diff options
Diffstat (limited to 'crypto/openssh/ssh-keygen.1')
| -rw-r--r-- | crypto/openssh/ssh-keygen.1 | 247 |
1 files changed, 0 insertions, 247 deletions
diff --git a/crypto/openssh/ssh-keygen.1 b/crypto/openssh/ssh-keygen.1 deleted file mode 100644 index b328ce0c65bb3..0000000000000 --- a/crypto/openssh/ssh-keygen.1 +++ /dev/null @@ -1,247 +0,0 @@ -.\" -*- nroff -*- -.\" -.\" Author: Tatu Ylonen <ylo@cs.hut.fi> -.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland -.\" All rights reserved -.\" -.\" As far as I am concerned, the code I have written for this software -.\" can be used freely for any purpose. Any derived versions of this -.\" software must be clearly marked as such, and if the derived work is -.\" incompatible with the protocol description in the RFC file, it must be -.\" called by a name other than "ssh" or "Secure Shell". -.\" -.\" -.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. -.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. -.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR -.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, -.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd September 25, 1999 -.Dt SSH-KEYGEN 1 -.Os -.Sh NAME -.Nm ssh-keygen -.Nd authentication key generation -.Sh SYNOPSIS -.Nm ssh-keygen -.Op Fl dq -.Op Fl b Ar bits -.Op Fl N Ar new_passphrase -.Op Fl C Ar comment -.Op Fl f Ar output_keyfile -.Nm ssh-keygen -.Fl p -.Op Fl P Ar old_passphrase -.Op Fl N Ar new_passphrase -.Op Fl f Ar keyfile -.Nm ssh-keygen -.Fl x -.Op Fl f Ar input_keyfile -.Nm ssh-keygen -.Fl X -.Op Fl f Ar input_keyfile -.Nm ssh-keygen -.Fl y -.Op Fl f Ar input_keyfile -.Nm ssh-keygen -.Fl c -.Op Fl P Ar passphrase -.Op Fl C Ar comment -.Op Fl f Ar keyfile -.Nm ssh-keygen -.Fl l -.Op Fl f Ar input_keyfile -.Nm ssh-keygen -.Fl R -.Sh DESCRIPTION -.Nm -generates and manages authentication keys for -.Xr ssh 1 . -.Nm -defaults to generating an RSA key for use by protocols 1.3 and 1.5; -specifying the -.Fl d -flag will create a DSA key instead for use by protocol 2.0. -.Pp -Normally each user wishing to use SSH -with RSA or DSA authentication runs this once to create the authentication -key in -.Pa $HOME/.ssh/identity -or -.Pa $HOME/.ssh/id_dsa . -Additionally, the system administrator may use this to generate host keys, -as seen in -.Pa /etc/rc . -.Pp -Normally this program generates the key and asks for a file in which -to store the private key. -The public key is stored in a file with the same name but -.Dq .pub -appended. -The program also asks for a passphrase. -The passphrase may be empty to indicate no passphrase -(host keys must have empty passphrase), or it may be a string of -arbitrary length. -Good passphrases are 10-30 characters long and are -not simple sentences or otherwise easily guessable (English -prose has only 1-2 bits of entropy per word, and provides very bad -passphrases). -The passphrase can be changed later by using the -.Fl p -option. -.Pp -There is no way to recover a lost passphrase. -If the passphrase is -lost or forgotten, you will have to generate a new key and copy the -corresponding public key to other machines. -.Pp -For RSA, there is also a comment field in the key file that is only for -convenience to the user to help identify the key. -The comment can tell what the key is for, or whatever is useful. -The comment is initialized to -.Dq user@host -when the key is created, but can be changed using the -.Fl c -option. -.Pp -After a key is generated, instructions below detail where the keys -should be placed to be activated. -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl b Ar bits -Specifies the number of bits in the key to create. -Minimum is 512 bits. -Generally 1024 bits is considered sufficient, and key sizes -above that no longer improve security but make things slower. -The default is 1024 bits. -.It Fl c -Requests changing the comment in the private and public key files. -The program will prompt for the file containing the private keys, for -passphrase if the key has one, and for the new comment. -.It Fl f -Specifies the filename of the key file. -.It Fl l -Show fingerprint of specified private or public key file. -.It Fl p -Requests changing the passphrase of a private key file instead of -creating a new private key. -The program will prompt for the file -containing the private key, for the old passphrase, and twice for the -new passphrase. -.It Fl q -Silence -.Nm ssh-keygen . -Used by -.Pa /etc/rc -when creating a new key. -.It Fl C Ar comment -Provides the new comment. -.It Fl N Ar new_passphrase -Provides the new passphrase. -.It Fl P Ar passphrase -Provides the (old) passphrase. -.It Fl R -If RSA support is functional, immediately exits with code 0. If RSA -support is not functional, exits with code 1. This flag will be -removed once the RSA patent expires. -.It Fl x -This option will read a private -OpenSSH DSA format file and print a SSH2-compatible public key to stdout. -.It Fl X -This option will read a -SSH2-compatible public key file and print an OpenSSH DSA compatible public key to stdout. -.It Fl y -This option will read a private -OpenSSH DSA format file and print an OpenSSH DSA public key to stdout. -.El -.Sh FILES -.Bl -tag -width Ds -.It Pa $HOME/.ssh/identity -Contains the RSA authentication identity of the user. -This file should not be readable by anyone but the user. -It is possible to -specify a passphrase when generating the key; that passphrase will be -used to encrypt the private part of this file using 3DES. -This file is not automatically accessed by -.Nm -but it is offered as the default file for the private key. -.Xr sshd 8 -will read this file when a login attempt is made. -.It Pa $HOME/.ssh/identity.pub -Contains the public key for authentication. -The contents of this file should be added to -.Pa $HOME/.ssh/authorized_keys -on all machines -where you wish to log in using RSA authentication. -There is no need to keep the contents of this file secret. -.It Pa $HOME/.ssh/id_dsa -Contains the DSA authentication identity of the user. -This file should not be readable by anyone but the user. -It is possible to -specify a passphrase when generating the key; that passphrase will be -used to encrypt the private part of this file using 3DES. -This file is not automatically accessed by -.Nm -but it is offered as the default file for the private key. -.Xr sshd 8 -will read this file when a login attempt is made. -.It Pa $HOME/.ssh/id_dsa.pub -Contains the public key for authentication. -The contents of this file should be added to -.Pa $HOME/.ssh/authorized_keys2 -on all machines -where you wish to log in using DSA authentication. -There is no need to keep the contents of this file secret. -.El -.Sh AUTHOR -Tatu Ylonen <ylo@cs.hut.fi> -.Pp -OpenSSH -is a derivative of the original (free) ssh 1.2.12 release, but with bugs -removed and newer features re-added. -Rapidly after the 1.2.12 release, -newer versions bore successively more restrictive licenses. -This version of OpenSSH -.Bl -bullet -.It -has all components of a restrictive nature (i.e., patents, see -.Xr ssl 8 ) -directly removed from the source code; any licensed or patented components -are chosen from -external libraries. -.It -has been updated to support ssh protocol 1.5. -.It -contains added support for -.Xr kerberos 8 -authentication and ticket passing. -.It -supports one-time password authentication with -.Xr skey 1 . -.El -.Sh SEE ALSO -.Xr ssh 1 , -.Xr ssh-add 1 , -.Xr ssh-agent 1 , -.Xr sshd 8 , -.Xr ssl 8 |