| version 1.179, 2019/11/30 07:07:59 |
version 1.180, 2019/12/21 20:22:34 |
|
|
| .It Ic no-touch-required |
.It Ic no-touch-required |
| Do not require signatures made using this key require demonstration |
Do not require signatures made using this key require demonstration |
| of user presence (e.g. by having the user touch the key). |
of user presence (e.g. by having the user touch the key). |
| This option only makes sense for the Security Key algorithms |
This option only makes sense for the FIDO authenticator algorithms |
| .Cm ecdsa-sk |
.Cm ecdsa-sk |
| and |
and |
| .Cm ed25519-sk . |
.Cm ed25519-sk . |
|
|
| .It Fl W Ar generator |
.It Fl W Ar generator |
| Specify desired generator when testing candidate moduli for DH-GEX. |
Specify desired generator when testing candidate moduli for DH-GEX. |
| .It Fl w Ar provider |
.It Fl w Ar provider |
| Specifies a path to a security key provider library that will be used when |
Specifies a path to a library that will be used when creating |
| creating any security key-hosted keys, overriding the default of the |
FIDO authenticator-hosted keys, overriding the default of using |
| internal support for USB HID keys. |
the internal USB HID support. |
| .It Fl x Ar flags |
.It Fl x Ar flags |
| Specifies the security key flags to use when enrolling a security key-hosted |
Specifies the authenticator flags to use when enrolling an authenticator-hosted |
| key. |
key. |
| Flags may be specified by name or directly as a hexadecimal value. |
Flags may be specified by name or directly as a hexadecimal value. |
| Only one named flag is supported at present: |
Only one named flag is supported at present: |
|
|
| .Sh ENVIRONMENT |
.Sh ENVIRONMENT |
| .Bl -tag -width Ds |
.Bl -tag -width Ds |
| .It Ev SSH_SK_PROVIDER |
.It Ev SSH_SK_PROVIDER |
| Specifies the path to a security key provider library used to interact with |
Specifies the path to a library used to interact with FIDO authenticators. |
| hardware security keys. |
|
| .El |
.El |
| .Sh FILES |
.Sh FILES |
| .Bl -tag -width Ds -compact |
.Bl -tag -width Ds -compact |
|
|
| .It Pa ~/.ssh/id_ed25519 |
.It Pa ~/.ssh/id_ed25519 |
| .It Pa ~/.ssh/id_ed25519_sk |
.It Pa ~/.ssh/id_ed25519_sk |
| .It Pa ~/.ssh/id_rsa |
.It Pa ~/.ssh/id_rsa |
| Contains the DSA, ECDSA, security key-hosted ECDSA, Ed25519, |
Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519, |
| security key-hosted Ed25519 or RSA authentication identity of the user. |
authenticator-hosted Ed25519 or RSA authentication identity of the user. |
| This file should not be readable by anyone but the user. |
This file should not be readable by anyone but the user. |
| It is possible to |
It is possible to |
| specify a passphrase when generating the key; that passphrase will be |
specify a passphrase when generating the key; that passphrase will be |
|
|
| .It Pa ~/.ssh/id_ed25519.pub |
.It Pa ~/.ssh/id_ed25519.pub |
| .It Pa ~/.ssh/id_ed25519_sk.pub |
.It Pa ~/.ssh/id_ed25519_sk.pub |
| .It Pa ~/.ssh/id_rsa.pub |
.It Pa ~/.ssh/id_rsa.pub |
| Contains the DSA, ECDSA, security key-hosted ECDSA, Ed25519, |
Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519, |
| security key-hosted Ed25519 or RSA public key for authentication. |
authenticator-hosted Ed25519 or RSA public key for authentication. |
| The contents of this file should be added to |
The contents of this file should be added to |
| .Pa ~/.ssh/authorized_keys |
.Pa ~/.ssh/authorized_keys |
| on all machines |
on all machines |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh-keygen.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh