| version 1.23.2.3, 2001/03/21 19:46:29 |
version 1.23.2.4, 2001/05/07 21:09:35 |
|
|
| .Os |
.Os |
| .Sh NAME |
.Sh NAME |
| .Nm ssh-keygen |
.Nm ssh-keygen |
| .Nd authentication key generation |
.Nd authentication key generation, management and conversion |
| .Sh SYNOPSIS |
.Sh SYNOPSIS |
| .Nm ssh-keygen |
.Nm ssh-keygen |
| .Op Fl q |
.Op Fl q |
|
|
| .Op Fl N Ar new_passphrase |
.Op Fl N Ar new_passphrase |
| .Op Fl f Ar keyfile |
.Op Fl f Ar keyfile |
| .Nm ssh-keygen |
.Nm ssh-keygen |
| .Fl x |
.Fl i |
| .Op Fl f Ar input_keyfile |
.Op Fl f Ar input_keyfile |
| .Nm ssh-keygen |
.Nm ssh-keygen |
| .Fl X |
.Fl e |
| .Op Fl f Ar input_keyfile |
.Op Fl f Ar input_keyfile |
| .Nm ssh-keygen |
.Nm ssh-keygen |
| .Fl y |
.Fl y |
|
|
| .Op Fl f Ar input_keyfile |
.Op Fl f Ar input_keyfile |
| .Sh DESCRIPTION |
.Sh DESCRIPTION |
| .Nm |
.Nm |
| generates and manages authentication keys for |
generates, manages and converts authentication keys for |
| .Xr ssh 1 . |
.Xr ssh 1 . |
| .Nm |
.Nm |
| defaults to generating an RSA key for use by protocols 1.3 and 1.5; |
defaults to generating a RSA1 key for use by SSH protocol version 1. |
| specifying the |
specifying the |
| .Fl t |
.Fl t |
| option allows you to create a key for use by protocol 2.0. |
option allows you to create a key for use by SSH protocol version 2. |
| .Pp |
.Pp |
| Normally each user wishing to use SSH |
Normally each user wishing to use SSH |
| with RSA or DSA authentication runs this once to create the authentication |
with RSA or DSA authentication runs this once to create the authentication |
| key in |
key in |
| .Pa $HOME/.ssh/identity |
.Pa $HOME/.ssh/identity , |
| |
.Pa $HOME/.ssh/id_dsa |
| or |
or |
| .Pa $HOME/.ssh/id_dsa . |
.Pa $HOME/.ssh/id_rsa . |
| Additionally, the system administrator may use this to generate host keys, |
Additionally, the system administrator may use this to generate host keys, |
| as seen in |
as seen in |
| .Pa /etc/rc . |
.Pa /etc/rc . |
|
|
| lost or forgotten, you will have to generate a new key and copy the |
lost or forgotten, you will have to generate a new key and copy the |
| corresponding public key to other machines. |
corresponding public key to other machines. |
| .Pp |
.Pp |
| For RSA, there is also a comment field in the key file that is only for |
For RSA1 keys, |
| |
there is also a comment field in the key file that is only for |
| convenience to the user to help identify the key. |
convenience to the user to help identify the key. |
| The comment can tell what the key is for, or whatever is useful. |
The comment can tell what the key is for, or whatever is useful. |
| The comment is initialized to |
The comment is initialized to |
|
|
| Requests changing the comment in the private and public key files. |
Requests changing the comment in the private and public key files. |
| The program will prompt for the file containing the private keys, for |
The program will prompt for the file containing the private keys, for |
| passphrase if the key has one, and for the new comment. |
passphrase if the key has one, and for the new comment. |
| |
.It Fl e |
| |
This option will read a private or public OpenSSH key file and |
| |
print the key in a |
| |
.Sq SECSH Public Key File Format |
| |
to stdout. |
| |
This option allows exporting keys for use by several commercial |
| |
SSH implementations. |
| .It Fl f |
.It Fl f |
| Specifies the filename of the key file. |
Specifies the filename of the key file. |
| |
.It Fl i |
| |
This option will read an unencrypted private (or public) key file |
| |
in SSH2-compatible format and print an OpenSSH compatible private |
| |
(or public) key to stdout. |
| |
.Nm |
| |
also reads the |
| |
.Sq SECSH Public Key File Format . |
| |
This option allows importing keys from several commercial |
| |
SSH implementations. |
| .It Fl l |
.It Fl l |
| Show fingerprint of specified private or public key file. |
Show fingerprint of specified private or public key file. |
| .It Fl p |
.It Fl p |
|
|
| Used by |
Used by |
| .Pa /etc/rc |
.Pa /etc/rc |
| when creating a new key. |
when creating a new key. |
| |
.It Fl y |
| |
This option will read a private |
| |
OpenSSH format file and print an OpenSSH public key to stdout. |
| .It Fl t Ar type |
.It Fl t Ar type |
| Specifies the type of the key to create. |
Specifies the type of the key to create. |
| The possible values are |
The possible values are |
|
|
| Provides the new passphrase. |
Provides the new passphrase. |
| .It Fl P Ar passphrase |
.It Fl P Ar passphrase |
| Provides the (old) passphrase. |
Provides the (old) passphrase. |
| .It Fl x |
|
| This option will read a private |
|
| OpenSSH DSA format file and print a SSH2-compatible public key to stdout. |
|
| .It Fl X |
|
| This option will read a unencrypted |
|
| SSH2-compatible private (or public) key file and |
|
| print an OpenSSH compatible private (or public) key to stdout. |
|
| .It Fl y |
|
| This option will read a private |
|
| OpenSSH format file and print an OpenSSH public key to stdout. |
|
| .El |
.El |
| .Sh FILES |
.Sh FILES |
| .Bl -tag -width Ds |
.Bl -tag -width Ds |
| .It Pa $HOME/.ssh/identity |
.It Pa $HOME/.ssh/identity |
| Contains the RSA authentication identity of the user. |
Contains the protocol version 1 RSA authentication identity of the user. |
| This file should not be readable by anyone but the user. |
This file should not be readable by anyone but the user. |
| It is possible to |
It is possible to |
| specify a passphrase when generating the key; that passphrase will be |
specify a passphrase when generating the key; that passphrase will be |
|
|
| .Xr sshd 8 |
.Xr sshd 8 |
| will read this file when a login attempt is made. |
will read this file when a login attempt is made. |
| .It Pa $HOME/.ssh/identity.pub |
.It Pa $HOME/.ssh/identity.pub |
| Contains the public key for authentication. |
Contains the protocol version 1 RSA public key for authentication. |
| The contents of this file should be added to |
The contents of this file should be added to |
| .Pa $HOME/.ssh/authorized_keys |
.Pa $HOME/.ssh/authorized_keys |
| on all machines |
on all machines |
| where you wish to log in using RSA authentication. |
where you wish to log in using RSA authentication. |
| There is no need to keep the contents of this file secret. |
There is no need to keep the contents of this file secret. |
| .It Pa $HOME/.ssh/id_dsa |
.It Pa $HOME/.ssh/id_dsa |
| Contains the DSA authentication identity of the user. |
Contains the protocol version 2 DSA authentication identity of the user. |
| This file should not be readable by anyone but the user. |
This file should not be readable by anyone but the user. |
| It is possible to |
It is possible to |
| specify a passphrase when generating the key; that passphrase will be |
specify a passphrase when generating the key; that passphrase will be |
|
|
| .Xr sshd 8 |
.Xr sshd 8 |
| will read this file when a login attempt is made. |
will read this file when a login attempt is made. |
| .It Pa $HOME/.ssh/id_dsa.pub |
.It Pa $HOME/.ssh/id_dsa.pub |
| Contains the public key for authentication. |
Contains the protocol version 2 DSA public key for authentication. |
| The contents of this file should be added to |
The contents of this file should be added to |
| .Pa $HOME/.ssh/authorized_keys2 |
.Pa $HOME/.ssh/authorized_keys2 |
| on all machines |
on all machines |
| where you wish to log in using public key authentication. |
where you wish to log in using public key authentication. |
| There is no need to keep the contents of this file secret. |
There is no need to keep the contents of this file secret. |
| |
.It Pa $HOME/.ssh/id_rsa |
| |
Contains the protocol version 2 RSA authentication identity of the user. |
| |
This file should not be readable by anyone but the user. |
| |
It is possible to |
| |
specify a passphrase when generating the key; that passphrase will be |
| |
used to encrypt the private part of this file using 3DES. |
| |
This file is not automatically accessed by |
| |
.Nm |
| |
but it is offered as the default file for the private key. |
| |
.Xr sshd 8 |
| |
will read this file when a login attempt is made. |
| |
.It Pa $HOME/.ssh/id_rsa.pub |
| |
Contains the protocol version 2 RSA public key for authentication. |
| |
The contents of this file should be added to |
| |
.Pa $HOME/.ssh/authorized_keys2 |
| |
on all machines |
| |
where you wish to log in using public key authentication. |
| |
There is no need to keep the contents of this file secret. |
| .El |
.El |
| .Sh AUTHORS |
.Sh AUTHORS |
| OpenSSH is a derivative of the original and free |
OpenSSH is a derivative of the original and free |
|
|
| .Xr ssh-add 1 , |
.Xr ssh-add 1 , |
| .Xr ssh-agent 1 , |
.Xr ssh-agent 1 , |
| .Xr sshd 8 |
.Xr sshd 8 |
| |
.Rs |
| |
.%A J. Galbraith |
| |
.%A R. Thayer |
| |
.%T "SECSH Public Key File Format" |
| |
.%N draft-ietf-secsh-publickeyfile-01.txt |
| |
.%D March 2001 |
| |
.%O work in progress material |
| |
.Re |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh-keygen.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh