src/usr.bin/ssh/ssh-keygen.1 - diff

Return to ssh-keygen.1 CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/ssh-keygen.1 between version 1.23.2.7 and 1.24

version 1.23.2.7, 2002/03/08 17:04:43

version 1.24, 2000/11/10 05:10:40

Line 1

.\" $OpenBSD$

.\"

.\" -*- nroff -*-

.\"

.\" Author: Tatu Ylonen <ylo@cs.hut.fi>

Line 13

Line 11

.\" called by a name other than "ssh" or "Secure Shell".

.\"

.\" Redistribution and use in source and binary forms, with or without

.\" modification, are permitted provided that the following conditions

Line 42

Line 40

.Os

.Sh NAME

.Nm ssh-keygen

.Nd authentication key generation, management and conversion

.Nd authentication key generation

.Sh SYNOPSIS

.Nm ssh-keygen

.Op Fl q

.Op Fl dq

.Op Fl b Ar bits

.Fl t Ar type

.Op Fl N Ar new_passphrase

.Op Fl C Ar comment

.Op Fl f Ar output_keyfile

Line 57

Line 54

.Op Fl N Ar new_passphrase

.Op Fl f Ar keyfile

.Nm ssh-keygen

.Fl i

.Fl x

.Op Fl f Ar input_keyfile

.Nm ssh-keygen

.Fl e

.Fl X

.Op Fl f Ar input_keyfile

.Nm ssh-keygen

.Fl y

Line 74

Line 71

.Fl l

.Op Fl f Ar input_keyfile

.Nm ssh-keygen

.Fl B

.Fl R

.Op Fl f Ar input_keyfile

.Nm ssh-keygen

.Fl D Ar reader

.Nm ssh-keygen

.Fl U Ar reader

.Op Fl f Ar input_keyfile

.Sh DESCRIPTION

.Nm

generates, manages and converts authentication keys for

generates and manages authentication keys for

.Xr ssh 1 .

.Nm

can create RSA keys for use by SSH protocol version 1 and RSA or DSA

defaults to generating an RSA key for use by protocols 1.3 and 1.5;

keys for use by SSH protocol version 2. The type of key to be generated

specifying the

is specified with the

.Fl d

.Fl t

flag will create a DSA key instead for use by protocol 2.0.

option.

.Pp

Normally each user wishing to use SSH

with RSA or DSA authentication runs this once to create the authentication

key in

.Pa $HOME/.ssh/identity ,

.Pa $HOME/.ssh/identity

.Pa $HOME/.ssh/id_dsa

.Pa $HOME/.ssh/id_rsa .

.Pa $HOME/.ssh/id_dsa .

Additionally, the system administrator may use this to generate host keys,

as seen in

.Pa /etc/rc .

Line 110

Line 99

appended.

The program also asks for a passphrase.

The passphrase may be empty to indicate no passphrase

(host keys must have an empty passphrase), or it may be a string of

(host keys must have empty passphrase), or it may be a string of

arbitrary length.

A passphrase is similar to a password, except it can be a phrase with a

Good passphrases are 10-30 characters long and are

series of words, punctuation, numbers, whitespace, or any string of

characters you want.

Good passphrases are 10-30 characters long, are

not simple sentences or otherwise easily guessable (English

prose has only 1-2 bits of entropy per character, and provides very bad

prose has only 1-2 bits of entropy per word, and provides very bad

passphrases), and contain a mix of upper and lowercase letters,

passphrases).

numbers, and non-alphanumeric characters.

The passphrase can be changed later by using the

.Fl p

option.

.Pp

There is no way to recover a lost passphrase.

If the passphrase is

lost or forgotten, a new key must be generated and copied to the

lost or forgotten, you will have to generate a new key and copy the

corresponding public key to other machines.

.Pp

For RSA1 keys,

For RSA, there is also a comment field in the key file that is only for

there is also a comment field in the key file that is only for

convenience to the user to help identify the key.

The comment can tell what the key is for, or whatever is useful.

The comment is initialized to

Line 152

Line 136

The default is 1024 bits.

.It Fl c

Requests changing the comment in the private and public key files.

This operation is only supported for RSA1 keys.

The program will prompt for the file containing the private keys, for

the passphrase if the key has one, and for the new comment.

passphrase if the key has one, and for the new comment.

.It Fl e

.It Fl f

This option will read a private or public OpenSSH key file and

print the key in a

.Sq SECSH Public Key File Format

to stdout.

This option allows exporting keys for use by several commercial

SSH implementations.

.It Fl f Ar filename

Specifies the filename of the key file.

.It Fl i

This option will read an unencrypted private (or public) key file

in SSH2-compatible format and print an OpenSSH compatible private

(or public) key to stdout.

.Nm

also reads the

.Sq SECSH Public Key File Format .

This option allows importing keys from several commercial

SSH implementations.

.It Fl l

Show fingerprint of specified public key file.

Show fingerprint of specified private or public key file.

Private RSA1 keys are also supported.

For RSA and DSA keys

.Nm

tries to find the matching public key file and prints its fingerprint.

.It Fl p

Requests changing the passphrase of a private key file instead of

creating a new private key.

Line 191

Line 154

Used by

.Pa /etc/rc

when creating a new key.

.It Fl y

This option will read a private

OpenSSH format file and print an OpenSSH public key to stdout.

.It Fl t Ar type

Specifies the type of the key to create.

The possible values are

.Dq rsa1

for protocol version 1 and

.Dq rsa

.Dq dsa

for protocol version 2.

.It Fl B

Show the bubblebabble digest of specified private or public key file.

.It Fl C Ar comment

Provides the new comment.

.It Fl D Ar reader

Download the RSA public key stored in the smartcard in

.Ar reader .

.It Fl N Ar new_passphrase

Provides the new passphrase.

.It Fl P Ar passphrase

Provides the (old) passphrase.

.It Fl U Ar reader

.It Fl R

Upload an existing RSA private key into the smartcard in

If RSA support is functional, immediately exits with code 0. If RSA

.Ar reader .

support is not functional, exits with code 1. This flag will be

removed once the RSA patent expires.

.It Fl x

This option will read a private

OpenSSH DSA format file and print a SSH2-compatible public key to stdout.

.It Fl X

This option will read a unencrypted

SSH2-compatible private (or public) key file and

print an OpenSSH compatible private (or public) key to stdout.

.It Fl y

This option will read a private

OpenSSH DSA format file and print an OpenSSH DSA public key to stdout.

.El

.Sh FILES

.Bl -tag -width Ds

.It Pa $HOME/.ssh/identity

Contains the protocol version 1 RSA authentication identity of the user.

Contains the RSA authentication identity of the user.

This file should not be readable by anyone but the user.

It is possible to

specify a passphrase when generating the key; that passphrase will be

Line 229

Line 186

This file is not automatically accessed by

.Nm

but it is offered as the default file for the private key.

.Xr ssh 1

.Xr sshd 8

will read this file when a login attempt is made.

.It Pa $HOME/.ssh/identity.pub

Contains the protocol version 1 RSA public key for authentication.

Contains the public key for authentication.

The contents of this file should be added to

.Pa $HOME/.ssh/authorized_keys

on all machines

where the user wishes to log in using RSA authentication.

where you wish to log in using RSA authentication.

There is no need to keep the contents of this file secret.

.It Pa $HOME/.ssh/id_dsa

Contains the protocol version 2 DSA authentication identity of the user.

Contains the DSA authentication identity of the user.

This file should not be readable by anyone but the user.

It is possible to

specify a passphrase when generating the key; that passphrase will be

Line 247

Line 204

This file is not automatically accessed by

.Nm

but it is offered as the default file for the private key.

.Xr ssh 1

.Xr sshd 8

will read this file when a login attempt is made.

.It Pa $HOME/.ssh/id_dsa.pub

Contains the protocol version 2 DSA public key for authentication.

Contains the public key for authentication.

The contents of this file should be added to

.Pa $HOME/.ssh/authorized_keys

.Pa $HOME/.ssh/authorized_keys2

on all machines

where the user wishes to log in using public key authentication.

where you wish to log in using DSA authentication.

There is no need to keep the contents of this file secret.

.It Pa $HOME/.ssh/id_rsa

Contains the protocol version 2 RSA authentication identity of the user.

This file should not be readable by anyone but the user.

It is possible to

specify a passphrase when generating the key; that passphrase will be

used to encrypt the private part of this file using 3DES.

This file is not automatically accessed by

.Nm

but it is offered as the default file for the private key.

.Xr ssh 1

will read this file when a login attempt is made.

.It Pa $HOME/.ssh/id_rsa.pub

Contains the protocol version 2 RSA public key for authentication.

The contents of this file should be added to

.Pa $HOME/.ssh/authorized_keys

on all machines

where the user wishes to log in using public key authentication.

There is no need to keep the contents of this file secret.

.El

.Sh AUTHORS

OpenSSH is a derivative of the original and free

Tatu Ylonen <ylo@cs.hut.fi>

ssh 1.2.12 release by Tatu Ylonen.

.Pp

Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,

OpenSSH

Theo de Raadt and Dug Song

is a derivative of the original (free) ssh 1.2.12 release, but with bugs

removed many bugs, re-added newer features and

removed and newer features re-added.

created OpenSSH.

Rapidly after the 1.2.12 release,

Markus Friedl contributed the support for SSH

newer versions bore successively more restrictive licenses.

protocol versions 1.5 and 2.0.

This version of OpenSSH

.Bl -bullet

.It

has all components of a restrictive nature (i.e., patents, see

.Xr ssl 8 )

directly removed from the source code; any licensed or patented components

are chosen from

external libraries.

.It

has been updated to support ssh protocol 1.5.

.It

contains added support for

.Xr kerberos 8

authentication and ticket passing.

.It

supports one-time password authentication with

.Xr skey 1 .

.El

.Sh SEE ALSO

.Xr ssh 1 ,

.Xr ssh-add 1 ,

.Xr ssh-agent 1 ,

.Xr sshd 8

.Xr sshd 8 ,

.Rs

.Xr ssl 8

.%A J. Galbraith

.%A R. Thayer

.%T "SECSH Public Key File Format"

.%N draft-ietf-secsh-publickeyfile-01.txt

.%D March 2001

.%O work in progress material

.Re