Annotation of src/usr.bin/ssh/ssh-keygen.1, Revision 1.1
1.1 ! deraadt 1: .\" -*- nroff -*-
! 2: .\"
! 3: .\" ssh-keygen.1
! 4: .\"
! 5: .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
! 6: .\"
! 7: .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
! 8: .\" All rights reserved
! 9: .\"
! 10: .\" Created: Sat Apr 22 23:55:14 1995 ylo
! 11: .\"
! 12: .\" $Id: ssh-keygen.1,v 1.2 1999/05/04 11:59:16 bg Exp $
! 13: .\"
! 14: .TH SSH-KEYGEN 1 "November 8, 1995" "SSH" "SSH"
! 15:
! 16: .SH NAME
! 17: ssh-keygen \- authentication key generation
! 18:
! 19: .SH SYNOPSIS
! 20: .LP
! 21: .B ssh-keygen
! 22: [\c
! 23: .BI \-b \ bits\c
! 24: ]
! 25: [\c
! 26: .BI \-N \ new_passphrase\c
! 27: ]
! 28: [\c
! 29: .BI \-C \ comment\c
! 30: ]
! 31:
! 32: .B "ssh-keygen \-p
! 33: [\c
! 34: .BI \-P \ old_passphrase\c
! 35: ]
! 36: [\c
! 37: .BI \-N \ new_passphrase\c
! 38: ]
! 39:
! 40: .B "ssh-keygen \-c
! 41: [\c
! 42: .BI \-P \ passphrase\c
! 43: ]
! 44: [\c
! 45: .BI \-C \ comment\c
! 46: ]
! 47:
! 48: .SH DESCRIPTION
! 49: .LP
! 50: .B Ssh-keygen
! 51: generates and manages authentication keys for
! 52: .BR ssh (1).
! 53: Normally each user wishing to use
! 54: .B ssh
! 55: with RSA authentication runs this once to create the authentication
! 56: key in
! 57: .IR \&$HOME/\s+2.\s0ssh/identity ".
! 58: Additionally, the system administrator may use this to generate host keys.
! 59: .LP
! 60: Normally this program generates the key and asks for a file in which
! 61: to store the private key. The public key is stored in a file with the
! 62: same name but ".pub" appended. The program also asks for a
! 63: passphrase. The passphrase may be empty to indicate no passphrase
! 64: (host keys must have empty passphrase), or it may be a string of
! 65: arbitrary length. Good passphrases are 10-30 characters long and are
! 66: not simple sentences or otherwise easily guessable (English
! 67: prose has only 1-2 bits of entropy per word, and provides very bad
! 68: passphrases). The passphrase can be changed later by using the
! 69: .B \-p
! 70: option.
! 71: .LP
! 72: There is no way to recover a lost passphrase. If the passphrase is
! 73: lost or forgotten, you will have to generate a new key and copy the
! 74: corresponding public key to other machines.
! 75: .LP
! 76: There is also a comment field in the key file that is only for
! 77: convenience to the user to help identify the key. The comment can
! 78: tell what the key is for, or whatever is useful. The comment is
! 79: initialized to user@host when the key is created, but can be changed
! 80: using the
! 81: .B \-c
! 82: option.
! 83:
! 84: .SH OPTIONS
! 85: .TP 0.6i
! 86: .BI \-b \ bits
! 87: Specifies the number of bits in the key to create. Minimum is 512
! 88: bits. Generally 1024 bits is considered sufficient, and key sizes
! 89: above that no longer improve security but make things slower. The
! 90: default is 1024 bits.
! 91: .TP
! 92: .B \-c
! 93: Requests changing the comment in the private and public key files.
! 94: The program will prompt for the file containing the private keys, for
! 95: passphrase if the key has one, and for the new comment.
! 96: .TP
! 97: .B \-p
! 98: Requests changing the passphrase of a private key file instead of
! 99: creating a new private key. The program will prompt for the file
! 100: containing the private key, for the old passphrase, and twice for the
! 101: new passphrase.
! 102: .TP
! 103: .B \-C
! 104: Provides the new comment.
! 105: .TP
! 106: .B \-N
! 107: Provides the new passphrase.
! 108: .TP
! 109: .B \-P
! 110: Provides the (old) passphrase.
! 111:
! 112: .SH FILES
! 113: .TP 0.6i
! 114: .I \&$HOME/\s+2.\s0ssh/random_seed
! 115: Used for seeding the random number generator. This file should not be
! 116: readable by anyone but the user. This file is created the first time
! 117: the program is run, and is updated every time.
! 118: .TP
! 119: .I \&$HOME/\s+2.\s0ssh/identity
! 120: Contains the RSA authentication identity of the user. This file
! 121: should not be readable by anyone but the user. It is possible to
! 122: specify a passphrase when generating the key; that passphrase will be
! 123: used to encrypt the private part of this file using IDEA. This file
! 124: is not automatically accessed by
! 125: .BR ssh-keygen ",
! 126: but it is offered as the default file for the private key.
! 127: .TP
! 128: .I \&$HOME/\s+2.\s0ssh/identity.pub
! 129: Contains the public key for authentication. The contents of this file
! 130: should be added to \f4$HOME/\s+2.\s0ssh/authorized_keys\f1 on all machines
! 131: where you wish to log in using RSA authentication. There is no
! 132: need to keep the contents of this file secret.
! 133:
! 134: .SH AUTHOR
! 135: .LP
! 136: Tatu Ylonen <ylo@cs.hut.fi>
! 137:
! 138: .SH SEE ALSO
! 139: .LP
! 140: .BR ssh (1),
! 141: .BR sshd (8),
! 142: .BR ssh-agent (1),
! 143: .BR ssh-add (1)