| version 1.23, 2000/10/09 21:30:43 |
version 1.23.2.2, 2001/02/19 17:19:29 |
|
|
| |
.\" $OpenBSD$ |
| |
.\" |
| .\" -*- nroff -*- |
.\" -*- nroff -*- |
| .\" |
.\" |
| .\" Author: Tatu Ylonen <ylo@cs.hut.fi> |
.\" Author: Tatu Ylonen <ylo@cs.hut.fi> |
|
|
| .Nd authentication key generation |
.Nd authentication key generation |
| .Sh SYNOPSIS |
.Sh SYNOPSIS |
| .Nm ssh-keygen |
.Nm ssh-keygen |
| .Op Fl dq |
.Op Fl q |
| .Op Fl b Ar bits |
.Op Fl b Ar bits |
| |
.Op Fl t Ar type |
| .Op Fl N Ar new_passphrase |
.Op Fl N Ar new_passphrase |
| .Op Fl C Ar comment |
.Op Fl C Ar comment |
| .Op Fl f Ar output_keyfile |
.Op Fl f Ar output_keyfile |
|
|
| .Nm ssh-keygen |
.Nm ssh-keygen |
| .Fl l |
.Fl l |
| .Op Fl f Ar input_keyfile |
.Op Fl f Ar input_keyfile |
| .Nm ssh-keygen |
|
| .Fl R |
|
| .Sh DESCRIPTION |
.Sh DESCRIPTION |
| .Nm |
.Nm |
| generates and manages authentication keys for |
generates and manages authentication keys for |
|
|
| .Nm |
.Nm |
| defaults to generating an RSA key for use by protocols 1.3 and 1.5; |
defaults to generating an RSA key for use by protocols 1.3 and 1.5; |
| specifying the |
specifying the |
| .Fl d |
.Fl t |
| flag will create a DSA key instead for use by protocol 2.0. |
option allows you to create a key for use by protocol 2.0. |
| .Pp |
.Pp |
| Normally each user wishing to use SSH |
Normally each user wishing to use SSH |
| with RSA or DSA authentication runs this once to create the authentication |
with RSA or DSA authentication runs this once to create the authentication |
|
|
| appended. |
appended. |
| The program also asks for a passphrase. |
The program also asks for a passphrase. |
| The passphrase may be empty to indicate no passphrase |
The passphrase may be empty to indicate no passphrase |
| (host keys must have empty passphrase), or it may be a string of |
(host keys must have an empty passphrase), or it may be a string of |
| arbitrary length. |
arbitrary length. |
| Good passphrases are 10-30 characters long and are |
Good passphrases are 10-30 characters long and are |
| not simple sentences or otherwise easily guessable (English |
not simple sentences or otherwise easily guessable (English |
|
|
| Used by |
Used by |
| .Pa /etc/rc |
.Pa /etc/rc |
| when creating a new key. |
when creating a new key. |
| |
.It Fl t Ar type |
| |
Specifies the type of the key to create. |
| |
The possible values are |
| |
.Dq rsa1 |
| |
for protocol version 1 and |
| |
.Dq rsa |
| |
or |
| |
.Dq dsa |
| |
for protocol version 2. |
| |
The default is |
| |
.Dq rsa . |
| .It Fl C Ar comment |
.It Fl C Ar comment |
| Provides the new comment. |
Provides the new comment. |
| .It Fl N Ar new_passphrase |
.It Fl N Ar new_passphrase |
| Provides the new passphrase. |
Provides the new passphrase. |
| .It Fl P Ar passphrase |
.It Fl P Ar passphrase |
| Provides the (old) passphrase. |
Provides the (old) passphrase. |
| .It Fl R |
|
| If RSA support is functional, immediately exits with code 0. If RSA |
|
| support is not functional, exits with code 1. This flag will be |
|
| removed once the RSA patent expires. |
|
| .It Fl x |
.It Fl x |
| This option will read a private |
This option will read a private |
| OpenSSH DSA format file and print a SSH2-compatible public key to stdout. |
OpenSSH DSA format file and print a SSH2-compatible public key to stdout. |
|
|
| print an OpenSSH compatible private (or public) key to stdout. |
print an OpenSSH compatible private (or public) key to stdout. |
| .It Fl y |
.It Fl y |
| This option will read a private |
This option will read a private |
| OpenSSH DSA format file and print an OpenSSH DSA public key to stdout. |
OpenSSH format file and print an OpenSSH public key to stdout. |
| .El |
.El |
| .Sh FILES |
.Sh FILES |
| .Bl -tag -width Ds |
.Bl -tag -width Ds |
|
|
| The contents of this file should be added to |
The contents of this file should be added to |
| .Pa $HOME/.ssh/authorized_keys2 |
.Pa $HOME/.ssh/authorized_keys2 |
| on all machines |
on all machines |
| where you wish to log in using DSA authentication. |
where you wish to log in using public key authentication. |
| There is no need to keep the contents of this file secret. |
There is no need to keep the contents of this file secret. |
| .El |
.El |
| .Sh AUTHOR |
.Sh AUTHORS |
| Tatu Ylonen <ylo@cs.hut.fi> |
OpenSSH is a derivative of the original and free |
| .Pp |
ssh 1.2.12 release by Tatu Ylonen. |
| OpenSSH |
Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, |
| is a derivative of the original (free) ssh 1.2.12 release, but with bugs |
Theo de Raadt and Dug Song |
| removed and newer features re-added. |
removed many bugs, re-added newer features and |
| Rapidly after the 1.2.12 release, |
created OpenSSH. |
| newer versions bore successively more restrictive licenses. |
Markus Friedl contributed the support for SSH |
| This version of OpenSSH |
protocol versions 1.5 and 2.0. |
| .Bl -bullet |
|
| .It |
|
| has all components of a restrictive nature (i.e., patents, see |
|
| .Xr ssl 8 ) |
|
| directly removed from the source code; any licensed or patented components |
|
| are chosen from |
|
| external libraries. |
|
| .It |
|
| has been updated to support ssh protocol 1.5. |
|
| .It |
|
| contains added support for |
|
| .Xr kerberos 8 |
|
| authentication and ticket passing. |
|
| .It |
|
| supports one-time password authentication with |
|
| .Xr skey 1 . |
|
| .El |
|
| .Sh SEE ALSO |
.Sh SEE ALSO |
| .Xr ssh 1 , |
.Xr ssh 1 , |
| .Xr ssh-add 1 , |
.Xr ssh-add 1 , |
| .Xr ssh-agent 1 , |
.Xr ssh-agent 1 , |
| .Xr sshd 8 , |
.Xr sshd 8 |
| .Xr ssl 8 |
|
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh-keygen.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh