| version 1.84, 2010/02/26 20:29:54 |
version 1.85, 2010/02/26 22:09:28 |
|
|
| .Op Fl a Ar num_trials |
.Op Fl a Ar num_trials |
| .Op Fl W Ar generator |
.Op Fl W Ar generator |
| .Nm ssh-keygen |
.Nm ssh-keygen |
| |
.Bk -words |
| .Fl s Ar ca_key |
.Fl s Ar ca_key |
| .Fl I Ar certificate_identity |
.Fl I Ar certificate_identity |
| .Op Fl h |
.Op Fl h |
|
|
| .Op Fl O Ar constraint |
.Op Fl O Ar constraint |
| .Op Fl V Ar validity_interval |
.Op Fl V Ar validity_interval |
| .Ar |
.Ar |
| |
.Ek |
| .Sh DESCRIPTION |
.Sh DESCRIPTION |
| .Nm |
.Nm |
| generates, manages and converts authentication keys for |
generates, manages and converts authentication keys for |
|
|
| Please see the |
Please see the |
| .Sx CERTIFICATES |
.Sx CERTIFICATES |
| section for details. |
section for details. |
| .It Fl I |
.It Fl I Ar certificate_identity |
| Specify the key identity when signing a public key. |
Specify the key identity when signing a public key. |
| Please see the |
Please see the |
| .Sx CERTIFICATES |
.Sx CERTIFICATES |
|
|
| The constraints that are valid for user certificates are: |
The constraints that are valid for user certificates are: |
| .Bl -tag -width Ds |
.Bl -tag -width Ds |
| .It Ic no-x11-forwarding |
.It Ic no-x11-forwarding |
| Disable X11 forwarding. (permitted by default) |
Disable X11 forwarding (permitted by default). |
| .It Ic no-agent-forwarding |
.It Ic no-agent-forwarding |
| Disable |
Disable |
| .Xr ssh-agent 1 |
.Xr ssh-agent 1 |
| forwarding. (permitted by default) |
forwarding (permitted by default). |
| .It Ic no-port-forwarding |
.It Ic no-port-forwarding |
| Disable port forwarding. (permitted by default) |
Disable port forwarding (permitted by default). |
| .It Ic no-pty |
.It Ic no-pty |
| Disable PTY allocation. (permitted by default) |
Disable PTY allocation (permitted by default). |
| .It Ic no-user-rc |
.It Ic no-user-rc |
| Disable execution of |
Disable execution of |
| .Pa ~/.ssh/rc |
.Pa ~/.ssh/rc |
| by |
by |
| .Xr sshd 8 . |
.Xr sshd 8 |
| (permitted by default) |
(permitted by default). |
| .It Ic clear |
.It Ic clear |
| Clear all enabled permissions. |
Clear all enabled permissions. |
| This is useful for clearing the default set of permissions so permissions may |
This is useful for clearing the default set of permissions so permissions may |
|
|
| .Nm |
.Nm |
| supports two types of certificates: user and host. |
supports two types of certificates: user and host. |
| User certificates authenticate users to servers, whereas host certificates |
User certificates authenticate users to servers, whereas host certificates |
| authenticate server hosts to users. To generate a user certificate: |
authenticate server hosts to users. |
| |
To generate a user certificate: |
| .Pp |
.Pp |
| .Dl $ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub |
.Dl $ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub |
| .Pp |
.Pp |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh-keygen.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh