~/.ssh/id_ecdsa |
|
.It Pa ~/.ssh/id_ecdsa_sk |
.It Pa ~/.ssh/id_ed25519 |
.It Pa ~/.ssh/id_ed25519 |
.It Pa ~/.ssh/id_rsa |
.It Pa ~/.ssh/id_rsa |
Contains the DSA, ECDSA, Ed25519 or RSA |
Contains the DSA, ECDSA, security key-hosted ECDSA, Ed25519 or RSA |
authentication identity of the user. |
authentication identity of the user. |
This file should not be readable by anyone but the user. |
This file should not be readable by anyone but the user. |
It is possible to |
It is possible to |
|
|
.Pp |
.Pp |
.It Pa ~/.ssh/id_dsa.pub |
.It Pa ~/.ssh/id_dsa.pub |
.It Pa ~/.ssh/id_ecdsa.pub |
.It Pa ~/.ssh/id_ecdsa.pub |
|
.It Pa ~/.ssh/id_ecdsa_sk.pub |
.It Pa ~/.ssh/id_ed25519.pub |
.It Pa ~/.ssh/id_ed25519.pub |
.It Pa ~/.ssh/id_rsa.pub |
.It Pa ~/.ssh/id_rsa.pub |
Contains the DSA, ECDSA, Ed25519 or RSA |
Contains the DSA, ECDSA, security key-hosted ECDSA, Ed25519 or RSA |
public key for authentication. |
public key for authentication. |
The contents of this file should be added to |
The contents of this file should be added to |
.Pa ~/.ssh/authorized_keys |
.Pa ~/.ssh/authorized_keys |