1.\" $OpenBSD: ssh-keygen.1,v 1.101 2010/10/28 18:33:28 jmc Exp $ 2.\" $FreeBSD: head/crypto/openssh/ssh-keygen.1 221420 2011-05-04 07:34:44Z des $ |
3.\" |
4.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 5.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 6.\" All rights reserved 7.\" 8.\" As far as I am concerned, the code I have written for this software 9.\" can be used freely for any purpose. Any derived versions of this 10.\" software must be clearly marked as such, and if the derived work is 11.\" incompatible with the protocol description in the RFC file, it must be --- 19 unchanged lines hidden (view full) --- 31.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 32.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 33.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 34.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 35.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 36.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 37.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 38.\" |
39.Dd October 28, 2010 |
40.Dt SSH-KEYGEN 1 41.Os 42.Sh NAME 43.Nm ssh-keygen 44.Nd authentication key generation, management and conversion 45.Sh SYNOPSIS 46.Bk -words 47.Nm ssh-keygen --- 71 unchanged lines hidden (view full) --- 119.Fl L 120.Op Fl f Ar input_keyfile 121.Ek 122.Sh DESCRIPTION 123.Nm 124generates, manages and converts authentication keys for 125.Xr ssh 1 . 126.Nm |
127can create RSA keys for use by SSH protocol version 1 and DSA, ECDSA or RSA |
128keys for use by SSH protocol version 2. 129The type of key to be generated is specified with the 130.Fl t 131option. 132If invoked without any arguments, 133.Nm 134will generate an RSA key for use in SSH protocol 2 connections. 135.Pp 136.Nm 137is also used to generate groups for use in Diffie-Hellman group 138exchange (DH-GEX). 139See the 140.Sx MODULI GENERATION 141section for details. 142.Pp 143Normally each user wishing to use SSH |
144with public key authentication runs this once to create the authentication |
145key in 146.Pa ~/.ssh/identity , |
147.Pa ~/.ssh/id_ecdsa , |
148.Pa ~/.ssh/id_dsa 149or 150.Pa ~/.ssh/id_rsa . 151Additionally, the system administrator may use this to generate host keys, 152as seen in 153.Pa /etc/rc . 154.Pp 155Normally this program generates the key and asks for a file in which --- 265 unchanged lines hidden (view full) --- 421Test DH group exchange candidate primes (generated using the 422.Fl G 423option) for safety. 424.It Fl t Ar type 425Specifies the type of key to create. 426The possible values are 427.Dq rsa1 428for protocol version 1 and |
429.Dq dsa , 430.Dq ecdsa |
431or |
432.Dq rsa |
433for protocol version 2. 434.It Fl V Ar validity_interval 435Specify a validity interval when signing a certificate. 436A validity interval may consist of a single time, indicating that the 437certificate is valid beginning now and expiring at that time, or may consist 438of two times separated by a colon to indicate an explicit time interval. 439The start time may be specified as a date in YYYYMMDD format, a time 440in YYYYMMDDHHMMSS format or a relative time (to the current time) consisting --- 160 unchanged lines hidden (view full) --- 601.Pp 602For certificates to be used for user or host authentication, the CA 603public key must be trusted by 604.Xr sshd 8 605or 606.Xr ssh 1 . 607Please refer to those manual pages for details. 608.Sh FILES |
609.Bl -tag -width Ds -compact |
610.It Pa ~/.ssh/identity 611Contains the protocol version 1 RSA authentication identity of the user. 612This file should not be readable by anyone but the user. 613It is possible to 614specify a passphrase when generating the key; that passphrase will be |
615used to encrypt the private part of this file using 3DES. |
616This file is not automatically accessed by 617.Nm 618but it is offered as the default file for the private key. 619.Xr ssh 1 620will read this file when a login attempt is made. |
621.Pp |
622.It Pa ~/.ssh/identity.pub 623Contains the protocol version 1 RSA public key for authentication. 624The contents of this file should be added to 625.Pa ~/.ssh/authorized_keys 626on all machines 627where the user wishes to log in using RSA authentication. 628There is no need to keep the contents of this file secret. |
629.Pp |
630.It Pa ~/.ssh/id_dsa |
631.It Pa ~/.ssh/id_ecdsa |
632.It Pa ~/.ssh/id_rsa |
633Contains the protocol version 2 DSA, ECDSA or RSA authentication identity of the user. |
634This file should not be readable by anyone but the user. 635It is possible to 636specify a passphrase when generating the key; that passphrase will be 637used to encrypt the private part of this file using 128-bit AES. 638This file is not automatically accessed by 639.Nm 640but it is offered as the default file for the private key. 641.Xr ssh 1 642will read this file when a login attempt is made. |
643.Pp 644.It Pa ~/.ssh/id_dsa.pub 645.It Pa ~/.ssh/id_ecdsa.pub |
646.It Pa ~/.ssh/id_rsa.pub |
647Contains the protocol version 2 DSA, ECDSA or RSA public key for authentication. |
648The contents of this file should be added to 649.Pa ~/.ssh/authorized_keys 650on all machines 651where the user wishes to log in using public key authentication. 652There is no need to keep the contents of this file secret. |
653.Pp |
654.It Pa /etc/moduli 655Contains Diffie-Hellman groups used for DH-GEX. 656The file format is described in 657.Xr moduli 5 . 658.El 659.Sh SEE ALSO 660.Xr ssh 1 , 661.Xr ssh-add 1 , --- 17 unchanged lines hidden --- |