[gssapi-openssh.git] / openssh / ssh-keygen.1

.\"	$OpenBSD: ssh-keygen.1,v 1.60 2003/07/28 09:49:56 djm Exp $
.\"
.\"  -*- nroff -*-
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
.\"                    All rights reserved
.\"
.\" As far as I am concerned, the code I have written for this software
.\" can be used freely for any purpose.  Any derived versions of this
.\" software must be clearly marked as such, and if the derived work is
.\" incompatible with the protocol description in the RFC file, it must be
.\" called by a name other than "ssh" or "Secure Shell".
.\"
.\"
.\" Copyright (c) 1999,2000 Markus Friedl.  All rights reserved.
.\" Copyright (c) 1999 Aaron Campbell.  All rights reserved.
.\" Copyright (c) 1999 Theo de Raadt.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd September 25, 1999
.Dt SSH-KEYGEN 1
.Os
.Sh NAME
.Nm ssh-keygen
.Nd authentication key generation, management and conversion
.Sh SYNOPSIS
.Nm ssh-keygen
.Bk -words
.Op Fl q
.Op Fl b Ar bits
.Fl t Ar type
.Op Fl N Ar new_passphrase
.Op Fl C Ar comment
.Op Fl f Ar output_keyfile
.Ek
.Nm ssh-keygen
.Fl p
.Op Fl P Ar old_passphrase
.Op Fl N Ar new_passphrase
.Op Fl f Ar keyfile
.Nm ssh-keygen
.Fl i
.Op Fl f Ar input_keyfile
.Nm ssh-keygen
.Fl e
.Op Fl f Ar input_keyfile
.Nm ssh-keygen
.Fl y
.Op Fl f Ar input_keyfile
.Nm ssh-keygen
.Fl c
.Op Fl P Ar passphrase
.Op Fl C Ar comment
.Op Fl f Ar keyfile
.Nm ssh-keygen
.Fl l
.Op Fl f Ar input_keyfile
.Nm ssh-keygen
.Fl B
.Op Fl f Ar input_keyfile
.Nm ssh-keygen
.Fl D Ar reader
.Nm ssh-keygen
.Fl U Ar reader
.Op Fl f Ar input_keyfile
.Nm ssh-keygen
.Fl r Ar hostname
.Op Fl f Ar input_keyfile
.Op Fl g
.Nm ssh-keygen
.Fl G Ar output_file
.Op Fl b Ar bits
.Op Fl M Ar memory
.Op Fl S Ar start_point
.Nm ssh-keygen
.Fl T Ar output_file
.Fl f Ar input_file
.Op Fl a Ar num_trials
.Op Fl W Ar generator
.Sh DESCRIPTION
.Nm
generates, manages and converts authentication keys for
.Xr ssh 1 .
.Nm
can create RSA keys for use by SSH protocol version 1 and RSA or DSA
keys for use by SSH protocol version 2.
The type of key to be generated is specified with the
.Fl t
option.
.Pp
.Nm
is also used to generate groups for use in Diffie-Hellman group
exchange (DH-GEX).
See the
.Sx MODULI GENERATION
section for details.
.Pp
Normally each user wishing to use SSH
with RSA or DSA authentication runs this once to create the authentication
key in
.Pa $HOME/.ssh/identity ,
.Pa $HOME/.ssh/id_dsa
or
.Pa $HOME/.ssh/id_rsa .
Additionally, the system administrator may use this to generate host keys,
as seen in
.Pa /etc/rc .
.Pp
Normally this program generates the key and asks for a file in which
to store the private key.
The public key is stored in a file with the same name but
.Dq .pub
appended.
The program also asks for a passphrase.
The passphrase may be empty to indicate no passphrase
(host keys must have an empty passphrase), or it may be a string of
arbitrary length.
A passphrase is similar to a password, except it can be a phrase with a
series of words, punctuation, numbers, whitespace, or any string of
characters you want.
Good passphrases are 10-30 characters long, are
not simple sentences or otherwise easily guessable (English
prose has only 1-2 bits of entropy per character, and provides very bad
passphrases), and contain a mix of upper and lowercase letters,
numbers, and non-alphanumeric characters.
The passphrase can be changed later by using the
.Fl p
option.
.Pp
There is no way to recover a lost passphrase.
If the passphrase is
lost or forgotten, a new key must be generated and copied to the
corresponding public key to other machines.
.Pp
For RSA1 keys,
there is also a comment field in the key file that is only for
convenience to the user to help identify the key.
The comment can tell what the key is for, or whatever is useful.
The comment is initialized to
.Dq user@host
when the key is created, but can be changed using the
.Fl c
option.
.Pp
After a key is generated, instructions below detail where the keys
should be placed to be activated.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl a Ar trials
Specifies the number of primality tests to perform when screening DH-GEX
candidates using the
.Fl T
command.
.It Fl b Ar bits
Specifies the number of bits in the key to create.
Minimum is 512 bits.
Generally, 1024 bits is considered sufficient.
The default is 1024 bits.
.It Fl c
Requests changing the comment in the private and public key files.
This operation is only supported for RSA1 keys.
The program will prompt for the file containing the private keys, for
the passphrase if the key has one, and for the new comment.
.It Fl e
This option will read a private or public OpenSSH key file and
print the key in a
.Sq SECSH Public Key File Format
to stdout.
This option allows exporting keys for use by several commercial
SSH implementations.
.It Fl g
Use generic DNS resource record format.
.It Fl f Ar filename
Specifies the filename of the key file.
.It Fl i
This option will read an unencrypted private (or public) key file
in SSH2-compatible format and print an OpenSSH compatible private
(or public) key to stdout.
.Nm
also reads the
.Sq SECSH Public Key File Format .
This option allows importing keys from several commercial
SSH implementations.
.It Fl l
Show fingerprint of specified public key file.
Private RSA1 keys are also supported.
For RSA and DSA keys
.Nm
tries to find the matching public key file and prints its fingerprint.
.It Fl p
Requests changing the passphrase of a private key file instead of
creating a new private key.
The program will prompt for the file
containing the private key, for the old passphrase, and twice for the
new passphrase.
.It Fl q
Silence
.Nm ssh-keygen .
Used by
.Pa /etc/rc
when creating a new key.
.It Fl y
This option will read a private
OpenSSH format file and print an OpenSSH public key to stdout.
.It Fl t Ar type
Specifies the type of the key to create.
The possible values are
.Dq rsa1
for protocol version 1 and
.Dq rsa
or
.Dq dsa
for protocol version 2.
.It Fl B
Show the bubblebabble digest of specified private or public key file.
.It Fl C Ar comment
Provides the new comment.
.It Fl D Ar reader
Download the RSA public key stored in the smartcard in
.Ar reader .
.It Fl G Ar output_file
Generate candidate primes for DH-GEX.
These primes must be screened for
safety (using the
.Fl T
option) before use.
.It Fl M Ar memory
Specify the amount of memory to use (in megabytes) when generating
candidate moduli for DH-GEX.
.It Fl N Ar new_passphrase
Provides the new passphrase.
.It Fl P Ar passphrase
Provides the (old) passphrase.
.It Fl S Ar start
Specify start point (in hex) when generating candidate moduli for DH-GEX.
.It Fl T Ar output_file
Test DH group exchange candidate primes (generated using the
.Fl G
option) for safety.
.It Fl W Ar generator
Specify desired generator when testing candidate moduli for DH-GEX.
.It Fl U Ar reader
Upload an existing RSA private key into the smartcard in
.Ar reader .
.It Fl r Ar hostname
Print DNS resource record with the specified
.Ar hostname .
.El
.Sh MODULI GENERATION
.Nm
may be used to generate groups for the Diffie-Hellman Group Exchange
(DH-GEX) protocol.
Generating these groups is a two-step process: first, candidate
primes are generated using a fast, but memory intensive process.
These candidate primes are then tested for suitability (a CPU-intensive
process).
.Pp
Generation of primes is performed using the
.Fl G
option.
The desired length of the primes may be specified by the
.Fl b
option.
For example:
.Pp
.Dl ssh-keygen -G moduli-2048.candidates -b 2048
.Pp
By default, the search for primes begins at a random point in the
desired length range.
This may be overridden using the
.Fl S
option, which specifies a different start point (in hex).
.Pp
Once a set of candidates have been generated, they must be tested for
suitability.
This may be performed using the
.Fl T
option.
In this mode
.Nm
will read candidates from standard input (or a file specified using the
.Fl f
option).
For example:
.Pp
.Dl ssh-keygen -T moduli-2048 -f moduli-2048.candidates
.Pp
By default, each candidate will be subjected to 100 primality tests.
This may be overridden using the
.Fl a
option.
The DH generator value will be chosen automatically for the
prime under consideration.
If a specific generator is desired, it may be requested using the
.Fl W
option.
Valid generator values are 2, 3 and 5.
.Pp
Screened DH groups may be installed in
.Pa /etc/moduli .
It is important that this file contains moduli of a range of bit lengths and
that both ends of a connection share common moduli.
.Sh FILES
.Bl -tag -width Ds
.It Pa $HOME/.ssh/identity
Contains the protocol version 1 RSA authentication identity of the user.
This file should not be readable by anyone but the user.
It is possible to
specify a passphrase when generating the key; that passphrase will be
used to encrypt the private part of this file using 3DES.
This file is not automatically accessed by
.Nm
but it is offered as the default file for the private key.
.Xr ssh 1
will read this file when a login attempt is made.
.It Pa $HOME/.ssh/identity.pub
Contains the protocol version 1 RSA public key for authentication.
The contents of this file should be added to
.Pa $HOME/.ssh/authorized_keys
on all machines
where the user wishes to log in using RSA authentication.
There is no need to keep the contents of this file secret.
.It Pa $HOME/.ssh/id_dsa
Contains the protocol version 2 DSA authentication identity of the user.
This file should not be readable by anyone but the user.
It is possible to
specify a passphrase when generating the key; that passphrase will be
used to encrypt the private part of this file using 3DES.
This file is not automatically accessed by
.Nm
but it is offered as the default file for the private key.
.Xr ssh 1
will read this file when a login attempt is made.
.It Pa $HOME/.ssh/id_dsa.pub
Contains the protocol version 2 DSA public key for authentication.
The contents of this file should be added to
.Pa $HOME/.ssh/authorized_keys
on all machines
where the user wishes to log in using public key authentication.
There is no need to keep the contents of this file secret.
.It Pa $HOME/.ssh/id_rsa
Contains the protocol version 2 RSA authentication identity of the user.
This file should not be readable by anyone but the user.
It is possible to
specify a passphrase when generating the key; that passphrase will be
used to encrypt the private part of this file using 3DES.
This file is not automatically accessed by
.Nm
but it is offered as the default file for the private key.
.Xr ssh 1
will read this file when a login attempt is made.
.It Pa $HOME/.ssh/id_rsa.pub
Contains the protocol version 2 RSA public key for authentication.
The contents of this file should be added to
.Pa $HOME/.ssh/authorized_keys
on all machines
where the user wishes to log in using public key authentication.
There is no need to keep the contents of this file secret.
.It Pa /etc/moduli
Contains Diffie-Hellman groups used for DH-GEX.
The file format is described in
.Xr moduli 5 .
.El
.Sh SEE ALSO
.Xr ssh 1 ,
.Xr ssh-add 1 ,
.Xr ssh-agent 1 ,
.Xr moduli 5 ,
.Xr sshd 8
.Rs
.%A J. Galbraith
.%A R. Thayer
.%T "SECSH Public Key File Format"
.%N draft-ietf-secsh-publickeyfile-01.txt
.%D March 2001
.%O work in progress material
.Re
.Sh AUTHORS
OpenSSH is a derivative of the original and free
ssh 1.2.12 release by Tatu Ylonen.
Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
Theo de Raadt and Dug Song
removed many bugs, re-added newer features and
created OpenSSH.
Markus Friedl contributed the support for SSH
protocol versions 1.5 and 2.0.
Commit	Line	Data
0fff78ff	1	.\" $OpenBSD: ssh-keygen.1,v 1.60 2003/07/28 09:49:56 djm Exp $
3c0ef626	2	.\"
	3	.\" -- nroff --
	4	.\"
	5	.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
	6	.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
	7	.\" All rights reserved
	8	.\"
	9	.\" As far as I am concerned, the code I have written for this software
	10	.\" can be used freely for any purpose. Any derived versions of this
	11	.\" software must be clearly marked as such, and if the derived work is
	12	.\" incompatible with the protocol description in the RFC file, it must be
	13	.\" called by a name other than "ssh" or "Secure Shell".
	14	.\"
	15	.\"
	16	.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
	17	.\" Copyright (c) 1999 Aaron Campbell. All rights reserved.
	18	.\" Copyright (c) 1999 Theo de Raadt. All rights reserved.
	19	.\"
	20	.\" Redistribution and use in source and binary forms, with or without
	21	.\" modification, are permitted provided that the following conditions
	22	.\" are met:
	23	.\" 1. Redistributions of source code must retain the above copyright
	24	.\" notice, this list of conditions and the following disclaimer.
	25	.\" 2. Redistributions in binary form must reproduce the above copyright
	26	.\" notice, this list of conditions and the following disclaimer in the
	27	.\" documentation and/or other materials provided with the distribution.
	28	.\"
	29	.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
	30	.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
	31	.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	32	.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
	33	.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	34	.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	35	.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	36	.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	37	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
	38	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	39	.\"
	40	.Dd September 25, 1999
	41	.Dt SSH-KEYGEN 1
	42	.Os
	43	.Sh NAME
	44	.Nm ssh-keygen
	45	.Nd authentication key generation, management and conversion
	46	.Sh SYNOPSIS
	47	.Nm ssh-keygen
6a9b3198	48	.Bk -words
3c0ef626	49	.Op Fl q
3c0ef626	50	.Op Fl b Ar bits
e9a17296	51	.Fl t Ar type
3c0ef626	52	.Op Fl N Ar new_passphrase
	53	.Op Fl C Ar comment
	54	.Op Fl f Ar output_keyfile
6a9b3198	55	.Ek
3c0ef626	56	.Nm ssh-keygen
	57	.Fl p
	58	.Op Fl P Ar old_passphrase
	59	.Op Fl N Ar new_passphrase
	60	.Op Fl f Ar keyfile
	61	.Nm ssh-keygen
	62	.Fl i
	63	.Op Fl f Ar input_keyfile
	64	.Nm ssh-keygen
	65	.Fl e
	66	.Op Fl f Ar input_keyfile
	67	.Nm ssh-keygen
	68	.Fl y
	69	.Op Fl f Ar input_keyfile
	70	.Nm ssh-keygen
	71	.Fl c
	72	.Op Fl P Ar passphrase
	73	.Op Fl C Ar comment
	74	.Op Fl f Ar keyfile
	75	.Nm ssh-keygen
	76	.Fl l
	77	.Op Fl f Ar input_keyfile
	78	.Nm ssh-keygen
	79	.Fl B
	80	.Op Fl f Ar input_keyfile
	81	.Nm ssh-keygen
	82	.Fl D Ar reader
	83	.Nm ssh-keygen
	84	.Fl U Ar reader
	85	.Op Fl f Ar input_keyfile
0fff78ff	86	.Nm ssh-keygen
	87	.Fl r Ar hostname
	88	.Op Fl f Ar input_keyfile
	89	.Op Fl g
	90	.Nm ssh-keygen
	91	.Fl G Ar output_file
	92	.Op Fl b Ar bits
	93	.Op Fl M Ar memory
	94	.Op Fl S Ar start_point
	95	.Nm ssh-keygen
	96	.Fl T Ar output_file
	97	.Fl f Ar input_file
	98	.Op Fl a Ar num_trials
	99	.Op Fl W Ar generator
3c0ef626	100	.Sh DESCRIPTION
	101	.Nm
	102	generates, manages and converts authentication keys for
	103	.Xr ssh 1 .
	104	.Nm
f5799ae1	105	can create RSA keys for use by SSH protocol version 1 and RSA or DSA
0fff78ff	106	keys for use by SSH protocol version 2.
0fff78ff	107	The type of key to be generated is specified with the
3c0ef626	108	.Fl t
e9a17296	109	option.
3c0ef626	110	.Pp
0fff78ff	111	.Nm
	112	is also used to generate groups for use in Diffie-Hellman group
	113	exchange (DH-GEX).
	114	See the
	115	.Sx MODULI GENERATION
	116	section for details.
	117	.Pp
3c0ef626	118	Normally each user wishing to use SSH
	119	with RSA or DSA authentication runs this once to create the authentication
	120	key in
	121	.Pa $HOME/.ssh/identity ,
	122	.Pa $HOME/.ssh/id_dsa
	123	or
	124	.Pa $HOME/.ssh/id_rsa .
	125	Additionally, the system administrator may use this to generate host keys,
	126	as seen in
	127	.Pa /etc/rc .
	128	.Pp
	129	Normally this program generates the key and asks for a file in which
	130	to store the private key.
	131	The public key is stored in a file with the same name but
	132	.Dq .pub
	133	appended.
	134	The program also asks for a passphrase.
	135	The passphrase may be empty to indicate no passphrase
	136	(host keys must have an empty passphrase), or it may be a string of
	137	arbitrary length.
e9a17296	138	A passphrase is similar to a password, except it can be a phrase with a
	139	series of words, punctuation, numbers, whitespace, or any string of
	140	characters you want.
	141	Good passphrases are 10-30 characters long, are
3c0ef626	142	not simple sentences or otherwise easily guessable (English
3c0ef626	143	prose has only 1-2 bits of entropy per character, and provides very bad
e9a17296	144	passphrases), and contain a mix of upper and lowercase letters,
e9a17296	145	numbers, and non-alphanumeric characters.
3c0ef626	146	The passphrase can be changed later by using the
	147	.Fl p
	148	option.
	149	.Pp
	150	There is no way to recover a lost passphrase.
	151	If the passphrase is
	152	lost or forgotten, a new key must be generated and copied to the
	153	corresponding public key to other machines.
	154	.Pp
	155	For RSA1 keys,
	156	there is also a comment field in the key file that is only for
	157	convenience to the user to help identify the key.
	158	The comment can tell what the key is for, or whatever is useful.
	159	The comment is initialized to
	160	.Dq user@host
	161	when the key is created, but can be changed using the
	162	.Fl c
	163	option.
	164	.Pp
	165	After a key is generated, instructions below detail where the keys
	166	should be placed to be activated.
	167	.Pp
	168	The options are as follows:
	169	.Bl -tag -width Ds
0fff78ff	170	.It Fl a Ar trials
	171	Specifies the number of primality tests to perform when screening DH-GEX
	172	candidates using the
	173	.Fl T
	174	command.
3c0ef626	175	.It Fl b Ar bits
	176	Specifies the number of bits in the key to create.
	177	Minimum is 512 bits.
6a9b3198	178	Generally, 1024 bits is considered sufficient.
3c0ef626	179	The default is 1024 bits.
	180	.It Fl c
	181	Requests changing the comment in the private and public key files.
	182	This operation is only supported for RSA1 keys.
	183	The program will prompt for the file containing the private keys, for
	184	the passphrase if the key has one, and for the new comment.
	185	.It Fl e
	186	This option will read a private or public OpenSSH key file and
	187	print the key in a
	188	.Sq SECSH Public Key File Format
	189	to stdout.
	190	This option allows exporting keys for use by several commercial
	191	SSH implementations.
0fff78ff	192	.It Fl g
0fff78ff	193	Use generic DNS resource record format.
3c0ef626	194	.It Fl f Ar filename
	195	Specifies the filename of the key file.
	196	.It Fl i
	197	This option will read an unencrypted private (or public) key file
	198	in SSH2-compatible format and print an OpenSSH compatible private
	199	(or public) key to stdout.
	200	.Nm
	201	also reads the
	202	.Sq SECSH Public Key File Format .
	203	This option allows importing keys from several commercial
	204	SSH implementations.
	205	.It Fl l
	206	Show fingerprint of specified public key file.
	207	Private RSA1 keys are also supported.
	208	For RSA and DSA keys
	209	.Nm
	210	tries to find the matching public key file and prints its fingerprint.
	211	.It Fl p
	212	Requests changing the passphrase of a private key file instead of
	213	creating a new private key.
	214	The program will prompt for the file
	215	containing the private key, for the old passphrase, and twice for the
	216	new passphrase.
	217	.It Fl q
	218	Silence
	219	.Nm ssh-keygen .
	220	Used by
	221	.Pa /etc/rc
	222	when creating a new key.
	223	.It Fl y
	224	This option will read a private
	225	OpenSSH format file and print an OpenSSH public key to stdout.
	226	.It Fl t Ar type
	227	Specifies the type of the key to create.
	228	The possible values are
	229	.Dq rsa1
	230	for protocol version 1 and
	231	.Dq rsa
	232	or
	233	.Dq dsa
	234	for protocol version 2.
3c0ef626	235	.It Fl B
	236	Show the bubblebabble digest of specified private or public key file.
	237	.It Fl C Ar comment
	238	Provides the new comment.
	239	.It Fl D Ar reader
	240	Download the RSA public key stored in the smartcard in
	241	.Ar reader .
0fff78ff	242	.It Fl G Ar output_file
	243	Generate candidate primes for DH-GEX.
	244	These primes must be screened for
	245	safety (using the
	246	.Fl T
	247	option) before use.
	248	.It Fl M Ar memory
	249	Specify the amount of memory to use (in megabytes) when generating
	250	candidate moduli for DH-GEX.
3c0ef626	251	.It Fl N Ar new_passphrase
	252	Provides the new passphrase.
	253	.It Fl P Ar passphrase
	254	Provides the (old) passphrase.
0fff78ff	255	.It Fl S Ar start
	256	Specify start point (in hex) when generating candidate moduli for DH-GEX.
	257	.It Fl T Ar output_file
	258	Test DH group exchange candidate primes (generated using the
	259	.Fl G
	260	option) for safety.
	261	.It Fl W Ar generator
	262	Specify desired generator when testing candidate moduli for DH-GEX.
3c0ef626	263	.It Fl U Ar reader
	264	Upload an existing RSA private key into the smartcard in
	265	.Ar reader .
0fff78ff	266	.It Fl r Ar hostname
	267	Print DNS resource record with the specified
	268	.Ar hostname .
3c0ef626	269	.El
0fff78ff	270	.Sh MODULI GENERATION
	271	.Nm
	272	may be used to generate groups for the Diffie-Hellman Group Exchange
	273	(DH-GEX) protocol.
	274	Generating these groups is a two-step process: first, candidate
	275	primes are generated using a fast, but memory intensive process.
	276	These candidate primes are then tested for suitability (a CPU-intensive
	277	process).
	278	.Pp
	279	Generation of primes is performed using the
	280	.Fl G
	281	option.
	282	The desired length of the primes may be specified by the
	283	.Fl b
	284	option.
	285	For example:
	286	.Pp
	287	.Dl ssh-keygen -G moduli-2048.candidates -b 2048
	288	.Pp
	289	By default, the search for primes begins at a random point in the
	290	desired length range.
	291	This may be overridden using the
	292	.Fl S
	293	option, which specifies a different start point (in hex).
	294	.Pp
	295	Once a set of candidates have been generated, they must be tested for
	296	suitability.
	297	This may be performed using the
	298	.Fl T
	299	option.
	300	In this mode
	301	.Nm
	302	will read candidates from standard input (or a file specified using the
	303	.Fl f
	304	option).
	305	For example:
	306	.Pp
	307	.Dl ssh-keygen -T moduli-2048 -f moduli-2048.candidates
	308	.Pp
	309	By default, each candidate will be subjected to 100 primality tests.
	310	This may be overridden using the
	311	.Fl a
	312	option.
	313	The DH generator value will be chosen automatically for the
	314	prime under consideration.
	315	If a specific generator is desired, it may be requested using the
	316	.Fl W
	317	option.
	318	Valid generator values are 2, 3 and 5.
	319	.Pp
	320	Screened DH groups may be installed in
	321	.Pa /etc/moduli .
	322	It is important that this file contains moduli of a range of bit lengths and
	323	that both ends of a connection share common moduli.
3c0ef626	324	.Sh FILES
	325	.Bl -tag -width Ds
	326	.It Pa $HOME/.ssh/identity
	327	Contains the protocol version 1 RSA authentication identity of the user.
	328	This file should not be readable by anyone but the user.
	329	It is possible to
	330	specify a passphrase when generating the key; that passphrase will be
	331	used to encrypt the private part of this file using 3DES.
	332	This file is not automatically accessed by
	333	.Nm
	334	but it is offered as the default file for the private key.
	335	.Xr ssh 1
	336	will read this file when a login attempt is made.
	337	.It Pa $HOME/.ssh/identity.pub
	338	Contains the protocol version 1 RSA public key for authentication.
	339	The contents of this file should be added to
	340	.Pa $HOME/.ssh/authorized_keys
	341	on all machines
	342	where the user wishes to log in using RSA authentication.
	343	There is no need to keep the contents of this file secret.
	344	.It Pa $HOME/.ssh/id_dsa
	345	Contains the protocol version 2 DSA authentication identity of the user.
	346	This file should not be readable by anyone but the user.
	347	It is possible to
	348	specify a passphrase when generating the key; that passphrase will be
	349	used to encrypt the private part of this file using 3DES.
	350	This file is not automatically accessed by
	351	.Nm
	352	but it is offered as the default file for the private key.
	353	.Xr ssh 1
	354	will read this file when a login attempt is made.
	355	.It Pa $HOME/.ssh/id_dsa.pub
	356	Contains the protocol version 2 DSA public key for authentication.
	357	The contents of this file should be added to
	358	.Pa $HOME/.ssh/authorized_keys
	359	on all machines
	360	where the user wishes to log in using public key authentication.
	361	There is no need to keep the contents of this file secret.
	362	.It Pa $HOME/.ssh/id_rsa
	363	Contains the protocol version 2 RSA authentication identity of the user.
	364	This file should not be readable by anyone but the user.
	365	It is possible to
	366	specify a passphrase when generating the key; that passphrase will be
	367	used to encrypt the private part of this file using 3DES.
	368	This file is not automatically accessed by
	369	.Nm
	370	but it is offered as the default file for the private key.
	371	.Xr ssh 1
	372	will read this file when a login attempt is made.
	373	.It Pa $HOME/.ssh/id_rsa.pub
	374	Contains the protocol version 2 RSA public key for authentication.
	375	The contents of this file should be added to
	376	.Pa $HOME/.ssh/authorized_keys
	377	on all machines
	378	where the user wishes to log in using public key authentication.
	379	There is no need to keep the contents of this file secret.
0fff78ff	380	.It Pa /etc/moduli
	381	Contains Diffie-Hellman groups used for DH-GEX.
	382	The file format is described in
	383	.Xr moduli 5 .
3c0ef626	384	.El
3c0ef626	385	.Sh SEE ALSO
	386	.Xr ssh 1 ,
	387	.Xr ssh-add 1 ,
	388	.Xr ssh-agent 1 ,
0fff78ff	389	.Xr moduli 5 ,
3c0ef626	390	.Xr sshd 8
	391	.Rs
	392	.%A J. Galbraith
	393	.%A R. Thayer
	394	.%T "SECSH Public Key File Format"
	395	.%N draft-ietf-secsh-publickeyfile-01.txt
	396	.%D March 2001
	397	.%O work in progress material
	398	.Re
0fff78ff	399	.Sh AUTHORS
	400	OpenSSH is a derivative of the original and free
	401	ssh 1.2.12 release by Tatu Ylonen.
	402	Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
	403	Theo de Raadt and Dug Song
	404	removed many bugs, re-added newer features and
	405	created OpenSSH.
	406	Markus Friedl contributed the support for SSH
	407	protocol versions 1.5 and 2.0.