version 1.63, 2004/08/13 00:01:43 |
version 1.63.2.1, 2005/03/10 16:28:28 |
|
|
.Nm ssh-keygen |
.Nm ssh-keygen |
.Fl D Ar reader |
.Fl D Ar reader |
.Nm ssh-keygen |
.Nm ssh-keygen |
|
.Fl F Ar hostname |
|
.Op Fl f Ar known_hosts_file |
|
.Nm ssh-keygen |
|
.Fl H |
|
.Op Fl f Ar known_hosts_file |
|
.Nm ssh-keygen |
|
.Fl R Ar hostname |
|
.Op Fl f Ar known_hosts_file |
|
.Nm ssh-keygen |
.Fl U Ar reader |
.Fl U Ar reader |
.Op Fl f Ar input_keyfile |
.Op Fl f Ar input_keyfile |
.Nm ssh-keygen |
.Nm ssh-keygen |
|
|
candidates using the |
candidates using the |
.Fl T |
.Fl T |
command. |
command. |
|
.It Fl B |
|
Show the bubblebabble digest of specified private or public key file. |
.It Fl b Ar bits |
.It Fl b Ar bits |
Specifies the number of bits in the key to create. |
Specifies the number of bits in the key to create. |
Minimum is 512 bits. |
Minimum is 512 bits. |
Generally, 1024 bits is considered sufficient. |
Generally, 1024 bits is considered sufficient. |
The default is 1024 bits. |
The default is 1024 bits. |
|
.It Fl C Ar comment |
|
Provides a new comment. |
.It Fl c |
.It Fl c |
Requests changing the comment in the private and public key files. |
Requests changing the comment in the private and public key files. |
This operation is only supported for RSA1 keys. |
This operation is only supported for RSA1 keys. |
The program will prompt for the file containing the private keys, for |
The program will prompt for the file containing the private keys, for |
the passphrase if the key has one, and for the new comment. |
the passphrase if the key has one, and for the new comment. |
|
.It Fl D Ar reader |
|
Download the RSA public key stored in the smartcard in |
|
.Ar reader . |
.It Fl e |
.It Fl e |
This option will read a private or public OpenSSH key file and |
This option will read a private or public OpenSSH key file and |
print the key in a |
print the key in a |
|
|
to stdout. |
to stdout. |
This option allows exporting keys for use by several commercial |
This option allows exporting keys for use by several commercial |
SSH implementations. |
SSH implementations. |
|
.It Fl F Ar hostname |
|
Search for the specified |
|
.Ar hostname |
|
in a |
|
.Pa known_hosts |
|
file, listing any occurrences found. |
|
This option is useful to find hashed host names or addresses and may also be |
|
used in conjunction with the |
|
.Fl H |
|
option to print found keys in a hashed format. |
|
.It Fl f Ar filename |
|
Specifies the filename of the key file. |
|
.It Fl G Ar output_file |
|
Generate candidate primes for DH-GEX. |
|
These primes must be screened for |
|
safety (using the |
|
.Fl T |
|
option) before use. |
.It Fl g |
.It Fl g |
Use generic DNS format when printing fingerprint resource records using the |
Use generic DNS format when printing fingerprint resource records using the |
.Fl r |
.Fl r |
command. |
command. |
.It Fl f Ar filename |
.It Fl H |
Specifies the filename of the key file. |
Hash a |
|
.Pa known_hosts |
|
file, printing the result to standard output. |
|
This replaces all hostnames and addresses with hashed representations. |
|
These hashes may be used normally by |
|
.Nm ssh |
|
and |
|
.Nm sshd , |
|
but they do not reveal identifying information should the file's contents |
|
be disclosed. |
|
This option will not modify existing hashed hostnames and is therefore safe |
|
to use on files that mix hashed and non-hashed names. |
.It Fl i |
.It Fl i |
This option will read an unencrypted private (or public) key file |
This option will read an unencrypted private (or public) key file |
in SSH2-compatible format and print an OpenSSH compatible private |
in SSH2-compatible format and print an OpenSSH compatible private |
|
|
For RSA and DSA keys |
For RSA and DSA keys |
.Nm |
.Nm |
tries to find the matching public key file and prints its fingerprint. |
tries to find the matching public key file and prints its fingerprint. |
|
.It Fl M Ar memory |
|
Specify the amount of memory to use (in megabytes) when generating |
|
candidate moduli for DH-GEX. |
|
.It Fl N Ar new_passphrase |
|
Provides the new passphrase. |
|
.It Fl P Ar passphrase |
|
Provides the (old) passphrase. |
.It Fl p |
.It Fl p |
Requests changing the passphrase of a private key file instead of |
Requests changing the passphrase of a private key file instead of |
creating a new private key. |
creating a new private key. |
|
|
Used by |
Used by |
.Pa /etc/rc |
.Pa /etc/rc |
when creating a new key. |
when creating a new key. |
.It Fl y |
.It Fl R Ar hostname |
This option will read a private |
Removes all keys belonging to |
OpenSSH format file and print an OpenSSH public key to stdout. |
.Ar hostname |
|
from a |
|
.Pa known_hosts |
|
file. |
|
This option is useful to delete hashed hosts (see the |
|
.Fl H |
|
option above). |
|
.It Fl r Ar hostname |
|
Print the SSHFP fingerprint resource record named |
|
.Ar hostname |
|
for the specified public key file. |
|
.It Fl S Ar start |
|
Specify start point (in hex) when generating candidate moduli for DH-GEX. |
|
.It Fl T Ar output_file |
|
Test DH group exchange candidate primes (generated using the |
|
.Fl G |
|
option) for safety. |
.It Fl t Ar type |
.It Fl t Ar type |
Specifies the type of the key to create. |
Specifies the type of key to create. |
The possible values are |
The possible values are |
.Dq rsa1 |
.Dq rsa1 |
for protocol version 1 and |
for protocol version 1 and |
|
|
or |
or |
.Dq dsa |
.Dq dsa |
for protocol version 2. |
for protocol version 2. |
.It Fl B |
|
Show the bubblebabble digest of specified private or public key file. |
|
.It Fl C Ar comment |
|
Provides the new comment. |
|
.It Fl D Ar reader |
|
Download the RSA public key stored in the smartcard in |
|
.Ar reader . |
|
.It Fl G Ar output_file |
|
Generate candidate primes for DH-GEX. |
|
These primes must be screened for |
|
safety (using the |
|
.Fl T |
|
option) before use. |
|
.It Fl M Ar memory |
|
Specify the amount of memory to use (in megabytes) when generating |
|
candidate moduli for DH-GEX. |
|
.It Fl N Ar new_passphrase |
|
Provides the new passphrase. |
|
.It Fl P Ar passphrase |
|
Provides the (old) passphrase. |
|
.It Fl S Ar start |
|
Specify start point (in hex) when generating candidate moduli for DH-GEX. |
|
.It Fl T Ar output_file |
|
Test DH group exchange candidate primes (generated using the |
|
.Fl G |
|
option) for safety. |
|
.It Fl W Ar generator |
|
Specify desired generator when testing candidate moduli for DH-GEX. |
|
.It Fl U Ar reader |
.It Fl U Ar reader |
Upload an existing RSA private key into the smartcard in |
Upload an existing RSA private key into the smartcard in |
.Ar reader . |
.Ar reader . |
|
|
.Fl v |
.Fl v |
options increase the verbosity. |
options increase the verbosity. |
The maximum is 3. |
The maximum is 3. |
.It Fl r Ar hostname |
.It Fl W Ar generator |
Print the SSHFP fingerprint resource record named |
Specify desired generator when testing candidate moduli for DH-GEX. |
.Ar hostname |
.It Fl y |
for the specified public key file. |
This option will read a private |
|
OpenSSH format file and print an OpenSSH public key to stdout. |
.El |
.El |
.Sh MODULI GENERATION |
.Sh MODULI GENERATION |
.Nm |
.Nm |
|
|
option. |
option. |
For example: |
For example: |
.Pp |
.Pp |
.Dl ssh-keygen -G moduli-2048.candidates -b 2048 |
.Dl # ssh-keygen -G moduli-2048.candidates -b 2048 |
.Pp |
.Pp |
By default, the search for primes begins at a random point in the |
By default, the search for primes begins at a random point in the |
desired length range. |
desired length range. |
|
|
option). |
option). |
For example: |
For example: |
.Pp |
.Pp |
.Dl ssh-keygen -T moduli-2048 -f moduli-2048.candidates |
.Dl # ssh-keygen -T moduli-2048 -f moduli-2048.candidates |
.Pp |
.Pp |
By default, each candidate will be subjected to 100 primality tests. |
By default, each candidate will be subjected to 100 primality tests. |
This may be overridden using the |
This may be overridden using the |
|
|
If a specific generator is desired, it may be requested using the |
If a specific generator is desired, it may be requested using the |
.Fl W |
.Fl W |
option. |
option. |
Valid generator values are 2, 3 and 5. |
Valid generator values are 2, 3, and 5. |
.Pp |
.Pp |
Screened DH groups may be installed in |
Screened DH groups may be installed in |
.Pa /etc/moduli . |
.Pa /etc/moduli . |