version 1.18.2.4, 2001/03/21 18:53:09 |
version 1.19, 2000/07/06 04:06:56 |
|
|
.\" $OpenBSD$ |
|
.\" |
|
.\" -*- nroff -*- |
.\" -*- nroff -*- |
.\" |
.\" |
|
.\" ssh-keygen.1 |
|
.\" |
.\" Author: Tatu Ylonen <ylo@cs.hut.fi> |
.\" Author: Tatu Ylonen <ylo@cs.hut.fi> |
|
.\" |
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
.\" All rights reserved |
.\" All rights reserved |
.\" |
.\" |
.\" As far as I am concerned, the code I have written for this software |
.\" Created: Sat Apr 22 23:55:14 1995 ylo |
.\" can be used freely for any purpose. Any derived versions of this |
|
.\" software must be clearly marked as such, and if the derived work is |
|
.\" incompatible with the protocol description in the RFC file, it must be |
|
.\" called by a name other than "ssh" or "Secure Shell". |
|
.\" |
.\" |
|
.\" $Id$ |
.\" |
.\" |
.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. |
|
.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. |
|
.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. |
|
.\" |
|
.\" Redistribution and use in source and binary forms, with or without |
|
.\" modification, are permitted provided that the following conditions |
|
.\" are met: |
|
.\" 1. Redistributions of source code must retain the above copyright |
|
.\" notice, this list of conditions and the following disclaimer. |
|
.\" 2. Redistributions in binary form must reproduce the above copyright |
|
.\" notice, this list of conditions and the following disclaimer in the |
|
.\" documentation and/or other materials provided with the distribution. |
|
.\" |
|
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
|
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
|
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
|
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
|
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
|
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
|
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
|
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
|
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
|
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
|
.\" |
|
.Dd September 25, 1999 |
.Dd September 25, 1999 |
.Dt SSH-KEYGEN 1 |
.Dt SSH-KEYGEN 1 |
.Os |
.Os |
|
|
.Nd authentication key generation |
.Nd authentication key generation |
.Sh SYNOPSIS |
.Sh SYNOPSIS |
.Nm ssh-keygen |
.Nm ssh-keygen |
.Op Fl q |
.Op Fl dq |
.Op Fl b Ar bits |
.Op Fl b Ar bits |
.Op Fl t Ar type |
|
.Op Fl N Ar new_passphrase |
.Op Fl N Ar new_passphrase |
.Op Fl C Ar comment |
.Op Fl C Ar comment |
.Op Fl f Ar output_keyfile |
.Op Fl f Ar keyfile |
.Nm ssh-keygen |
.Nm ssh-keygen |
.Fl p |
.Fl p |
.Op Fl P Ar old_passphrase |
.Op Fl P Ar old_passphrase |
|
|
.Op Fl f Ar keyfile |
.Op Fl f Ar keyfile |
.Nm ssh-keygen |
.Nm ssh-keygen |
.Fl x |
.Fl x |
.Op Fl f Ar input_keyfile |
.Op Fl f Ar keyfile |
.Nm ssh-keygen |
.Nm ssh-keygen |
.Fl X |
.Fl X |
.Op Fl f Ar input_keyfile |
.Op Fl f Ar keyfile |
.Nm ssh-keygen |
.Nm ssh-keygen |
.Fl y |
.Fl y |
.Op Fl f Ar input_keyfile |
.Op Fl f Ar keyfile |
.Nm ssh-keygen |
.Nm ssh-keygen |
.Fl c |
.Fl c |
.Op Fl P Ar passphrase |
.Op Fl P Ar passphrase |
|
|
.Op Fl f Ar keyfile |
.Op Fl f Ar keyfile |
.Nm ssh-keygen |
.Nm ssh-keygen |
.Fl l |
.Fl l |
.Op Fl f Ar input_keyfile |
.Op Fl f Ar keyfile |
.Nm ssh-keygen |
.Nm ssh-keygen |
.Fl B |
.Fl R |
.Op Fl f Ar input_keyfile |
|
.Sh DESCRIPTION |
.Sh DESCRIPTION |
.Nm |
.Nm |
generates and manages authentication keys for |
generates and manages authentication keys for |
|
|
.Nm |
.Nm |
defaults to generating an RSA key for use by protocols 1.3 and 1.5; |
defaults to generating an RSA key for use by protocols 1.3 and 1.5; |
specifying the |
specifying the |
.Fl t |
.Fl d |
option allows you to create a key for use by protocol 2.0. |
flag will create a DSA key instead for use by protocol 2.0. |
.Pp |
.Pp |
Normally each user wishing to use SSH |
Normally each user wishing to use SSH |
with RSA or DSA authentication runs this once to create the authentication |
with RSA or DSA authentication runs this once to create the authentication |
|
|
appended. |
appended. |
The program also asks for a passphrase. |
The program also asks for a passphrase. |
The passphrase may be empty to indicate no passphrase |
The passphrase may be empty to indicate no passphrase |
(host keys must have an empty passphrase), or it may be a string of |
(host keys must have empty passphrase), or it may be a string of |
arbitrary length. |
arbitrary length. |
Good passphrases are 10-30 characters long and are |
Good passphrases are 10-30 characters long and are |
not simple sentences or otherwise easily guessable (English |
not simple sentences or otherwise easily guessable (English |
|
|
Used by |
Used by |
.Pa /etc/rc |
.Pa /etc/rc |
when creating a new key. |
when creating a new key. |
.It Fl t Ar type |
|
Specifies the type of the key to create. |
|
The possible values are |
|
.Dq rsa1 |
|
for protocol version 1 and |
|
.Dq rsa |
|
or |
|
.Dq dsa |
|
for protocol version 2. |
|
The default is |
|
.Dq rsa1 . |
|
.It Fl B |
|
Show the bubblebabble digest of specified private or public key file. |
|
.It Fl C Ar comment |
.It Fl C Ar comment |
Provides the new comment. |
Provides the new comment. |
.It Fl N Ar new_passphrase |
.It Fl N Ar new_passphrase |
Provides the new passphrase. |
Provides the new passphrase. |
.It Fl P Ar passphrase |
.It Fl P Ar passphrase |
Provides the (old) passphrase. |
Provides the (old) passphrase. |
|
.It Fl R |
|
If RSA support is functional, immediately exits with code 0. If RSA |
|
support is not functional, exits with code 1. This flag will be |
|
removed once the RSA patent expires. |
.It Fl x |
.It Fl x |
This option will read a private |
This option will read a private |
OpenSSH DSA format file and print a SSH2-compatible public key to stdout. |
OpenSSH DSA format file and print a SSH2-compatible public key to stdout. |
.It Fl X |
.It Fl X |
This option will read a unencrypted |
This option will read a |
SSH2-compatible private (or public) key file and |
SSH2-compatible public key file and print an OpenSSH DSA compatible public key to stdout. |
print an OpenSSH compatible private (or public) key to stdout. |
|
.It Fl y |
.It Fl y |
This option will read a private |
This option will read a private |
OpenSSH format file and print an OpenSSH public key to stdout. |
OpenSSH DSA format file and print an OpenSSH DSA public key to stdout. |
.El |
.El |
.Sh FILES |
.Sh FILES |
.Bl -tag -width Ds |
.Bl -tag -width Ds |
|
|
The contents of this file should be added to |
The contents of this file should be added to |
.Pa $HOME/.ssh/authorized_keys2 |
.Pa $HOME/.ssh/authorized_keys2 |
on all machines |
on all machines |
where you wish to log in using public key authentication. |
where you wish to log in using DSA authentication. |
There is no need to keep the contents of this file secret. |
There is no need to keep the contents of this file secret. |
.El |
.El |
.Sh AUTHORS |
.Sh AUTHOR |
OpenSSH is a derivative of the original and free |
Tatu Ylonen <ylo@cs.hut.fi> |
ssh 1.2.12 release by Tatu Ylonen. |
.Pp |
Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, |
OpenSSH |
Theo de Raadt and Dug Song |
is a derivative of the original (free) ssh 1.2.12 release, but with bugs |
removed many bugs, re-added newer features and |
removed and newer features re-added. |
created OpenSSH. |
Rapidly after the 1.2.12 release, |
Markus Friedl contributed the support for SSH |
newer versions bore successively more restrictive licenses. |
protocol versions 1.5 and 2.0. |
This version of OpenSSH |
|
.Bl -bullet |
|
.It |
|
has all components of a restrictive nature (i.e., patents, see |
|
.Xr ssl 8 ) |
|
directly removed from the source code; any licensed or patented components |
|
are chosen from |
|
external libraries. |
|
.It |
|
has been updated to support ssh protocol 1.5. |
|
.It |
|
contains added support for |
|
.Xr kerberos 8 |
|
authentication and ticket passing. |
|
.It |
|
supports one-time password authentication with |
|
.Xr skey 1 . |
|
.El |
|
.Pp |
|
The libraries described in |
|
.Xr ssl 8 |
|
are required for proper operation. |
.Sh SEE ALSO |
.Sh SEE ALSO |
.Xr ssh 1 , |
.Xr ssh 1 , |
.Xr ssh-add 1 , |
.Xr ssh-add 1 , |
.Xr ssh-agent 1 , |
.Xr ssh-agent 1 , |
.Xr sshd 8 |
.Xr sshd 8 , |
|
.Xr ssl 8 |