===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh-keygen.1,v
retrieving revision 1.67
retrieving revision 1.67.2.2
diff -u -r1.67 -r1.67.2.2
--- src/usr.bin/ssh/ssh-keygen.1	2005/03/14 10:09:03	1.67
+++ src/usr.bin/ssh/ssh-keygen.1	2006/02/03 02:53:45	1.67.2.2
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ssh-keygen.1,v 1.67 2005/03/14 10:09:03 dtucker Exp $
+.\"	$OpenBSD: ssh-keygen.1,v 1.67.2.2 2006/02/03 02:53:45 brad Exp $
 .\"
 .\"  -*- nroff -*-
 .\"
@@ -118,6 +118,9 @@
 The type of key to be generated is specified with the
 .Fl t
 option.
+If invoked without any arguments,
+.Nm
+will generate an RSA key for use in SSH protocol 2 connections.
 .Pp
 .Nm
 is also used to generate groups for use in Diffie-Hellman group
@@ -129,10 +132,10 @@
 Normally each user wishing to use SSH
 with RSA or DSA authentication runs this once to create the authentication
 key in
-.Pa $HOME/.ssh/identity ,
-.Pa $HOME/.ssh/id_dsa
+.Pa ~/.ssh/identity ,
+.Pa ~/.ssh/id_dsa
 or
-.Pa $HOME/.ssh/id_rsa .
+.Pa ~/.ssh/id_rsa .
 Additionally, the system administrator may use this to generate host keys,
 as seen in
 .Pa /etc/rc .
@@ -187,9 +190,9 @@
 Show the bubblebabble digest of specified private or public key file.
 .It Fl b Ar bits
 Specifies the number of bits in the key to create.
-Minimum is 512 bits.
-Generally, 1024 bits is considered sufficient.
-The default is 1024 bits.
+For RSA keys, the minimum size is 768 bits and the default is 2048 bits.
+Generally, 2048 bits is considered sufficient.
+DSA keys must be exactly 1024 bits as specified by FIPS 186-2.
 .It Fl C Ar comment
 Provides a new comment.
 .It Fl c
@@ -381,7 +384,7 @@
 that both ends of a connection share common moduli.
 .Sh FILES
 .Bl -tag -width Ds
-.It Pa $HOME/.ssh/identity
+.It Pa ~/.ssh/identity
 Contains the protocol version 1 RSA authentication identity of the user.
 This file should not be readable by anyone but the user.
 It is possible to
@@ -392,14 +395,14 @@
 but it is offered as the default file for the private key.
 .Xr ssh 1
 will read this file when a login attempt is made.
-.It Pa $HOME/.ssh/identity.pub
+.It Pa ~/.ssh/identity.pub
 Contains the protocol version 1 RSA public key for authentication.
 The contents of this file should be added to
-.Pa $HOME/.ssh/authorized_keys
+.Pa ~/.ssh/authorized_keys
 on all machines
 where the user wishes to log in using RSA authentication.
 There is no need to keep the contents of this file secret.
-.It Pa $HOME/.ssh/id_dsa
+.It Pa ~/.ssh/id_dsa
 Contains the protocol version 2 DSA authentication identity of the user.
 This file should not be readable by anyone but the user.
 It is possible to
@@ -410,14 +413,14 @@
 but it is offered as the default file for the private key.
 .Xr ssh 1
 will read this file when a login attempt is made.
-.It Pa $HOME/.ssh/id_dsa.pub
+.It Pa ~/.ssh/id_dsa.pub
 Contains the protocol version 2 DSA public key for authentication.
 The contents of this file should be added to
-.Pa $HOME/.ssh/authorized_keys
+.Pa ~/.ssh/authorized_keys
 on all machines
 where the user wishes to log in using public key authentication.
 There is no need to keep the contents of this file secret.
-.It Pa $HOME/.ssh/id_rsa
+.It Pa ~/.ssh/id_rsa
 Contains the protocol version 2 RSA authentication identity of the user.
 This file should not be readable by anyone but the user.
 It is possible to
@@ -428,10 +431,10 @@
 but it is offered as the default file for the private key.
 .Xr ssh 1
 will read this file when a login attempt is made.
-.It Pa $HOME/.ssh/id_rsa.pub
+.It Pa ~/.ssh/id_rsa.pub
 Contains the protocol version 2 RSA public key for authentication.
 The contents of this file should be added to
-.Pa $HOME/.ssh/authorized_keys
+.Pa ~/.ssh/authorized_keys
 on all machines
 where the user wishes to log in using public key authentication.
 There is no need to keep the contents of this file secret.