version 1.40.2.3, 2002/03/09 00:20:45 |
version 1.41, 2001/05/05 13:42:52 |
|
|
.Nm ssh-keygen |
.Nm ssh-keygen |
.Op Fl q |
.Op Fl q |
.Op Fl b Ar bits |
.Op Fl b Ar bits |
.Fl t Ar type |
.Op Fl t Ar type |
.Op Fl N Ar new_passphrase |
.Op Fl N Ar new_passphrase |
.Op Fl C Ar comment |
.Op Fl C Ar comment |
.Op Fl f Ar output_keyfile |
.Op Fl f Ar output_keyfile |
|
|
.Nm ssh-keygen |
.Nm ssh-keygen |
.Fl B |
.Fl B |
.Op Fl f Ar input_keyfile |
.Op Fl f Ar input_keyfile |
.Nm ssh-keygen |
|
.Fl D Ar reader |
|
.Nm ssh-keygen |
|
.Fl U Ar reader |
|
.Op Fl f Ar input_keyfile |
|
.Sh DESCRIPTION |
.Sh DESCRIPTION |
.Nm |
.Nm |
generates, manages and converts authentication keys for |
generates, manages and converts authentication keys for |
.Xr ssh 1 . |
.Xr ssh 1 . |
.Nm |
.Nm |
can create RSA keys for use by SSH protocol version 1 and RSA or DSA |
defaults to generating a RSA1 key for use by SSH protocol version 1. |
keys for use by SSH protocol version 2. The type of key to be generated |
specifying the |
is specified with the |
|
.Fl t |
.Fl t |
option. |
option allows you to create a key for use by SSH protocol version 2. |
.Pp |
.Pp |
Normally each user wishing to use SSH |
Normally each user wishing to use SSH |
with RSA or DSA authentication runs this once to create the authentication |
with RSA or DSA authentication runs this once to create the authentication |
|
|
The passphrase may be empty to indicate no passphrase |
The passphrase may be empty to indicate no passphrase |
(host keys must have an empty passphrase), or it may be a string of |
(host keys must have an empty passphrase), or it may be a string of |
arbitrary length. |
arbitrary length. |
A passphrase is similar to a password, except it can be a phrase with a |
Good passphrases are 10-30 characters long and are |
series of words, punctuation, numbers, whitespace, or any string of |
|
characters you want. |
|
Good passphrases are 10-30 characters long, are |
|
not simple sentences or otherwise easily guessable (English |
not simple sentences or otherwise easily guessable (English |
prose has only 1-2 bits of entropy per character, and provides very bad |
prose has only 1-2 bits of entropy per word, and provides very bad |
passphrases), and contain a mix of upper and lowercase letters, |
passphrases). |
numbers, and non-alphanumeric characters. |
|
The passphrase can be changed later by using the |
The passphrase can be changed later by using the |
.Fl p |
.Fl p |
option. |
option. |
.Pp |
.Pp |
There is no way to recover a lost passphrase. |
There is no way to recover a lost passphrase. |
If the passphrase is |
If the passphrase is |
lost or forgotten, a new key must be generated and copied to the |
lost or forgotten, you will have to generate a new key and copy the |
corresponding public key to other machines. |
corresponding public key to other machines. |
.Pp |
.Pp |
For RSA1 keys, |
For RSA1 keys, |
|
|
The default is 1024 bits. |
The default is 1024 bits. |
.It Fl c |
.It Fl c |
Requests changing the comment in the private and public key files. |
Requests changing the comment in the private and public key files. |
This operation is only supported for RSA1 keys. |
|
The program will prompt for the file containing the private keys, for |
The program will prompt for the file containing the private keys, for |
the passphrase if the key has one, and for the new comment. |
the passphrase if the key has one, and for the new comment. |
.It Fl e |
.It Fl e |
|
|
to stdout. |
to stdout. |
This option allows exporting keys for use by several commercial |
This option allows exporting keys for use by several commercial |
SSH implementations. |
SSH implementations. |
.It Fl f Ar filename |
.It Fl f |
Specifies the filename of the key file. |
Specifies the filename of the key file. |
.It Fl i |
.It Fl i |
This option will read an unencrypted private (or public) key file |
This option will read an unencrypted private (or public) key file |
|
|
This option allows importing keys from several commercial |
This option allows importing keys from several commercial |
SSH implementations. |
SSH implementations. |
.It Fl l |
.It Fl l |
Show fingerprint of specified public key file. |
Show fingerprint of specified private or public key file. |
Private RSA1 keys are also supported. |
|
For RSA and DSA keys |
|
.Nm |
|
tries to find the matching public key file and prints its fingerprint. |
|
.It Fl p |
.It Fl p |
Requests changing the passphrase of a private key file instead of |
Requests changing the passphrase of a private key file instead of |
creating a new private key. |
creating a new private key. |
|
|
or |
or |
.Dq dsa |
.Dq dsa |
for protocol version 2. |
for protocol version 2. |
|
The default is |
|
.Dq rsa1 . |
.It Fl B |
.It Fl B |
Show the bubblebabble digest of specified private or public key file. |
Show the bubblebabble digest of specified private or public key file. |
.It Fl C Ar comment |
.It Fl C Ar comment |
Provides the new comment. |
Provides the new comment. |
.It Fl D Ar reader |
|
Download the RSA public key stored in the smartcard in |
|
.Ar reader . |
|
.It Fl N Ar new_passphrase |
.It Fl N Ar new_passphrase |
Provides the new passphrase. |
Provides the new passphrase. |
.It Fl P Ar passphrase |
.It Fl P Ar passphrase |
Provides the (old) passphrase. |
Provides the (old) passphrase. |
.It Fl U Ar reader |
|
Upload an existing RSA private key into the smartcard in |
|
.Ar reader . |
|
.El |
.El |
.Sh FILES |
.Sh FILES |
.Bl -tag -width Ds |
.Bl -tag -width Ds |
|
|
This file is not automatically accessed by |
This file is not automatically accessed by |
.Nm |
.Nm |
but it is offered as the default file for the private key. |
but it is offered as the default file for the private key. |
.Xr ssh 1 |
.Xr sshd 8 |
will read this file when a login attempt is made. |
will read this file when a login attempt is made. |
.It Pa $HOME/.ssh/identity.pub |
.It Pa $HOME/.ssh/identity.pub |
Contains the protocol version 1 RSA public key for authentication. |
Contains the protocol version 1 RSA public key for authentication. |
The contents of this file should be added to |
The contents of this file should be added to |
.Pa $HOME/.ssh/authorized_keys |
.Pa $HOME/.ssh/authorized_keys |
on all machines |
on all machines |
where the user wishes to log in using RSA authentication. |
where you wish to log in using RSA authentication. |
There is no need to keep the contents of this file secret. |
There is no need to keep the contents of this file secret. |
.It Pa $HOME/.ssh/id_dsa |
.It Pa $HOME/.ssh/id_dsa |
Contains the protocol version 2 DSA authentication identity of the user. |
Contains the protocol version 2 DSA authentication identity of the user. |
|
|
This file is not automatically accessed by |
This file is not automatically accessed by |
.Nm |
.Nm |
but it is offered as the default file for the private key. |
but it is offered as the default file for the private key. |
.Xr ssh 1 |
.Xr sshd 8 |
will read this file when a login attempt is made. |
will read this file when a login attempt is made. |
.It Pa $HOME/.ssh/id_dsa.pub |
.It Pa $HOME/.ssh/id_dsa.pub |
Contains the protocol version 2 DSA public key for authentication. |
Contains the protocol version 2 DSA public key for authentication. |
The contents of this file should be added to |
The contents of this file should be added to |
.Pa $HOME/.ssh/authorized_keys |
.Pa $HOME/.ssh/authorized_keys2 |
on all machines |
on all machines |
where the user wishes to log in using public key authentication. |
where you wish to log in using public key authentication. |
There is no need to keep the contents of this file secret. |
There is no need to keep the contents of this file secret. |
.It Pa $HOME/.ssh/id_rsa |
.It Pa $HOME/.ssh/id_rsa |
Contains the protocol version 2 RSA authentication identity of the user. |
Contains the protocol version 2 RSA authentication identity of the user. |
|
|
This file is not automatically accessed by |
This file is not automatically accessed by |
.Nm |
.Nm |
but it is offered as the default file for the private key. |
but it is offered as the default file for the private key. |
.Xr ssh 1 |
.Xr sshd 8 |
will read this file when a login attempt is made. |
will read this file when a login attempt is made. |
.It Pa $HOME/.ssh/id_rsa.pub |
.It Pa $HOME/.ssh/id_rsa.pub |
Contains the protocol version 2 RSA public key for authentication. |
Contains the protocol version 2 RSA public key for authentication. |
The contents of this file should be added to |
The contents of this file should be added to |
.Pa $HOME/.ssh/authorized_keys |
.Pa $HOME/.ssh/authorized_keys2 |
on all machines |
on all machines |
where the user wishes to log in using public key authentication. |
where you wish to log in using public key authentication. |
There is no need to keep the contents of this file secret. |
There is no need to keep the contents of this file secret. |
.El |
.El |
.Sh AUTHORS |
.Sh AUTHORS |