| version 1.172, 2019/10/22 08:50:35 |
version 1.173, 2019/11/07 08:38:38 |
|
|
| .Op Fl C Ar comment |
.Op Fl C Ar comment |
| .Op Fl f Ar output_keyfile |
.Op Fl f Ar output_keyfile |
| .Op Fl m Ar format |
.Op Fl m Ar format |
| |
.Op Fl t Cm dsa | ecdsa | ecdsa-sk | ed25519 | rsa |
| .Op Fl N Ar new_passphrase |
.Op Fl N Ar new_passphrase |
| .Op Fl t Cm dsa | ecdsa | ed25519 | rsa |
.Op Fl w Ar provider |
| |
.Op Fl x Ar flags |
| .Nm ssh-keygen |
.Nm ssh-keygen |
| .Fl p |
.Fl p |
| .Op Fl f Ar keyfile |
.Op Fl f Ar keyfile |
|
|
| key in |
key in |
| .Pa ~/.ssh/id_dsa , |
.Pa ~/.ssh/id_dsa , |
| .Pa ~/.ssh/id_ecdsa , |
.Pa ~/.ssh/id_ecdsa , |
| |
.Pa ~/.ssh/id_ecdsa_sk , |
| .Pa ~/.ssh/id_ed25519 |
.Pa ~/.ssh/id_ed25519 |
| or |
or |
| .Pa ~/.ssh/id_rsa . |
.Pa ~/.ssh/id_rsa . |
|
|
| The options are as follows: |
The options are as follows: |
| .Bl -tag -width Ds |
.Bl -tag -width Ds |
| .It Fl A |
.It Fl A |
| For each of the key types (rsa, dsa, ecdsa and ed25519) |
For each of the key types (rsa, dsa, ecdsa, ecdsa-sk and ed25519) |
| for which host keys |
for which host keys |
| do not exist, generate the host keys with the default key file path, |
do not exist, generate the host keys with the default key file path, |
| an empty passphrase, default bits for the key type, and default comment. |
an empty passphrase, default bits for the key type, and default comment. |
|
|
| curve sizes: 256, 384 or 521 bits. |
curve sizes: 256, 384 or 521 bits. |
| Attempting to use bit lengths other than these three values for ECDSA keys |
Attempting to use bit lengths other than these three values for ECDSA keys |
| will fail. |
will fail. |
| Ed25519 keys have a fixed length and the |
ECDSA-SK and Ed25519 keys have a fixed length and the |
| .Fl b |
.Fl b |
| flag will be ignored. |
flag will be ignored. |
| .It Fl C Ar comment |
.It Fl C Ar comment |
|
|
| Test DH group exchange candidate primes (generated using the |
Test DH group exchange candidate primes (generated using the |
| .Fl G |
.Fl G |
| option) for safety. |
option) for safety. |
| .It Fl t Cm dsa | ecdsa | ed25519 | rsa |
.It Fl t Cm dsa | ecdsa | ecdsa-sk | ed25519 | rsa |
| Specifies the type of key to create. |
Specifies the type of key to create. |
| The possible values are |
The possible values are |
| .Dq dsa , |
.Dq dsa , |
| .Dq ecdsa , |
.Dq ecdsa , |
| |
.Dq ecdsa-sk , |
| .Dq ed25519 , |
.Dq ed25519 , |
| or |
or |
| .Dq rsa . |
.Dq rsa . |
|
|
| The maximum is 3. |
The maximum is 3. |
| .It Fl W Ar generator |
.It Fl W Ar generator |
| Specify desired generator when testing candidate moduli for DH-GEX. |
Specify desired generator when testing candidate moduli for DH-GEX. |
| |
.It Fl w Ar provider |
| |
Specifies a path to a security key provider library that will be used when |
| |
creating any security key-hosted keys, overriding the default of using the |
| |
.Ev SSH_SK_PROVIDER |
| |
environment variable to specify a provider. |
| |
.It Fl x Ar flags |
| |
Specifies the security key flags to use when enrolling a security key-hosted |
| |
key. |
| .It Fl y |
.It Fl y |
| This option will read a private |
This option will read a private |
| OpenSSH format file and print an OpenSSH public key to stdout. |
OpenSSH format file and print an OpenSSH public key to stdout. |
|
|
| # A key that is accepted only for file signing. |
# A key that is accepted only for file signing. |
| user2@example.com namespaces="file" ssh-ed25519 AAA41... |
user2@example.com namespaces="file" ssh-ed25519 AAA41... |
| .Ed |
.Ed |
| |
.Sh ENVIRONMENT |
| |
.Bl -tag -width Ds |
| |
.It Ev SSH_SK_PROVIDER |
| |
Specifies the path to a security key provider library used to interact with |
| |
hardware security keys. |
| |
.El |
| .Sh FILES |
.Sh FILES |
| .Bl -tag -width Ds -compact |
.Bl -tag -width Ds -compact |
| .It Pa ~/.ssh/id_dsa |
.It Pa ~/.ssh/id_dsa |
| .It Pa ~/.ssh/id_ecdsa |
.It Pa ~/.ssh/id_ecdsa |
| |
.It Pa ~/.ssh/id_ecdsa_sk |
| .It Pa ~/.ssh/id_ed25519 |
.It Pa ~/.ssh/id_ed25519 |
| .It Pa ~/.ssh/id_rsa |
.It Pa ~/.ssh/id_rsa |
| Contains the DSA, ECDSA, Ed25519 or RSA |
Contains the DSA, ECDSA, security key-hosted ECDSA, Ed25519 or RSA |
| authentication identity of the user. |
authentication identity of the user. |
| This file should not be readable by anyone but the user. |
This file should not be readable by anyone but the user. |
| It is possible to |
It is possible to |
|
|
| .Pp |
.Pp |
| .It Pa ~/.ssh/id_dsa.pub |
.It Pa ~/.ssh/id_dsa.pub |
| .It Pa ~/.ssh/id_ecdsa.pub |
.It Pa ~/.ssh/id_ecdsa.pub |
| |
.It Pa ~/.ssh/id_ecdsa_sk.pub |
| .It Pa ~/.ssh/id_ed25519.pub |
.It Pa ~/.ssh/id_ed25519.pub |
| .It Pa ~/.ssh/id_rsa.pub |
.It Pa ~/.ssh/id_rsa.pub |
| Contains the DSA, ECDSA, Ed25519 or RSA |
Contains the DSA, ECDSA, security key-hosted ECDSA, Ed25519 or RSA |
| public key for authentication. |
public key for authentication. |
| The contents of this file should be added to |
The contents of this file should be added to |
| .Pa ~/.ssh/authorized_keys |
.Pa ~/.ssh/authorized_keys |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh-keygen.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh