| ssh-keygen.1 (57429) | ssh-keygen.1 (58582) |
|---|---|
| 1.\" -*- nroff -*- 2.\" 3.\" ssh-keygen.1 4.\" 5.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 6.\" 7.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 8.\" All rights reserved 9.\" 10.\" Created: Sat Apr 22 23:55:14 1995 ylo 11.\" | 1.\" -*- nroff -*- 2.\" 3.\" ssh-keygen.1 4.\" 5.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 6.\" 7.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 8.\" All rights reserved 9.\" 10.\" Created: Sat Apr 22 23:55:14 1995 ylo 11.\" |
| 12.\" $Id: ssh-keygen.1,v 1.11 2000/01/22 02:17:50 aaron Exp $ | 12.\" $Id: ssh-keygen.1,v 1.12 2000/03/23 21:10:10 aaron Exp $ |
| 13.\" 14.Dd September 25, 1999 15.Dt SSH-KEYGEN 1 16.Os 17.Sh NAME 18.Nm ssh-keygen 19.Nd authentication key generation 20.Sh SYNOPSIS --- 22 unchanged lines hidden (view full) --- 43.Xr ssh 1 . 44Normally each user wishing to use SSH 45with RSA authentication runs this once to create the authentication 46key in 47.Pa $HOME/.ssh/identity . 48Additionally, the system administrator may use this to generate host keys. 49.Pp 50Normally this program generates the key and asks for a file in which | 13.\" 14.Dd September 25, 1999 15.Dt SSH-KEYGEN 1 16.Os 17.Sh NAME 18.Nm ssh-keygen 19.Nd authentication key generation 20.Sh SYNOPSIS --- 22 unchanged lines hidden (view full) --- 43.Xr ssh 1 . 44Normally each user wishing to use SSH 45with RSA authentication runs this once to create the authentication 46key in 47.Pa $HOME/.ssh/identity . 48Additionally, the system administrator may use this to generate host keys. 49.Pp 50Normally this program generates the key and asks for a file in which |
| 51to store the private key. The public key is stored in a file with the 52same name but | 51to store the private key. 52The public key is stored in a file with the same name but |
| 53.Dq .pub | 53.Dq .pub |
| 54appended. The program also asks for a 55passphrase. The passphrase may be empty to indicate no passphrase | 54appended. 55The program also asks for a passphrase. 56The passphrase may be empty to indicate no passphrase |
| 56(host keys must have empty passphrase), or it may be a string of | 57(host keys must have empty passphrase), or it may be a string of |
| 57arbitrary length. Good passphrases are 10-30 characters long and are | 58arbitrary length. 59Good passphrases are 10-30 characters long and are |
| 58not simple sentences or otherwise easily guessable (English 59prose has only 1-2 bits of entropy per word, and provides very bad | 60not simple sentences or otherwise easily guessable (English 61prose has only 1-2 bits of entropy per word, and provides very bad |
| 60passphrases). The passphrase can be changed later by using the | 62passphrases). 63The passphrase can be changed later by using the |
| 61.Fl p 62option. 63.Pp | 64.Fl p 65option. 66.Pp |
| 64There is no way to recover a lost passphrase. If the passphrase is | 67There is no way to recover a lost passphrase. 68If the passphrase is |
| 65lost or forgotten, you will have to generate a new key and copy the 66corresponding public key to other machines. 67.Pp 68There is also a comment field in the key file that is only for | 69lost or forgotten, you will have to generate a new key and copy the 70corresponding public key to other machines. 71.Pp 72There is also a comment field in the key file that is only for |
| 69convenience to the user to help identify the key. The comment can 70tell what the key is for, or whatever is useful. The comment is 71initialized to | 73convenience to the user to help identify the key. 74The comment can tell what the key is for, or whatever is useful. 75The comment is initialized to |
| 72.Dq user@host 73when the key is created, but can be changed using the 74.Fl c 75option. 76.Pp 77The options are as follows: 78.Bl -tag -width Ds 79.It Fl b Ar bits | 76.Dq user@host 77when the key is created, but can be changed using the 78.Fl c 79option. 80.Pp 81The options are as follows: 82.Bl -tag -width Ds 83.It Fl b Ar bits |
| 80Specifies the number of bits in the key to create. Minimum is 512 81bits. Generally 1024 bits is considered sufficient, and key sizes 82above that no longer improve security but make things slower. The 83default is 1024 bits. | 84Specifies the number of bits in the key to create. 85Minimum is 512 bits. 86Generally 1024 bits is considered sufficient, and key sizes 87above that no longer improve security but make things slower. 88The default is 1024 bits. |
| 84.It Fl c 85Requests changing the comment in the private and public key files. 86The program will prompt for the file containing the private keys, for 87passphrase if the key has one, and for the new comment. 88.It Fl f 89Specifies the filename of the key file. 90.It Fl l 91Show fingerprint of specified private or public key file. 92.It Fl p 93Requests changing the passphrase of a private key file instead of | 89.It Fl c 90Requests changing the comment in the private and public key files. 91The program will prompt for the file containing the private keys, for 92passphrase if the key has one, and for the new comment. 93.It Fl f 94Specifies the filename of the key file. 95.It Fl l 96Show fingerprint of specified private or public key file. 97.It Fl p 98Requests changing the passphrase of a private key file instead of |
| 94creating a new private key. The program will prompt for the file | 99creating a new private key. 100The program will prompt for the file |
| 95containing the private key, for the old passphrase, and twice for the 96new passphrase. 97.It Fl q 98Silence 99.Nm ssh-keygen . 100Used by 101.Pa /etc/rc 102when creating a new key. 103.It Fl C Ar comment 104Provides the new comment. 105.It Fl N Ar new_passphrase 106Provides the new passphrase. 107.It Fl P Ar passphrase 108Provides the (old) passphrase. 109.El 110.Sh FILES 111.Bl -tag -width Ds 112.It Pa $HOME/.ssh/identity | 101containing the private key, for the old passphrase, and twice for the 102new passphrase. 103.It Fl q 104Silence 105.Nm ssh-keygen . 106Used by 107.Pa /etc/rc 108when creating a new key. 109.It Fl C Ar comment 110Provides the new comment. 111.It Fl N Ar new_passphrase 112Provides the new passphrase. 113.It Fl P Ar passphrase 114Provides the (old) passphrase. 115.El 116.Sh FILES 117.Bl -tag -width Ds 118.It Pa $HOME/.ssh/identity |
| 113Contains the RSA authentication identity of the user. This file 114should not be readable by anyone but the user. It is possible to | 119Contains the RSA authentication identity of the user. 120This file should not be readable by anyone but the user. 121It is possible to |
| 115specify a passphrase when generating the key; that passphrase will be | 122specify a passphrase when generating the key; that passphrase will be |
| 116used to encrypt the private part of this file using 3DES. This file 117is not automatically accessed by | 123used to encrypt the private part of this file using 3DES. 124This file is not automatically accessed by |
| 118.Nm 119but it is offered as the default file for the private key. 120.It Pa $HOME/.ssh/identity.pub | 125.Nm 126but it is offered as the default file for the private key. 127.It Pa $HOME/.ssh/identity.pub |
| 121Contains the public key for authentication. The contents of this file 122should be added to | 128Contains the public key for authentication. 129The contents of this file should be added to |
| 123.Pa $HOME/.ssh/authorized_keys 124on all machines | 130.Pa $HOME/.ssh/authorized_keys 131on all machines |
| 125where you wish to log in using RSA authentication. There is no 126need to keep the contents of this file secret. | 132where you wish to log in using RSA authentication. 133There is no need to keep the contents of this file secret. |
| 127.Sh AUTHOR 128Tatu Ylonen <ylo@cs.hut.fi> 129.Pp 130OpenSSH 131is a derivative of the original (free) ssh 1.2.12 release, but with bugs | 134.Sh AUTHOR 135Tatu Ylonen <ylo@cs.hut.fi> 136.Pp 137OpenSSH 138is a derivative of the original (free) ssh 1.2.12 release, but with bugs |
| 132removed and newer features re-added. Rapidly after the 1.2.12 release, 133newer versions bore successively more restrictive licenses. This version 134of OpenSSH | 139removed and newer features re-added. 140Rapidly after the 1.2.12 release, 141newer versions bore successively more restrictive licenses. 142This version of OpenSSH |
| 135.Bl -bullet 136.It 137has all components of a restrictive nature (i.e., patents, see 138.Xr ssl 8 ) 139directly removed from the source code; any licensed or patented components 140are chosen from 141external libraries. 142.It --- 19 unchanged lines hidden --- | 143.Bl -bullet 144.It 145has all components of a restrictive nature (i.e., patents, see 146.Xr ssl 8 ) 147directly removed from the source code; any licensed or patented components 148are chosen from 149external libraries. 150.It --- 19 unchanged lines hidden --- |