version 1.84, 2010/02/26 20:29:54 |
version 1.85, 2010/02/26 22:09:28 |
|
|
.Op Fl a Ar num_trials |
.Op Fl a Ar num_trials |
.Op Fl W Ar generator |
.Op Fl W Ar generator |
.Nm ssh-keygen |
.Nm ssh-keygen |
|
.Bk -words |
.Fl s Ar ca_key |
.Fl s Ar ca_key |
.Fl I Ar certificate_identity |
.Fl I Ar certificate_identity |
.Op Fl h |
.Op Fl h |
|
|
.Op Fl O Ar constraint |
.Op Fl O Ar constraint |
.Op Fl V Ar validity_interval |
.Op Fl V Ar validity_interval |
.Ar |
.Ar |
|
.Ek |
.Sh DESCRIPTION |
.Sh DESCRIPTION |
.Nm |
.Nm |
generates, manages and converts authentication keys for |
generates, manages and converts authentication keys for |
|
|
Please see the |
Please see the |
.Sx CERTIFICATES |
.Sx CERTIFICATES |
section for details. |
section for details. |
.It Fl I |
.It Fl I Ar certificate_identity |
Specify the key identity when signing a public key. |
Specify the key identity when signing a public key. |
Please see the |
Please see the |
.Sx CERTIFICATES |
.Sx CERTIFICATES |
|
|
The constraints that are valid for user certificates are: |
The constraints that are valid for user certificates are: |
.Bl -tag -width Ds |
.Bl -tag -width Ds |
.It Ic no-x11-forwarding |
.It Ic no-x11-forwarding |
Disable X11 forwarding. (permitted by default) |
Disable X11 forwarding (permitted by default). |
.It Ic no-agent-forwarding |
.It Ic no-agent-forwarding |
Disable |
Disable |
.Xr ssh-agent 1 |
.Xr ssh-agent 1 |
forwarding. (permitted by default) |
forwarding (permitted by default). |
.It Ic no-port-forwarding |
.It Ic no-port-forwarding |
Disable port forwarding. (permitted by default) |
Disable port forwarding (permitted by default). |
.It Ic no-pty |
.It Ic no-pty |
Disable PTY allocation. (permitted by default) |
Disable PTY allocation (permitted by default). |
.It Ic no-user-rc |
.It Ic no-user-rc |
Disable execution of |
Disable execution of |
.Pa ~/.ssh/rc |
.Pa ~/.ssh/rc |
by |
by |
.Xr sshd 8 . |
.Xr sshd 8 |
(permitted by default) |
(permitted by default). |
.It Ic clear |
.It Ic clear |
Clear all enabled permissions. |
Clear all enabled permissions. |
This is useful for clearing the default set of permissions so permissions may |
This is useful for clearing the default set of permissions so permissions may |
|
|
.Nm |
.Nm |
supports two types of certificates: user and host. |
supports two types of certificates: user and host. |
User certificates authenticate users to servers, whereas host certificates |
User certificates authenticate users to servers, whereas host certificates |
authenticate server hosts to users. To generate a user certificate: |
authenticate server hosts to users. |
|
To generate a user certificate: |
.Pp |
.Pp |
.Dl $ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub |
.Dl $ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub |
.Pp |
.Pp |