| version 1.23.2.4, 2001/05/07 21:09:35 |
version 1.23.2.5, 2001/09/27 00:15:42 |
|
|
| .Nm ssh-keygen |
.Nm ssh-keygen |
| .Fl B |
.Fl B |
| .Op Fl f Ar input_keyfile |
.Op Fl f Ar input_keyfile |
| |
.Nm ssh-keygen |
| |
.Fl D Ar reader |
| |
.Nm ssh-keygen |
| |
.Fl U Ar reader |
| |
.Op Fl f Ar input_keyfile |
| .Sh DESCRIPTION |
.Sh DESCRIPTION |
| .Nm |
.Nm |
| generates, manages and converts authentication keys for |
generates, manages and converts authentication keys for |
| .Xr ssh 1 . |
.Xr ssh 1 . |
| .Nm |
.Nm |
| defaults to generating a RSA1 key for use by SSH protocol version 1. |
defaults to generating a RSA1 key for use by SSH protocol version 1. |
| specifying the |
Specifying the |
| .Fl t |
.Fl t |
| option allows you to create a key for use by SSH protocol version 2. |
option instead creates a key for use by SSH protocol version 2. |
| .Pp |
.Pp |
| Normally each user wishing to use SSH |
Normally each user wishing to use SSH |
| with RSA or DSA authentication runs this once to create the authentication |
with RSA or DSA authentication runs this once to create the authentication |
|
|
| arbitrary length. |
arbitrary length. |
| Good passphrases are 10-30 characters long and are |
Good passphrases are 10-30 characters long and are |
| not simple sentences or otherwise easily guessable (English |
not simple sentences or otherwise easily guessable (English |
| prose has only 1-2 bits of entropy per word, and provides very bad |
prose has only 1-2 bits of entropy per character, and provides very bad |
| passphrases). |
passphrases). |
| The passphrase can be changed later by using the |
The passphrase can be changed later by using the |
| .Fl p |
.Fl p |
|
|
| .Pp |
.Pp |
| There is no way to recover a lost passphrase. |
There is no way to recover a lost passphrase. |
| If the passphrase is |
If the passphrase is |
| lost or forgotten, you will have to generate a new key and copy the |
lost or forgotten, a new key must be generated and copied to the |
| corresponding public key to other machines. |
corresponding public key to other machines. |
| .Pp |
.Pp |
| For RSA1 keys, |
For RSA1 keys, |
|
|
| .It Fl c |
.It Fl c |
| Requests changing the comment in the private and public key files. |
Requests changing the comment in the private and public key files. |
| The program will prompt for the file containing the private keys, for |
The program will prompt for the file containing the private keys, for |
| passphrase if the key has one, and for the new comment. |
the passphrase if the key has one, and for the new comment. |
| .It Fl e |
.It Fl e |
| This option will read a private or public OpenSSH key file and |
This option will read a private or public OpenSSH key file and |
| print the key in a |
print the key in a |
|
|
| to stdout. |
to stdout. |
| This option allows exporting keys for use by several commercial |
This option allows exporting keys for use by several commercial |
| SSH implementations. |
SSH implementations. |
| .It Fl f |
.It Fl f Ar filename |
| Specifies the filename of the key file. |
Specifies the filename of the key file. |
| .It Fl i |
.It Fl i |
| This option will read an unencrypted private (or public) key file |
This option will read an unencrypted private (or public) key file |
|
|
| Show the bubblebabble digest of specified private or public key file. |
Show the bubblebabble digest of specified private or public key file. |
| .It Fl C Ar comment |
.It Fl C Ar comment |
| Provides the new comment. |
Provides the new comment. |
| |
.It Fl D Ar reader |
| |
Download the RSA public key stored in the smartcard in |
| |
.Ar reader . |
| .It Fl N Ar new_passphrase |
.It Fl N Ar new_passphrase |
| Provides the new passphrase. |
Provides the new passphrase. |
| .It Fl P Ar passphrase |
.It Fl P Ar passphrase |
| Provides the (old) passphrase. |
Provides the (old) passphrase. |
| |
.It Fl U Ar reader |
| |
Upload an existing RSA private key into the smartcard in |
| |
.Ar reader . |
| .El |
.El |
| .Sh FILES |
.Sh FILES |
| .Bl -tag -width Ds |
.Bl -tag -width Ds |
|
|
| This file is not automatically accessed by |
This file is not automatically accessed by |
| .Nm |
.Nm |
| but it is offered as the default file for the private key. |
but it is offered as the default file for the private key. |
| .Xr sshd 8 |
.Xr ssh 1 |
| will read this file when a login attempt is made. |
will read this file when a login attempt is made. |
| .It Pa $HOME/.ssh/identity.pub |
.It Pa $HOME/.ssh/identity.pub |
| Contains the protocol version 1 RSA public key for authentication. |
Contains the protocol version 1 RSA public key for authentication. |
| The contents of this file should be added to |
The contents of this file should be added to |
| .Pa $HOME/.ssh/authorized_keys |
.Pa $HOME/.ssh/authorized_keys |
| on all machines |
on all machines |
| where you wish to log in using RSA authentication. |
where the user wishes to log in using RSA authentication. |
| There is no need to keep the contents of this file secret. |
There is no need to keep the contents of this file secret. |
| .It Pa $HOME/.ssh/id_dsa |
.It Pa $HOME/.ssh/id_dsa |
| Contains the protocol version 2 DSA authentication identity of the user. |
Contains the protocol version 2 DSA authentication identity of the user. |
|
|
| This file is not automatically accessed by |
This file is not automatically accessed by |
| .Nm |
.Nm |
| but it is offered as the default file for the private key. |
but it is offered as the default file for the private key. |
| .Xr sshd 8 |
.Xr ssh 1 |
| will read this file when a login attempt is made. |
will read this file when a login attempt is made. |
| .It Pa $HOME/.ssh/id_dsa.pub |
.It Pa $HOME/.ssh/id_dsa.pub |
| Contains the protocol version 2 DSA public key for authentication. |
Contains the protocol version 2 DSA public key for authentication. |
| The contents of this file should be added to |
The contents of this file should be added to |
| .Pa $HOME/.ssh/authorized_keys2 |
.Pa $HOME/.ssh/authorized_keys |
| on all machines |
on all machines |
| where you wish to log in using public key authentication. |
where the user wishes to log in using public key authentication. |
| There is no need to keep the contents of this file secret. |
There is no need to keep the contents of this file secret. |
| .It Pa $HOME/.ssh/id_rsa |
.It Pa $HOME/.ssh/id_rsa |
| Contains the protocol version 2 RSA authentication identity of the user. |
Contains the protocol version 2 RSA authentication identity of the user. |
|
|
| This file is not automatically accessed by |
This file is not automatically accessed by |
| .Nm |
.Nm |
| but it is offered as the default file for the private key. |
but it is offered as the default file for the private key. |
| .Xr sshd 8 |
.Xr ssh 1 |
| will read this file when a login attempt is made. |
will read this file when a login attempt is made. |
| .It Pa $HOME/.ssh/id_rsa.pub |
.It Pa $HOME/.ssh/id_rsa.pub |
| Contains the protocol version 2 RSA public key for authentication. |
Contains the protocol version 2 RSA public key for authentication. |
| The contents of this file should be added to |
The contents of this file should be added to |
| .Pa $HOME/.ssh/authorized_keys2 |
.Pa $HOME/.ssh/authorized_keys |
| on all machines |
on all machines |
| where you wish to log in using public key authentication. |
where the user wishes to log in using public key authentication. |
| There is no need to keep the contents of this file secret. |
There is no need to keep the contents of this file secret. |
| .El |
.El |
| .Sh AUTHORS |
.Sh AUTHORS |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh-keygen.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh