ssh-keygen.1 (215116) | ssh-keygen.1 (221420) |
---|---|
1.\" $OpenBSD: ssh-keygen.1,v 1.98 2010/08/04 06:07:11 djm Exp $ 2.\" $FreeBSD: head/crypto/openssh/ssh-keygen.1 215116 2010-11-11 11:46:19Z des $ | 1.\" $OpenBSD: ssh-keygen.1,v 1.101 2010/10/28 18:33:28 jmc Exp $ 2.\" $FreeBSD: head/crypto/openssh/ssh-keygen.1 221420 2011-05-04 07:34:44Z des $ |
3.\" | 3.\" |
4.\" -*- nroff -*- 5.\" | |
6.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 7.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 8.\" All rights reserved 9.\" 10.\" As far as I am concerned, the code I have written for this software 11.\" can be used freely for any purpose. Any derived versions of this 12.\" software must be clearly marked as such, and if the derived work is 13.\" incompatible with the protocol description in the RFC file, it must be --- 19 unchanged lines hidden (view full) --- 33.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 34.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 35.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 36.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 37.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 38.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 39.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 40.\" | 4.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 5.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 6.\" All rights reserved 7.\" 8.\" As far as I am concerned, the code I have written for this software 9.\" can be used freely for any purpose. Any derived versions of this 10.\" software must be clearly marked as such, and if the derived work is 11.\" incompatible with the protocol description in the RFC file, it must be --- 19 unchanged lines hidden (view full) --- 31.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 32.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 33.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 34.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 35.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 36.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 37.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 38.\" |
41.Dd August 4, 2010 | 39.Dd October 28, 2010 |
42.Dt SSH-KEYGEN 1 43.Os 44.Sh NAME 45.Nm ssh-keygen 46.Nd authentication key generation, management and conversion 47.Sh SYNOPSIS 48.Bk -words 49.Nm ssh-keygen --- 71 unchanged lines hidden (view full) --- 121.Fl L 122.Op Fl f Ar input_keyfile 123.Ek 124.Sh DESCRIPTION 125.Nm 126generates, manages and converts authentication keys for 127.Xr ssh 1 . 128.Nm | 40.Dt SSH-KEYGEN 1 41.Os 42.Sh NAME 43.Nm ssh-keygen 44.Nd authentication key generation, management and conversion 45.Sh SYNOPSIS 46.Bk -words 47.Nm ssh-keygen --- 71 unchanged lines hidden (view full) --- 119.Fl L 120.Op Fl f Ar input_keyfile 121.Ek 122.Sh DESCRIPTION 123.Nm 124generates, manages and converts authentication keys for 125.Xr ssh 1 . 126.Nm |
129can create RSA keys for use by SSH protocol version 1 and RSA or DSA | 127can create RSA keys for use by SSH protocol version 1 and DSA, ECDSA or RSA |
130keys for use by SSH protocol version 2. 131The type of key to be generated is specified with the 132.Fl t 133option. 134If invoked without any arguments, 135.Nm 136will generate an RSA key for use in SSH protocol 2 connections. 137.Pp 138.Nm 139is also used to generate groups for use in Diffie-Hellman group 140exchange (DH-GEX). 141See the 142.Sx MODULI GENERATION 143section for details. 144.Pp 145Normally each user wishing to use SSH | 128keys for use by SSH protocol version 2. 129The type of key to be generated is specified with the 130.Fl t 131option. 132If invoked without any arguments, 133.Nm 134will generate an RSA key for use in SSH protocol 2 connections. 135.Pp 136.Nm 137is also used to generate groups for use in Diffie-Hellman group 138exchange (DH-GEX). 139See the 140.Sx MODULI GENERATION 141section for details. 142.Pp 143Normally each user wishing to use SSH |
146with RSA or DSA authentication runs this once to create the authentication | 144with public key authentication runs this once to create the authentication |
147key in 148.Pa ~/.ssh/identity , | 145key in 146.Pa ~/.ssh/identity , |
147.Pa ~/.ssh/id_ecdsa , |
|
149.Pa ~/.ssh/id_dsa 150or 151.Pa ~/.ssh/id_rsa . 152Additionally, the system administrator may use this to generate host keys, 153as seen in 154.Pa /etc/rc . 155.Pp 156Normally this program generates the key and asks for a file in which --- 265 unchanged lines hidden (view full) --- 422Test DH group exchange candidate primes (generated using the 423.Fl G 424option) for safety. 425.It Fl t Ar type 426Specifies the type of key to create. 427The possible values are 428.Dq rsa1 429for protocol version 1 and | 148.Pa ~/.ssh/id_dsa 149or 150.Pa ~/.ssh/id_rsa . 151Additionally, the system administrator may use this to generate host keys, 152as seen in 153.Pa /etc/rc . 154.Pp 155Normally this program generates the key and asks for a file in which --- 265 unchanged lines hidden (view full) --- 421Test DH group exchange candidate primes (generated using the 422.Fl G 423option) for safety. 424.It Fl t Ar type 425Specifies the type of key to create. 426The possible values are 427.Dq rsa1 428for protocol version 1 and |
430.Dq rsa | 429.Dq dsa , 430.Dq ecdsa |
431or | 431or |
432.Dq dsa | 432.Dq rsa |
433for protocol version 2. 434.It Fl V Ar validity_interval 435Specify a validity interval when signing a certificate. 436A validity interval may consist of a single time, indicating that the 437certificate is valid beginning now and expiring at that time, or may consist 438of two times separated by a colon to indicate an explicit time interval. 439The start time may be specified as a date in YYYYMMDD format, a time 440in YYYYMMDDHHMMSS format or a relative time (to the current time) consisting --- 160 unchanged lines hidden (view full) --- 601.Pp 602For certificates to be used for user or host authentication, the CA 603public key must be trusted by 604.Xr sshd 8 605or 606.Xr ssh 1 . 607Please refer to those manual pages for details. 608.Sh FILES | 433for protocol version 2. 434.It Fl V Ar validity_interval 435Specify a validity interval when signing a certificate. 436A validity interval may consist of a single time, indicating that the 437certificate is valid beginning now and expiring at that time, or may consist 438of two times separated by a colon to indicate an explicit time interval. 439The start time may be specified as a date in YYYYMMDD format, a time 440in YYYYMMDDHHMMSS format or a relative time (to the current time) consisting --- 160 unchanged lines hidden (view full) --- 601.Pp 602For certificates to be used for user or host authentication, the CA 603public key must be trusted by 604.Xr sshd 8 605or 606.Xr ssh 1 . 607Please refer to those manual pages for details. 608.Sh FILES |
609.Bl -tag -width Ds | 609.Bl -tag -width Ds -compact |
610.It Pa ~/.ssh/identity 611Contains the protocol version 1 RSA authentication identity of the user. 612This file should not be readable by anyone but the user. 613It is possible to 614specify a passphrase when generating the key; that passphrase will be | 610.It Pa ~/.ssh/identity 611Contains the protocol version 1 RSA authentication identity of the user. 612This file should not be readable by anyone but the user. 613It is possible to 614specify a passphrase when generating the key; that passphrase will be |
615used to encrypt the private part of this file using 128-bit AES. | 615used to encrypt the private part of this file using 3DES. |
616This file is not automatically accessed by 617.Nm 618but it is offered as the default file for the private key. 619.Xr ssh 1 620will read this file when a login attempt is made. | 616This file is not automatically accessed by 617.Nm 618but it is offered as the default file for the private key. 619.Xr ssh 1 620will read this file when a login attempt is made. |
621.Pp |
|
621.It Pa ~/.ssh/identity.pub 622Contains the protocol version 1 RSA public key for authentication. 623The contents of this file should be added to 624.Pa ~/.ssh/authorized_keys 625on all machines 626where the user wishes to log in using RSA authentication. 627There is no need to keep the contents of this file secret. | 622.It Pa ~/.ssh/identity.pub 623Contains the protocol version 1 RSA public key for authentication. 624The contents of this file should be added to 625.Pa ~/.ssh/authorized_keys 626on all machines 627where the user wishes to log in using RSA authentication. 628There is no need to keep the contents of this file secret. |
629.Pp |
|
628.It Pa ~/.ssh/id_dsa | 630.It Pa ~/.ssh/id_dsa |
629Contains the protocol version 2 DSA authentication identity of the user. 630This file should not be readable by anyone but the user. 631It is possible to 632specify a passphrase when generating the key; that passphrase will be 633used to encrypt the private part of this file using 128-bit AES. 634This file is not automatically accessed by 635.Nm 636but it is offered as the default file for the private key. 637.Xr ssh 1 638will read this file when a login attempt is made. 639.It Pa ~/.ssh/id_dsa.pub 640Contains the protocol version 2 DSA public key for authentication. 641The contents of this file should be added to 642.Pa ~/.ssh/authorized_keys 643on all machines 644where the user wishes to log in using public key authentication. 645There is no need to keep the contents of this file secret. | 631.It Pa ~/.ssh/id_ecdsa |
646.It Pa ~/.ssh/id_rsa | 632.It Pa ~/.ssh/id_rsa |
647Contains the protocol version 2 RSA authentication identity of the user. | 633Contains the protocol version 2 DSA, ECDSA or RSA authentication identity of the user. |
648This file should not be readable by anyone but the user. 649It is possible to 650specify a passphrase when generating the key; that passphrase will be 651used to encrypt the private part of this file using 128-bit AES. 652This file is not automatically accessed by 653.Nm 654but it is offered as the default file for the private key. 655.Xr ssh 1 656will read this file when a login attempt is made. | 634This file should not be readable by anyone but the user. 635It is possible to 636specify a passphrase when generating the key; that passphrase will be 637used to encrypt the private part of this file using 128-bit AES. 638This file is not automatically accessed by 639.Nm 640but it is offered as the default file for the private key. 641.Xr ssh 1 642will read this file when a login attempt is made. |
643.Pp 644.It Pa ~/.ssh/id_dsa.pub 645.It Pa ~/.ssh/id_ecdsa.pub |
|
657.It Pa ~/.ssh/id_rsa.pub | 646.It Pa ~/.ssh/id_rsa.pub |
658Contains the protocol version 2 RSA public key for authentication. | 647Contains the protocol version 2 DSA, ECDSA or RSA public key for authentication. |
659The contents of this file should be added to 660.Pa ~/.ssh/authorized_keys 661on all machines 662where the user wishes to log in using public key authentication. 663There is no need to keep the contents of this file secret. | 648The contents of this file should be added to 649.Pa ~/.ssh/authorized_keys 650on all machines 651where the user wishes to log in using public key authentication. 652There is no need to keep the contents of this file secret. |
653.Pp |
|
664.It Pa /etc/moduli 665Contains Diffie-Hellman groups used for DH-GEX. 666The file format is described in 667.Xr moduli 5 . 668.El 669.Sh SEE ALSO 670.Xr ssh 1 , 671.Xr ssh-add 1 , --- 17 unchanged lines hidden --- | 654.It Pa /etc/moduli 655Contains Diffie-Hellman groups used for DH-GEX. 656The file format is described in 657.Xr moduli 5 . 658.El 659.Sh SEE ALSO 660.Xr ssh 1 , 661.Xr ssh-add 1 , --- 17 unchanged lines hidden --- |