version 1.99, 2010/08/31 11:54:45 |
version 1.100, 2010/09/10 15:19:29 |
|
|
generates, manages and converts authentication keys for |
generates, manages and converts authentication keys for |
.Xr ssh 1 . |
.Xr ssh 1 . |
.Nm |
.Nm |
can create RSA keys for use by SSH protocol version 1 and RSA, DSA or ECDSA |
can create RSA keys for use by SSH protocol version 1 and DSA, ECDSA or RSA |
keys for use by SSH protocol version 2. |
keys for use by SSH protocol version 2. |
The type of key to be generated is specified with the |
The type of key to be generated is specified with the |
.Fl t |
.Fl t |
|
|
The possible values are |
The possible values are |
.Dq rsa1 |
.Dq rsa1 |
for protocol version 1 and |
for protocol version 1 and |
.Dq rsa |
.Dq dsa , |
|
.Dq ecdsa |
or |
or |
.Dq dsa |
.Dq rsa |
for protocol version 2. |
for protocol version 2. |
.It Fl V Ar validity_interval |
.It Fl V Ar validity_interval |
Specify a validity interval when signing a certificate. |
Specify a validity interval when signing a certificate. |
|
|
.Xr ssh 1 . |
.Xr ssh 1 . |
Please refer to those manual pages for details. |
Please refer to those manual pages for details. |
.Sh FILES |
.Sh FILES |
.Bl -tag -width Ds |
.Bl -tag -width Ds -compact |
.It Pa ~/.ssh/identity |
.It Pa ~/.ssh/identity |
Contains the protocol version 1 RSA authentication identity of the user. |
Contains the protocol version 1 RSA authentication identity of the user. |
This file should not be readable by anyone but the user. |
This file should not be readable by anyone but the user. |
It is possible to |
It is possible to |
specify a passphrase when generating the key; that passphrase will be |
specify a passphrase when generating the key; that passphrase will be |
used to encrypt the private part of this file using 128-bit AES. |
used to encrypt the private part of this file using 3DES. |
This file is not automatically accessed by |
This file is not automatically accessed by |
.Nm |
.Nm |
but it is offered as the default file for the private key. |
but it is offered as the default file for the private key. |
.Xr ssh 1 |
.Xr ssh 1 |
will read this file when a login attempt is made. |
will read this file when a login attempt is made. |
|
.Pp |
.It Pa ~/.ssh/identity.pub |
.It Pa ~/.ssh/identity.pub |
Contains the protocol version 1 RSA public key for authentication. |
Contains the protocol version 1 RSA public key for authentication. |
The contents of this file should be added to |
The contents of this file should be added to |
|
|
on all machines |
on all machines |
where the user wishes to log in using RSA authentication. |
where the user wishes to log in using RSA authentication. |
There is no need to keep the contents of this file secret. |
There is no need to keep the contents of this file secret. |
|
.Pp |
.It Pa ~/.ssh/id_dsa |
.It Pa ~/.ssh/id_dsa |
Contains the protocol version 2 DSA authentication identity of the user. |
.It Pa ~/.ssh/id_ecdsa |
This file should not be readable by anyone but the user. |
|
It is possible to |
|
specify a passphrase when generating the key; that passphrase will be |
|
used to encrypt the private part of this file using 128-bit AES. |
|
This file is not automatically accessed by |
|
.Nm |
|
but it is offered as the default file for the private key. |
|
.Xr ssh 1 |
|
will read this file when a login attempt is made. |
|
.It Pa ~/.ssh/id_dsa.pub |
|
Contains the protocol version 2 DSA public key for authentication. |
|
The contents of this file should be added to |
|
.Pa ~/.ssh/authorized_keys |
|
on all machines |
|
where the user wishes to log in using public key authentication. |
|
There is no need to keep the contents of this file secret. |
|
.It Pa ~/.ssh/id_rsa |
.It Pa ~/.ssh/id_rsa |
Contains the protocol version 2 RSA authentication identity of the user. |
Contains the protocol version 2 DSA, ECDSA or RSA authentication identity of the user. |
This file should not be readable by anyone but the user. |
This file should not be readable by anyone but the user. |
It is possible to |
It is possible to |
specify a passphrase when generating the key; that passphrase will be |
specify a passphrase when generating the key; that passphrase will be |
|
|
but it is offered as the default file for the private key. |
but it is offered as the default file for the private key. |
.Xr ssh 1 |
.Xr ssh 1 |
will read this file when a login attempt is made. |
will read this file when a login attempt is made. |
|
.Pp |
|
.It Pa ~/.ssh/id_dsa.pub |
|
.It Pa ~/.ssh/id_ecdsa.pub |
.It Pa ~/.ssh/id_rsa.pub |
.It Pa ~/.ssh/id_rsa.pub |
Contains the protocol version 2 RSA public key for authentication. |
Contains the protocol version 2 DSA, ECDSA or RSA public key for authentication. |
The contents of this file should be added to |
The contents of this file should be added to |
.Pa ~/.ssh/authorized_keys |
.Pa ~/.ssh/authorized_keys |
on all machines |
on all machines |
where the user wishes to log in using public key authentication. |
where the user wishes to log in using public key authentication. |
There is no need to keep the contents of this file secret. |
There is no need to keep the contents of this file secret. |
|
.Pp |
.It Pa /etc/moduli |
.It Pa /etc/moduli |
Contains Diffie-Hellman groups used for DH-GEX. |
Contains Diffie-Hellman groups used for DH-GEX. |
The file format is described in |
The file format is described in |