| version 1.63, 2004/08/13 00:01:43 |
version 1.63.2.1, 2005/03/10 16:28:28 |
|
|
| .Nm ssh-keygen |
.Nm ssh-keygen |
| .Fl D Ar reader |
.Fl D Ar reader |
| .Nm ssh-keygen |
.Nm ssh-keygen |
| |
.Fl F Ar hostname |
| |
.Op Fl f Ar known_hosts_file |
| |
.Nm ssh-keygen |
| |
.Fl H |
| |
.Op Fl f Ar known_hosts_file |
| |
.Nm ssh-keygen |
| |
.Fl R Ar hostname |
| |
.Op Fl f Ar known_hosts_file |
| |
.Nm ssh-keygen |
| .Fl U Ar reader |
.Fl U Ar reader |
| .Op Fl f Ar input_keyfile |
.Op Fl f Ar input_keyfile |
| .Nm ssh-keygen |
.Nm ssh-keygen |
|
|
| candidates using the |
candidates using the |
| .Fl T |
.Fl T |
| command. |
command. |
| |
.It Fl B |
| |
Show the bubblebabble digest of specified private or public key file. |
| .It Fl b Ar bits |
.It Fl b Ar bits |
| Specifies the number of bits in the key to create. |
Specifies the number of bits in the key to create. |
| Minimum is 512 bits. |
Minimum is 512 bits. |
| Generally, 1024 bits is considered sufficient. |
Generally, 1024 bits is considered sufficient. |
| The default is 1024 bits. |
The default is 1024 bits. |
| |
.It Fl C Ar comment |
| |
Provides a new comment. |
| .It Fl c |
.It Fl c |
| Requests changing the comment in the private and public key files. |
Requests changing the comment in the private and public key files. |
| This operation is only supported for RSA1 keys. |
This operation is only supported for RSA1 keys. |
| The program will prompt for the file containing the private keys, for |
The program will prompt for the file containing the private keys, for |
| the passphrase if the key has one, and for the new comment. |
the passphrase if the key has one, and for the new comment. |
| |
.It Fl D Ar reader |
| |
Download the RSA public key stored in the smartcard in |
| |
.Ar reader . |
| .It Fl e |
.It Fl e |
| This option will read a private or public OpenSSH key file and |
This option will read a private or public OpenSSH key file and |
| print the key in a |
print the key in a |
|
|
| to stdout. |
to stdout. |
| This option allows exporting keys for use by several commercial |
This option allows exporting keys for use by several commercial |
| SSH implementations. |
SSH implementations. |
| |
.It Fl F Ar hostname |
| |
Search for the specified |
| |
.Ar hostname |
| |
in a |
| |
.Pa known_hosts |
| |
file, listing any occurrences found. |
| |
This option is useful to find hashed host names or addresses and may also be |
| |
used in conjunction with the |
| |
.Fl H |
| |
option to print found keys in a hashed format. |
| |
.It Fl f Ar filename |
| |
Specifies the filename of the key file. |
| |
.It Fl G Ar output_file |
| |
Generate candidate primes for DH-GEX. |
| |
These primes must be screened for |
| |
safety (using the |
| |
.Fl T |
| |
option) before use. |
| .It Fl g |
.It Fl g |
| Use generic DNS format when printing fingerprint resource records using the |
Use generic DNS format when printing fingerprint resource records using the |
| .Fl r |
.Fl r |
| command. |
command. |
| .It Fl f Ar filename |
.It Fl H |
| Specifies the filename of the key file. |
Hash a |
| |
.Pa known_hosts |
| |
file, printing the result to standard output. |
| |
This replaces all hostnames and addresses with hashed representations. |
| |
These hashes may be used normally by |
| |
.Nm ssh |
| |
and |
| |
.Nm sshd , |
| |
but they do not reveal identifying information should the file's contents |
| |
be disclosed. |
| |
This option will not modify existing hashed hostnames and is therefore safe |
| |
to use on files that mix hashed and non-hashed names. |
| .It Fl i |
.It Fl i |
| This option will read an unencrypted private (or public) key file |
This option will read an unencrypted private (or public) key file |
| in SSH2-compatible format and print an OpenSSH compatible private |
in SSH2-compatible format and print an OpenSSH compatible private |
|
|
| For RSA and DSA keys |
For RSA and DSA keys |
| .Nm |
.Nm |
| tries to find the matching public key file and prints its fingerprint. |
tries to find the matching public key file and prints its fingerprint. |
| |
.It Fl M Ar memory |
| |
Specify the amount of memory to use (in megabytes) when generating |
| |
candidate moduli for DH-GEX. |
| |
.It Fl N Ar new_passphrase |
| |
Provides the new passphrase. |
| |
.It Fl P Ar passphrase |
| |
Provides the (old) passphrase. |
| .It Fl p |
.It Fl p |
| Requests changing the passphrase of a private key file instead of |
Requests changing the passphrase of a private key file instead of |
| creating a new private key. |
creating a new private key. |
|
|
| Used by |
Used by |
| .Pa /etc/rc |
.Pa /etc/rc |
| when creating a new key. |
when creating a new key. |
| .It Fl y |
.It Fl R Ar hostname |
| This option will read a private |
Removes all keys belonging to |
| OpenSSH format file and print an OpenSSH public key to stdout. |
.Ar hostname |
| |
from a |
| |
.Pa known_hosts |
| |
file. |
| |
This option is useful to delete hashed hosts (see the |
| |
.Fl H |
| |
option above). |
| |
.It Fl r Ar hostname |
| |
Print the SSHFP fingerprint resource record named |
| |
.Ar hostname |
| |
for the specified public key file. |
| |
.It Fl S Ar start |
| |
Specify start point (in hex) when generating candidate moduli for DH-GEX. |
| |
.It Fl T Ar output_file |
| |
Test DH group exchange candidate primes (generated using the |
| |
.Fl G |
| |
option) for safety. |
| .It Fl t Ar type |
.It Fl t Ar type |
| Specifies the type of the key to create. |
Specifies the type of key to create. |
| The possible values are |
The possible values are |
| .Dq rsa1 |
.Dq rsa1 |
| for protocol version 1 and |
for protocol version 1 and |
|
|
| or |
or |
| .Dq dsa |
.Dq dsa |
| for protocol version 2. |
for protocol version 2. |
| .It Fl B |
|
| Show the bubblebabble digest of specified private or public key file. |
|
| .It Fl C Ar comment |
|
| Provides the new comment. |
|
| .It Fl D Ar reader |
|
| Download the RSA public key stored in the smartcard in |
|
| .Ar reader . |
|
| .It Fl G Ar output_file |
|
| Generate candidate primes for DH-GEX. |
|
| These primes must be screened for |
|
| safety (using the |
|
| .Fl T |
|
| option) before use. |
|
| .It Fl M Ar memory |
|
| Specify the amount of memory to use (in megabytes) when generating |
|
| candidate moduli for DH-GEX. |
|
| .It Fl N Ar new_passphrase |
|
| Provides the new passphrase. |
|
| .It Fl P Ar passphrase |
|
| Provides the (old) passphrase. |
|
| .It Fl S Ar start |
|
| Specify start point (in hex) when generating candidate moduli for DH-GEX. |
|
| .It Fl T Ar output_file |
|
| Test DH group exchange candidate primes (generated using the |
|
| .Fl G |
|
| option) for safety. |
|
| .It Fl W Ar generator |
|
| Specify desired generator when testing candidate moduli for DH-GEX. |
|
| .It Fl U Ar reader |
.It Fl U Ar reader |
| Upload an existing RSA private key into the smartcard in |
Upload an existing RSA private key into the smartcard in |
| .Ar reader . |
.Ar reader . |
|
|
| .Fl v |
.Fl v |
| options increase the verbosity. |
options increase the verbosity. |
| The maximum is 3. |
The maximum is 3. |
| .It Fl r Ar hostname |
.It Fl W Ar generator |
| Print the SSHFP fingerprint resource record named |
Specify desired generator when testing candidate moduli for DH-GEX. |
| .Ar hostname |
.It Fl y |
| for the specified public key file. |
This option will read a private |
| |
OpenSSH format file and print an OpenSSH public key to stdout. |
| .El |
.El |
| .Sh MODULI GENERATION |
.Sh MODULI GENERATION |
| .Nm |
.Nm |
|
|
| option. |
option. |
| For example: |
For example: |
| .Pp |
.Pp |
| .Dl ssh-keygen -G moduli-2048.candidates -b 2048 |
.Dl # ssh-keygen -G moduli-2048.candidates -b 2048 |
| .Pp |
.Pp |
| By default, the search for primes begins at a random point in the |
By default, the search for primes begins at a random point in the |
| desired length range. |
desired length range. |
|
|
| option). |
option). |
| For example: |
For example: |
| .Pp |
.Pp |
| .Dl ssh-keygen -T moduli-2048 -f moduli-2048.candidates |
.Dl # ssh-keygen -T moduli-2048 -f moduli-2048.candidates |
| .Pp |
.Pp |
| By default, each candidate will be subjected to 100 primality tests. |
By default, each candidate will be subjected to 100 primality tests. |
| This may be overridden using the |
This may be overridden using the |
|
|
| If a specific generator is desired, it may be requested using the |
If a specific generator is desired, it may be requested using the |
| .Fl W |
.Fl W |
| option. |
option. |
| Valid generator values are 2, 3 and 5. |
Valid generator values are 2, 3, and 5. |
| .Pp |
.Pp |
| Screened DH groups may be installed in |
Screened DH groups may be installed in |
| .Pa /etc/moduli . |
.Pa /etc/moduli . |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh-keygen.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh