| version 1.184, 2019/12/30 03:30:09 |
version 1.185, 2019/12/30 09:49:52 |
|
|
| .Op Fl C Ar comment |
.Op Fl C Ar comment |
| .Op Fl f Ar output_keyfile |
.Op Fl f Ar output_keyfile |
| .Op Fl m Ar format |
.Op Fl m Ar format |
| |
.Op Fl O Ar option |
| .Op Fl t Cm dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa |
.Op Fl t Cm dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa |
| .Op Fl N Ar new_passphrase |
.Op Fl N Ar new_passphrase |
| .Op Fl w Ar provider |
.Op Fl w Ar provider |
| .Op Fl x Ar flags |
|
| .Nm ssh-keygen |
.Nm ssh-keygen |
| .Fl p |
.Fl p |
| .Op Fl f Ar keyfile |
.Op Fl f Ar keyfile |
|
|
| .Sx MODULI GENERATION |
.Sx MODULI GENERATION |
| section may be specified. |
section may be specified. |
| .Pp |
.Pp |
| This option may be specified multiple times. |
When generating a key that will be hosted on a FIDO authenticator, this |
| |
flag may be used to specify key-specific options. |
| |
Two FIDO authenticator options are supported at present: |
| |
.Pp |
| |
.Cm no-touch-required |
| |
indicates that the generated private key should not require touch |
| |
events (user presence) when making signatures. |
| |
Note that |
| |
.Xr sshd 8 |
| |
will refuse such signatures by default, unless overridden via |
| |
an authorized_keys option. |
| |
.Pp |
| |
.Cm resident |
| |
indicates that the key should be stored on the FIDO authenticator itself. |
| |
Resident keys may be supported on FIDO2 tokens and typically require that |
| |
a PIN be set on the token prior to generation. |
| |
Resident keys may be loaded off the token using |
| |
.Xr ssh-add 1 . |
| |
.Pp |
| |
The |
| |
.Fl O |
| |
option may be specified multiple times. |
| .It Fl P Ar passphrase |
.It Fl P Ar passphrase |
| Provides the (old) passphrase. |
Provides the (old) passphrase. |
| .It Fl p |
.It Fl p |
|
|
| Specifies a path to a library that will be used when creating |
Specifies a path to a library that will be used when creating |
| FIDO authenticator-hosted keys, overriding the default of using |
FIDO authenticator-hosted keys, overriding the default of using |
| the internal USB HID support. |
the internal USB HID support. |
| .It Fl x Ar flags |
|
| Specifies the authenticator flags to use when enrolling an authenticator-hosted |
|
| key. |
|
| Flags may be specified by name or directly as a hexadecimal value. |
|
| Only one named flag is supported at present: |
|
| .Cm no-touch-required , |
|
| which indicates that the generated private key should not require touch |
|
| events (user presence) when making signatures. |
|
| Note that |
|
| .Xr sshd 8 |
|
| will refuse such signatures by default, unless overridden via |
|
| an authorized_keys option. |
|
| .It Fl Y Cm check-novalidate |
.It Fl Y Cm check-novalidate |
| Checks that a signature generated using |
Checks that a signature generated using |
| .Nm |
.Nm |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh-keygen.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh