Cross Reference: /freebsd-10.2-release/crypto/openssh/ssh-keygen.0

ssh-keygen.0 (214979)	ssh-keygen.0 (218767)
1SSH-KEYGEN(1) OpenBSD Reference Manual SSH-KEYGEN(1) 2 3NAME 4 ssh-keygen - authentication key generation, management and conversion 5 6SYNOPSIS 7 ssh-keygen [-q] [-b bits] -t type [-N new_passphrase] [-C comment] 8 [-f output_keyfile] --- 14 unchanged lines hidden (view full) --- 23 [-W generator] 24 ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals] 25 [-O option] [-V validity_interval] [-z serial_number] file ... 26 ssh-keygen -L [-f input_keyfile] 27 28DESCRIPTION 29 ssh-keygen generates, manages and converts authentication keys for 30 ssh(1). ssh-keygen can create RSA keys for use by SSH protocol version 1	1SSH-KEYGEN(1) OpenBSD Reference Manual SSH-KEYGEN(1) 2 3NAME 4 ssh-keygen - authentication key generation, management and conversion 5 6SYNOPSIS 7 ssh-keygen [-q] [-b bits] -t type [-N new_passphrase] [-C comment] 8 [-f output_keyfile] --- 14 unchanged lines hidden (view full) --- 23 [-W generator] 24 ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals] 25 [-O option] [-V validity_interval] [-z serial_number] file ... 26 ssh-keygen -L [-f input_keyfile] 27 28DESCRIPTION 29 ssh-keygen generates, manages and converts authentication keys for 30 ssh(1). ssh-keygen can create RSA keys for use by SSH protocol version 1
31 and RSA or DSA keys for use by SSH protocol version 2. The type of key 32 to be generated is specified with the -t option. If invoked without any 33 arguments, ssh-keygen will generate an RSA key for use in SSH protocol 2 34 connections.	31 and DSA, ECDSA or RSA keys for use by SSH protocol version 2. The type 32 of key to be generated is specified with the -t option. If invoked 33 without any arguments, ssh-keygen will generate an RSA key for use in SSH 34 protocol 2 connections.
35 36 ssh-keygen is also used to generate groups for use in Diffie-Hellman 37 group exchange (DH-GEX). See the MODULI GENERATION section for details. 38	35 36 ssh-keygen is also used to generate groups for use in Diffie-Hellman 37 group exchange (DH-GEX). See the MODULI GENERATION section for details. 38
39 Normally each user wishing to use SSH with RSA or DSA authentication runs	39 Normally each user wishing to use SSH with public key authentication runs
40 this once to create the authentication key in ~/.ssh/identity,	40 this once to create the authentication key in ~/.ssh/identity,
41 ~/.ssh/id_dsa or ~/.ssh/id_rsa. Additionally, the system administrator 42 may use this to generate host keys, as seen in /etc/rc.	41 ~/.ssh/id_ecdsa, ~/.ssh/id_dsa or ~/.ssh/id_rsa. Additionally, the 42 system administrator may use this to generate host keys, as seen in 43 /etc/rc.
43 44 Normally this program generates the key and asks for a file in which to 45 store the private key. The public key is stored in a file with the same 46 name but ``.pub'' appended. The program also asks for a passphrase. The 47 passphrase may be empty to indicate no passphrase (host keys must have an 48 empty passphrase), or it may be a string of arbitrary length. A 49 passphrase is similar to a password, except it can be a phrase with a 50 series of words, punctuation, numbers, whitespace, or any string of --- 199 unchanged lines hidden (view full) --- 250 see the CERTIFICATES section for details. 251 252 -T output_file 253 Test DH group exchange candidate primes (generated using the -G 254 option) for safety. 255 256 -t type 257 Specifies the type of key to create. The possible values are	44 45 Normally this program generates the key and asks for a file in which to 46 store the private key. The public key is stored in a file with the same 47 name but ``.pub'' appended. The program also asks for a passphrase. The 48 passphrase may be empty to indicate no passphrase (host keys must have an 49 empty passphrase), or it may be a string of arbitrary length. A 50 passphrase is similar to a password, except it can be a phrase with a 51 series of words, punctuation, numbers, whitespace, or any string of --- 199 unchanged lines hidden (view full) --- 251 see the CERTIFICATES section for details. 252 253 -T output_file 254 Test DH group exchange candidate primes (generated using the -G 255 option) for safety. 256 257 -t type 258 Specifies the type of key to create. The possible values are
258 ``rsa1'' for protocol version 1 and ``rsa'' or ``dsa'' for 259 protocol version 2.	259 ``rsa1'' for protocol version 1 and ``dsa'', ``ecdsa'' or ``rsa'' 260 for protocol version 2.
260 261 -V validity_interval 262 Specify a validity interval when signing a certificate. A 263 validity interval may consist of a single time, indicating that 264 the certificate is valid beginning now and expiring at that time, 265 or may consist of two times separated by a colon to indicate an 266 explicit time interval. The start time may be specified as a 267 date in YYYYMMDD format, a time in YYYYMMDDHHMMSS format or a --- 118 unchanged lines hidden (view full) --- 386 manual pages for details. 387 388FILES 389 ~/.ssh/identity 390 Contains the protocol version 1 RSA authentication identity of 391 the user. This file should not be readable by anyone but the 392 user. It is possible to specify a passphrase when generating the 393 key; that passphrase will be used to encrypt the private part of	261 262 -V validity_interval 263 Specify a validity interval when signing a certificate. A 264 validity interval may consist of a single time, indicating that 265 the certificate is valid beginning now and expiring at that time, 266 or may consist of two times separated by a colon to indicate an 267 explicit time interval. The start time may be specified as a 268 date in YYYYMMDD format, a time in YYYYMMDDHHMMSS format or a --- 118 unchanged lines hidden (view full) --- 387 manual pages for details. 388 389FILES 390 ~/.ssh/identity 391 Contains the protocol version 1 RSA authentication identity of 392 the user. This file should not be readable by anyone but the 393 user. It is possible to specify a passphrase when generating the 394 key; that passphrase will be used to encrypt the private part of
394 this file using 128-bit AES. This file is not automatically 395 accessed by ssh-keygen but it is offered as the default file for 396 the private key. ssh(1) will read this file when a login attempt 397 is made.	395 this file using 3DES. This file is not automatically accessed by 396 ssh-keygen but it is offered as the default file for the private 397 key. ssh(1) will read this file when a login attempt is made.
398 399 ~/.ssh/identity.pub 400 Contains the protocol version 1 RSA public key for 401 authentication. The contents of this file should be added to 402 ~/.ssh/authorized_keys on all machines where the user wishes to 403 log in using RSA authentication. There is no need to keep the 404 contents of this file secret. 405 406 ~/.ssh/id_dsa	398 399 ~/.ssh/identity.pub 400 Contains the protocol version 1 RSA public key for 401 authentication. The contents of this file should be added to 402 ~/.ssh/authorized_keys on all machines where the user wishes to 403 log in using RSA authentication. There is no need to keep the 404 contents of this file secret. 405 406 ~/.ssh/id_dsa
407 Contains the protocol version 2 DSA authentication identity of 408 the user. This file should not be readable by anyone but the 409 user. It is possible to specify a passphrase when generating the 410 key; that passphrase will be used to encrypt the private part of 411 this file using 128-bit AES. This file is not automatically 412 accessed by ssh-keygen but it is offered as the default file for 413 the private key. ssh(1) will read this file when a login attempt 414 is made. 415 416 ~/.ssh/id_dsa.pub 417 Contains the protocol version 2 DSA public key for 418 authentication. The contents of this file should be added to 419 ~/.ssh/authorized_keys on all machines where the user wishes to 420 log in using public key authentication. There is no need to keep 421 the contents of this file secret. 422	407 ~/.ssh/id_ecdsa
423 ~/.ssh/id_rsa	408 ~/.ssh/id_rsa
424 Contains the protocol version 2 RSA authentication identity of 425 the user. This file should not be readable by anyone but the 426 user. It is possible to specify a passphrase when generating the 427 key; that passphrase will be used to encrypt the private part of 428 this file using 128-bit AES. This file is not automatically 429 accessed by ssh-keygen but it is offered as the default file for 430 the private key. ssh(1) will read this file when a login attempt 431 is made.	409 Contains the protocol version 2 DSA, ECDSA or RSA authentication 410 identity of the user. This file should not be readable by anyone 411 but the user. It is possible to specify a passphrase when 412 generating the key; that passphrase will be used to encrypt the 413 private part of this file using 128-bit AES. This file is not 414 automatically accessed by ssh-keygen but it is offered as the 415 default file for the private key. ssh(1) will read this file 416 when a login attempt is made.
432	417
	418 ~/.ssh/id_dsa.pub 419 ~/.ssh/id_ecdsa.pub
433 ~/.ssh/id_rsa.pub	420 ~/.ssh/id_rsa.pub
434 Contains the protocol version 2 RSA public key for	421 Contains the protocol version 2 DSA, ECDSA or RSA public key for
435 authentication. The contents of this file should be added to 436 ~/.ssh/authorized_keys on all machines where the user wishes to 437 log in using public key authentication. There is no need to keep 438 the contents of this file secret. 439 440 /etc/moduli 441 Contains Diffie-Hellman groups used for DH-GEX. The file format 442 is described in moduli(5). --- 5 unchanged lines hidden (view full) --- 448 449AUTHORS 450 OpenSSH is a derivative of the original and free ssh 1.2.12 release by 451 Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo 452 de Raadt and Dug Song removed many bugs, re-added newer features and 453 created OpenSSH. Markus Friedl contributed the support for SSH protocol 454 versions 1.5 and 2.0. 455	422 authentication. The contents of this file should be added to 423 ~/.ssh/authorized_keys on all machines where the user wishes to 424 log in using public key authentication. There is no need to keep 425 the contents of this file secret. 426 427 /etc/moduli 428 Contains Diffie-Hellman groups used for DH-GEX. The file format 429 is described in moduli(5). --- 5 unchanged lines hidden (view full) --- 435 436AUTHORS 437 OpenSSH is a derivative of the original and free ssh 1.2.12 release by 438 Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo 439 de Raadt and Dug Song removed many bugs, re-added newer features and 440 created OpenSSH. Markus Friedl contributed the support for SSH protocol 441 versions 1.5 and 2.0. 442
456OpenBSD 4.8 August 4, 2010 OpenBSD 4.8	443OpenBSD 4.8 October 28, 2010 OpenBSD 4.8

1SSH-KEYGEN(1) OpenBSD Reference Manual SSH-KEYGEN(1)
2
3NAME
4 ssh-keygen - authentication key generation, management and conversion
5
6SYNOPSIS
7 ssh-keygen [-q] [-b bits] -t type [-N new_passphrase] [-C comment]
8 [-f output_keyfile]

--- 14 unchanged lines hidden (view full) ---

23 [-W generator]
24 ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals]
25 [-O option] [-V validity_interval] [-z serial_number] file ...
26 ssh-keygen -L [-f input_keyfile]
27
28DESCRIPTION
29 ssh-keygen generates, manages and converts authentication keys for
30 ssh(1). ssh-keygen can create RSA keys for use by SSH protocol version 1

31 and RSA or DSA keys for use by SSH protocol version 2. The type of key
32 to be generated is specified with the -t option. If invoked without any
33 arguments, ssh-keygen will generate an RSA key for use in SSH protocol 2
34 connections.

31 and DSA, ECDSA or RSA keys for use by SSH protocol version 2. The type
32 of key to be generated is specified with the -t option. If invoked
33 without any arguments, ssh-keygen will generate an RSA key for use in SSH
34 protocol 2 connections.

35
36 ssh-keygen is also used to generate groups for use in Diffie-Hellman
37 group exchange (DH-GEX). See the MODULI GENERATION section for details.
38

39 Normally each user wishing to use SSH with RSA or DSA authentication runs

39 Normally each user wishing to use SSH with public key authentication runs

40 this once to create the authentication key in ~/.ssh/identity,

41 ~/.ssh/id_dsa or ~/.ssh/id_rsa. Additionally, the system administrator
42 may use this to generate host keys, as seen in /etc/rc.

41 ~/.ssh/id_ecdsa, ~/.ssh/id_dsa or ~/.ssh/id_rsa. Additionally, the
42 system administrator may use this to generate host keys, as seen in
43 /etc/rc.

43
44 Normally this program generates the key and asks for a file in which to
45 store the private key. The public key is stored in a file with the same
46 name but ``.pub'' appended. The program also asks for a passphrase. The
47 passphrase may be empty to indicate no passphrase (host keys must have an
48 empty passphrase), or it may be a string of arbitrary length. A
49 passphrase is similar to a password, except it can be a phrase with a
50 series of words, punctuation, numbers, whitespace, or any string of

--- 199 unchanged lines hidden (view full) ---

250 see the CERTIFICATES section for details.
251
252 -T output_file
253 Test DH group exchange candidate primes (generated using the -G
254 option) for safety.
255
256 -t type
257 Specifies the type of key to create. The possible values are

44
45 Normally this program generates the key and asks for a file in which to
46 store the private key. The public key is stored in a file with the same
47 name but ``.pub'' appended. The program also asks for a passphrase. The
48 passphrase may be empty to indicate no passphrase (host keys must have an
49 empty passphrase), or it may be a string of arbitrary length. A
50 passphrase is similar to a password, except it can be a phrase with a
51 series of words, punctuation, numbers, whitespace, or any string of

--- 199 unchanged lines hidden (view full) ---

251 see the CERTIFICATES section for details.
252
253 -T output_file
254 Test DH group exchange candidate primes (generated using the -G
255 option) for safety.
256
257 -t type
258 Specifies the type of key to create. The possible values are

258 ``rsa1'' for protocol version 1 and ``rsa'' or ``dsa'' for
259 protocol version 2.

259 ``rsa1'' for protocol version 1 and ``dsa'', ``ecdsa'' or ``rsa''
260 for protocol version 2.

260
261 -V validity_interval
262 Specify a validity interval when signing a certificate. A
263 validity interval may consist of a single time, indicating that
264 the certificate is valid beginning now and expiring at that time,
265 or may consist of two times separated by a colon to indicate an
266 explicit time interval. The start time may be specified as a
267 date in YYYYMMDD format, a time in YYYYMMDDHHMMSS format or a

--- 118 unchanged lines hidden (view full) ---

386 manual pages for details.
387
388FILES
389 ~/.ssh/identity
390 Contains the protocol version 1 RSA authentication identity of
391 the user. This file should not be readable by anyone but the
392 user. It is possible to specify a passphrase when generating the
393 key; that passphrase will be used to encrypt the private part of

261
262 -V validity_interval
263 Specify a validity interval when signing a certificate. A
264 validity interval may consist of a single time, indicating that
265 the certificate is valid beginning now and expiring at that time,
266 or may consist of two times separated by a colon to indicate an
267 explicit time interval. The start time may be specified as a
268 date in YYYYMMDD format, a time in YYYYMMDDHHMMSS format or a

--- 118 unchanged lines hidden (view full) ---

387 manual pages for details.
388
389FILES
390 ~/.ssh/identity
391 Contains the protocol version 1 RSA authentication identity of
392 the user. This file should not be readable by anyone but the
393 user. It is possible to specify a passphrase when generating the
394 key; that passphrase will be used to encrypt the private part of

394 this file using 128-bit AES. This file is not automatically
395 accessed by ssh-keygen but it is offered as the default file for
396 the private key. ssh(1) will read this file when a login attempt
397 is made.

395 this file using 3DES. This file is not automatically accessed by
396 ssh-keygen but it is offered as the default file for the private
397 key. ssh(1) will read this file when a login attempt is made.

398
399 ~/.ssh/identity.pub
400 Contains the protocol version 1 RSA public key for
401 authentication. The contents of this file should be added to
402 ~/.ssh/authorized_keys on all machines where the user wishes to
403 log in using RSA authentication. There is no need to keep the
404 contents of this file secret.
405
406 ~/.ssh/id_dsa

407 Contains the protocol version 2 DSA authentication identity of
408 the user. This file should not be readable by anyone but the
409 user. It is possible to specify a passphrase when generating the
410 key; that passphrase will be used to encrypt the private part of
411 this file using 128-bit AES. This file is not automatically
412 accessed by ssh-keygen but it is offered as the default file for
413 the private key. ssh(1) will read this file when a login attempt
414 is made.
415
416 ~/.ssh/id_dsa.pub
417 Contains the protocol version 2 DSA public key for
418 authentication. The contents of this file should be added to
419 ~/.ssh/authorized_keys on all machines where the user wishes to
420 log in using public key authentication. There is no need to keep
421 the contents of this file secret.
422

407 ~/.ssh/id_ecdsa

423 ~/.ssh/id_rsa

408 ~/.ssh/id_rsa

424 Contains the protocol version 2 RSA authentication identity of
425 the user. This file should not be readable by anyone but the
426 user. It is possible to specify a passphrase when generating the
427 key; that passphrase will be used to encrypt the private part of
428 this file using 128-bit AES. This file is not automatically
429 accessed by ssh-keygen but it is offered as the default file for
430 the private key. ssh(1) will read this file when a login attempt
431 is made.

409 Contains the protocol version 2 DSA, ECDSA or RSA authentication
410 identity of the user. This file should not be readable by anyone
411 but the user. It is possible to specify a passphrase when
412 generating the key; that passphrase will be used to encrypt the
413 private part of this file using 128-bit AES. This file is not
414 automatically accessed by ssh-keygen but it is offered as the
415 default file for the private key. ssh(1) will read this file
416 when a login attempt is made.

432

417

418 ~/.ssh/id_dsa.pub
419 ~/.ssh/id_ecdsa.pub

433 ~/.ssh/id_rsa.pub

420 ~/.ssh/id_rsa.pub

434 Contains the protocol version 2 RSA public key for

421 Contains the protocol version 2 DSA, ECDSA or RSA public key for

435 authentication. The contents of this file should be added to
436 ~/.ssh/authorized_keys on all machines where the user wishes to
437 log in using public key authentication. There is no need to keep
438 the contents of this file secret.
439
440 /etc/moduli
441 Contains Diffie-Hellman groups used for DH-GEX. The file format
442 is described in moduli(5).

--- 5 unchanged lines hidden (view full) ---

448
449AUTHORS
450 OpenSSH is a derivative of the original and free ssh 1.2.12 release by
451 Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
452 de Raadt and Dug Song removed many bugs, re-added newer features and
453 created OpenSSH. Markus Friedl contributed the support for SSH protocol
454 versions 1.5 and 2.0.
455

422 authentication. The contents of this file should be added to
423 ~/.ssh/authorized_keys on all machines where the user wishes to
424 log in using public key authentication. There is no need to keep
425 the contents of this file secret.
426
427 /etc/moduli
428 Contains Diffie-Hellman groups used for DH-GEX. The file format
429 is described in moduli(5).

--- 5 unchanged lines hidden (view full) ---

435
436AUTHORS
437 OpenSSH is a derivative of the original and free ssh 1.2.12 release by
438 Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
439 de Raadt and Dug Song removed many bugs, re-added newer features and
440 created OpenSSH. Markus Friedl contributed the support for SSH protocol
441 versions 1.5 and 2.0.
442

456OpenBSD 4.8 August 4, 2010 OpenBSD 4.8

443OpenBSD 4.8 October 28, 2010 OpenBSD 4.8