Penguin
Blame: ssh-keygen(1)
EditPageHistoryDiffInfoLikePages
Annotated edit history of ssh-keygen(1) version 8, including all changes. View license author blame.
Rev Author # Line
1 perry 1 ----
2 __NAME__
3
4
5 ssh-keygen - authentication key generation, management and
6 conversion
6 MichaelHart 7
8
1 perry 9 __SYNOPSIS__
10
11
8 DanielLawson 12 ssh-keygen [[-q] [[-b bits] [[-t type] [[-N new_passphrase] [[-C comment] [[-f output_keyfile]
1 perry 13
14
8 DanielLawson 15 ssh-keygen -p [[-P old_passphrase] [[-N new_passphrase] [[-f keyfile]
1 perry 16
17
18 ssh-keygen -i [[-f input_keyfile]
19
20
21 ssh-keygen -e [[-f input_keyfile]
22
23
24 ssh-keygen -y [[-f input_keyfile]
25
26
8 DanielLawson 27 ssh-keygen -c [[-P passphrase] [[-C comment] [[-f keyfile]
1 perry 28
29
30 ssh-keygen -l [[-f input_keyfile]
31
32
33 ssh-keygen -B [[-f input_keyfile]
34
35
36 ssh-keygen -D reader
37
38
39 ssh-keygen -U reader [[-f input_keyfile]
5 MichaelHart 40
41
1 perry 42 __DESCRIPTION__
43
44
45 ssh-keygen generates, manages and converts authentication
46 keys for ssh(1). ssh-keygen defaults to generating
47 a RSA1 key for use by SSH protocol version 1. Specifying the
48 -t option instead creates a key for use by SSH protocol
49 version 2.
50
51
52 Normally each user wishing to use SSH with RSA or DSA authentication runs this once to create the authentication key in $HOME/.ssh/identity, $HOME/.ssh/id_dsa or $HOME/.ssh/id_rsa. Additionally, the system administrator may use this to generate host keys, as seen in /etc/rc.
53
54
4 MichaelHart 55 Normally this program generates the key and asks for a file in which to store the private key. The public key is stored in a file with the same name but ``.pub'' appended. The program also asks for a passphrase. The passphrase may be empty to indicate no passphrase (host keys must have an empty passphrase), or it may be a string of arbitrary length. Good passphrases are 10-30 characters long and are not simple sentences or otherwise easily guessable (English prose has only 1-2 bits of entropy per character, and provides very bad passphrases). The passphrase can be changed later by using the -p option.
1 perry 56
57
4 MichaelHart 58 There is no way to recover a lost passphrase. If the passphrase is lost or forgotten, a new key must be generated and copied to the corresponding public key to other machines.
1 perry 59
60
4 MichaelHart 61 For RSA1 keys, there is also a comment field in the key file that is only for convenience to the user to help identify the key. The comment can tell what the key is for, or whatever is useful. The comment is initialized to ``user@host'' when the key is created, but can be changed using the -c option.
1 perry 62
63
4 MichaelHart 64 After a key is generated, instructions below detail where the keys should be placed to be activated.
1 perry 65
66
7 MichaelHart 67 ''The options are as follows:''
1 perry 68
4 MichaelHart 69 -b bits
70 Specifies the number of bits in the key to create.Minimum is 512 bits. Generally 1024 bits is consid-ered sufficient, and key sizes above that no longer improve security but make things slower. The defaultis 1024 bits.
1 perry 71
4 MichaelHart 72 -c
73 Requests changing the comment in the private and public key files. This operation is only supported for RSA1 keys. The program will prompt for the file containing the private keys, for the passphrase if the key has one, and for the new comment.
1 perry 74
4 MichaelHart 75 -e
76 This option will read a private or public OpenSSH keyfile and print the key in a SECSH Public Key !FileFormat to stdout. This option allows exporting keys for use by several commercial SSH implementations.
1 perry 77
4 MichaelHart 78 -f filename
79 Specifies the filename of the key file.
1 perry 80
4 MichaelHart 81 -i
82 This option will read an unencrypted private (or public) key file in SSH2-compatible format and print an OpenSSH compatible private (or public) key to stdout. ssh-keygen also reads the SECSH Public Key !FileFormat. This option allows importing keys from several commercial SSH implementations.
83
84 -l
85 Show fingerprint of specified public key file. Private RSA1 keys are also supported. For RSA and DSA keys ssh-keygen tries to find the matching public keyfile and prints its fingerprint.
86
87 -p
88 Requests changing the passphrase of a private keyfile instead of creating a new private key. The program will prompt for the file containing the privatekey, for the old passphrase, and twice for the newpassphrase.
89
90 -q
91 Silence ssh-keygen. Used by /etc/rc when creating a new key.
1 perry 92
93 -t type
4 MichaelHart 94 Specifies the type of the key to create. The possible values are ``rsa1'' for protocol version 1 and ``rsa'' or ``dsa'' for protocol version 2. The default is ``rsa1''.
1 perry 95
4 MichaelHart 96 -y
97 This option will read a private OpenSSH format file and
98 print an OpenSSH public key to stdout.
1 perry 99
100 -B
101 Show the bubblebabble digest of specified private or public
102 key file.
103
104
105 -C comment
106 Provides the new comment.
107
108
109 -D reader
110 Download the RSA public key stored in the smartcard in
111 reader.
112
113
114 -N new_passphrase
115 Provides the new passphrase.
116
117
118 -P passphrase
119 Provides the (old) passphrase.
120
121
122 -U reader
123 Upload an existing RSA private key into the smartcard in
124 reader.
125
126
127 __FILES__
8 DanielLawson 128 <pre>
1 perry 129 $HOME/.ssh/identity
8 DanielLawson 130 </pre>
1 perry 131
132
133 Contains the protocol version 1 RSA authentication identity
134 of the user. This file should not be read- able by anyone
135 but the user. It is possible to spec- ify a passphrase when
136 generating the key; that passphrase will be used to encrypt
137 the private part of this file using 3DES. This file is not
138 automati- cally accessed by ssh-keygen but it is offered as
139 the default file for the private key. ssh(1) will
140 read this file when a login attempt is made.
141
142
143 $HOME/.ssh/identity.pub
144 Contains the protocol version 1 RSA public key for
145 authentication. The contents of this file should be added to
146 $HOME/.ssh/authorized_keys on all machines where
147 the user wishes to log in using RSA authentica- tion. There
148 is no need to keep the contents of this file
149 secret.
150
151
152 $HOME/.ssh/id_dsa
153 Contains the protocol version 2 DSA authentication identity
154 of the user. This file should not be read- able by anyone
155 but the user. It is possible to spec- ify a passphrase when
156 generating the key; that passphrase will be used to encrypt
157 the private part of this file using 3DES. This file is not
158 automati- cally accessed by ssh-keygen but it is offered as
159 the default file for the private key. ssh(1) will
160 read this file when a login attempt is made.
161
162
163 $HOME/.ssh/id_dsa.pub
164 Contains the protocol version 2 DSA public key for
165 authentication. The contents of this file should be added to
166 $HOME/.ssh/authorized_keys on all machines where
167 the user wishes to log in using public key authentication.
168 There is no need to keep the con- tents of this file
169 secret.
170
171
172 $HOME/.ssh/id_rsa
173 Contains the protocol version 2 RSA authentication identity
174 of the user. This file should not be read- able by anyone
175 but the user. It is possible to spec- ify a passphrase when
176 generating the key; that passphrase will be used to encrypt
177 the private part of this file using 3DES. This file is not
178 automati- cally accessed by ssh-keygen but it is offered as
179 the default file for the private key. ssh(1) will
180 read this file when a login attempt is made.
181
182
183 $HOME/.ssh/id_rsa.pub
184 Contains the protocol version 2 RSA public key for
185 authentication. The contents of this file should be added to
186 $HOME/.ssh/authorized_keys on all machines where
187 the user wishes to log in using public key authentication.
188 There is no need to keep the con- tents of this file
189 secret.
190
191
192 __AUTHORS__
193
194
195 OpenSSH is a derivative of the original and free ssh 1.2.12
196 release by Tatu Ylonen. Aaron Campbell, Bob Beck, Markus
197 Friedl, Niels Provos, Theo de Raadt and Dug Song removed
198 many bugs, re-added newer features and created OpenSSH.
199 Markus Friedl contributed the support for SSH protocol ver-
200 sions 1.5 and 2.0.
201 __SEE ALSO__
202
203
204 ssh(1), ssh-add(1), ssh-agent(1),
205 sshd(8)
3 DanielLawson 206 J. Galbraith and R. Thayer,'' SECSH Public Key !FileFormat'', draft-ietf-secsh-publickeyfile-01.txt, March2001, work in progress material.BSD September 25, 1999 1
1 perry 207 ----
This page is a man page (or other imported legacy content). We are unable to automatically determine the license status of this page.

PHP Warning

lib/blame.php:177: Warning: Invalid argument supplied for foreach()