=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh-keygen.1,v retrieving revision 1.23.2.4 retrieving revision 1.23.2.5 diff -u -r1.23.2.4 -r1.23.2.5 --- src/usr.bin/ssh/ssh-keygen.1 2001/05/07 21:09:35 1.23.2.4 +++ src/usr.bin/ssh/ssh-keygen.1 2001/09/27 00:15:42 1.23.2.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.23.2.4 2001/05/07 21:09:35 jason Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.23.2.5 2001/09/27 00:15:42 miod Exp $ .\" .\" -*- nroff -*- .\" @@ -76,15 +76,20 @@ .Nm ssh-keygen .Fl B .Op Fl f Ar input_keyfile +.Nm ssh-keygen +.Fl D Ar reader +.Nm ssh-keygen +.Fl U Ar reader +.Op Fl f Ar input_keyfile .Sh DESCRIPTION .Nm generates, manages and converts authentication keys for .Xr ssh 1 . .Nm defaults to generating a RSA1 key for use by SSH protocol version 1. -specifying the +Specifying the .Fl t -option allows you to create a key for use by SSH protocol version 2. +option instead creates a key for use by SSH protocol version 2. .Pp Normally each user wishing to use SSH with RSA or DSA authentication runs this once to create the authentication @@ -108,7 +113,7 @@ arbitrary length. Good passphrases are 10-30 characters long and are not simple sentences or otherwise easily guessable (English -prose has only 1-2 bits of entropy per word, and provides very bad +prose has only 1-2 bits of entropy per character, and provides very bad passphrases). The passphrase can be changed later by using the .Fl p @@ -116,7 +121,7 @@ .Pp There is no way to recover a lost passphrase. If the passphrase is -lost or forgotten, you will have to generate a new key and copy the +lost or forgotten, a new key must be generated and copied to the corresponding public key to other machines. .Pp For RSA1 keys, @@ -143,7 +148,7 @@ .It Fl c Requests changing the comment in the private and public key files. The program will prompt for the file containing the private keys, for -passphrase if the key has one, and for the new comment. +the passphrase if the key has one, and for the new comment. .It Fl e This option will read a private or public OpenSSH key file and print the key in a @@ -151,7 +156,7 @@ to stdout. This option allows exporting keys for use by several commercial SSH implementations. -.It Fl f +.It Fl f Ar filename Specifies the filename of the key file. .It Fl i This option will read an unencrypted private (or public) key file @@ -194,10 +199,16 @@ Show the bubblebabble digest of specified private or public key file. .It Fl C Ar comment Provides the new comment. +.It Fl D Ar reader +Download the RSA public key stored in the smartcard in +.Ar reader . .It Fl N Ar new_passphrase Provides the new passphrase. .It Fl P Ar passphrase Provides the (old) passphrase. +.It Fl U Ar reader +Upload an existing RSA private key into the smartcard in +.Ar reader . .El .Sh FILES .Bl -tag -width Ds @@ -210,14 +221,14 @@ This file is not automatically accessed by .Nm but it is offered as the default file for the private key. -.Xr sshd 8 +.Xr ssh 1 will read this file when a login attempt is made. .It Pa $HOME/.ssh/identity.pub Contains the protocol version 1 RSA public key for authentication. The contents of this file should be added to .Pa $HOME/.ssh/authorized_keys on all machines -where you wish to log in using RSA authentication. +where the user wishes to log in using RSA authentication. There is no need to keep the contents of this file secret. .It Pa $HOME/.ssh/id_dsa Contains the protocol version 2 DSA authentication identity of the user. @@ -228,14 +239,14 @@ This file is not automatically accessed by .Nm but it is offered as the default file for the private key. -.Xr sshd 8 +.Xr ssh 1 will read this file when a login attempt is made. .It Pa $HOME/.ssh/id_dsa.pub Contains the protocol version 2 DSA public key for authentication. The contents of this file should be added to -.Pa $HOME/.ssh/authorized_keys2 +.Pa $HOME/.ssh/authorized_keys on all machines -where you wish to log in using public key authentication. +where the user wishes to log in using public key authentication. There is no need to keep the contents of this file secret. .It Pa $HOME/.ssh/id_rsa Contains the protocol version 2 RSA authentication identity of the user. @@ -246,14 +257,14 @@ This file is not automatically accessed by .Nm but it is offered as the default file for the private key. -.Xr sshd 8 +.Xr ssh 1 will read this file when a login attempt is made. .It Pa $HOME/.ssh/id_rsa.pub Contains the protocol version 2 RSA public key for authentication. The contents of this file should be added to -.Pa $HOME/.ssh/authorized_keys2 +.Pa $HOME/.ssh/authorized_keys on all machines -where you wish to log in using public key authentication. +where the user wishes to log in using public key authentication. There is no need to keep the contents of this file secret. .El .Sh AUTHORS