[gssapi-openssh.git] / openssh / ssh-keygen.1

.\"	$OpenBSD: ssh-keygen.1,v 1.63 2004/08/13 00:01:43 jmc Exp $
.\"
.\"  -*- nroff -*-
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
.\"                    All rights reserved
.\"
.\" As far as I am concerned, the code I have written for this software
.\" can be used freely for any purpose.  Any derived versions of this
.\" software must be clearly marked as such, and if the derived work is
.\" incompatible with the protocol description in the RFC file, it must be
.\" called by a name other than "ssh" or "Secure Shell".
.\"
.\"
.\" Copyright (c) 1999,2000 Markus Friedl.  All rights reserved.
.\" Copyright (c) 1999 Aaron Campbell.  All rights reserved.
.\" Copyright (c) 1999 Theo de Raadt.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd September 25, 1999
.Dt SSH-KEYGEN 1
.Os
.Sh NAME
.Nm ssh-keygen
.Nd authentication key generation, management and conversion
.Sh SYNOPSIS
.Nm ssh-keygen
.Bk -words
.Op Fl q
.Op Fl b Ar bits
.Fl t Ar type
.Op Fl N Ar new_passphrase
.Op Fl C Ar comment
.Op Fl f Ar output_keyfile
.Ek
.Nm ssh-keygen
.Fl p
.Op Fl P Ar old_passphrase
.Op Fl N Ar new_passphrase
.Op Fl f Ar keyfile
.Nm ssh-keygen
.Fl i
.Op Fl f Ar input_keyfile
.Nm ssh-keygen
.Fl e
.Op Fl f Ar input_keyfile
.Nm ssh-keygen
.Fl y
.Op Fl f Ar input_keyfile
.Nm ssh-keygen
.Fl c
.Op Fl P Ar passphrase
.Op Fl C Ar comment
.Op Fl f Ar keyfile
.Nm ssh-keygen
.Fl l
.Op Fl f Ar input_keyfile
.Nm ssh-keygen
.Fl B
.Op Fl f Ar input_keyfile
.Nm ssh-keygen
.Fl D Ar reader
.Nm ssh-keygen
.Fl U Ar reader
.Op Fl f Ar input_keyfile
.Nm ssh-keygen
.Fl r Ar hostname
.Op Fl f Ar input_keyfile
.Op Fl g
.Nm ssh-keygen
.Fl G Ar output_file
.Op Fl v
.Op Fl b Ar bits
.Op Fl M Ar memory
.Op Fl S Ar start_point
.Nm ssh-keygen
.Fl T Ar output_file
.Fl f Ar input_file
.Op Fl v
.Op Fl a Ar num_trials
.Op Fl W Ar generator
.Sh DESCRIPTION
.Nm
generates, manages and converts authentication keys for
.Xr ssh 1 .
.Nm
can create RSA keys for use by SSH protocol version 1 and RSA or DSA
keys for use by SSH protocol version 2.
The type of key to be generated is specified with the
.Fl t
option.
.Pp
.Nm
is also used to generate groups for use in Diffie-Hellman group
exchange (DH-GEX).
See the
.Sx MODULI GENERATION
section for details.
.Pp
Normally each user wishing to use SSH
with RSA or DSA authentication runs this once to create the authentication
key in
.Pa $HOME/.ssh/identity ,
.Pa $HOME/.ssh/id_dsa
or
.Pa $HOME/.ssh/id_rsa .
Additionally, the system administrator may use this to generate host keys,
as seen in
.Pa /etc/rc .
.Pp
Normally this program generates the key and asks for a file in which
to store the private key.
The public key is stored in a file with the same name but
.Dq .pub
appended.
The program also asks for a passphrase.
The passphrase may be empty to indicate no passphrase
(host keys must have an empty passphrase), or it may be a string of
arbitrary length.
A passphrase is similar to a password, except it can be a phrase with a
series of words, punctuation, numbers, whitespace, or any string of
characters you want.
Good passphrases are 10-30 characters long, are
not simple sentences or otherwise easily guessable (English
prose has only 1-2 bits of entropy per character, and provides very bad
passphrases), and contain a mix of upper and lowercase letters,
numbers, and non-alphanumeric characters.
The passphrase can be changed later by using the
.Fl p
option.
.Pp
There is no way to recover a lost passphrase.
If the passphrase is
lost or forgotten, a new key must be generated and copied to the
corresponding public key to other machines.
.Pp
For RSA1 keys,
there is also a comment field in the key file that is only for
convenience to the user to help identify the key.
The comment can tell what the key is for, or whatever is useful.
The comment is initialized to
.Dq user@host
when the key is created, but can be changed using the
.Fl c
option.
.Pp
After a key is generated, instructions below detail where the keys
should be placed to be activated.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl a Ar trials
Specifies the number of primality tests to perform when screening DH-GEX
candidates using the
.Fl T
command.
.It Fl b Ar bits
Specifies the number of bits in the key to create.
Minimum is 512 bits.
Generally, 1024 bits is considered sufficient.
The default is 1024 bits.
.It Fl c
Requests changing the comment in the private and public key files.
This operation is only supported for RSA1 keys.
The program will prompt for the file containing the private keys, for
the passphrase if the key has one, and for the new comment.
.It Fl e
This option will read a private or public OpenSSH key file and
print the key in a
.Sq SECSH Public Key File Format
to stdout.
This option allows exporting keys for use by several commercial
SSH implementations.
.It Fl g
Use generic DNS format when printing fingerprint resource records using the
.Fl r
command.
.It Fl f Ar filename
Specifies the filename of the key file.
.It Fl i
This option will read an unencrypted private (or public) key file
in SSH2-compatible format and print an OpenSSH compatible private
(or public) key to stdout.
.Nm
also reads the
.Sq SECSH Public Key File Format .
This option allows importing keys from several commercial
SSH implementations.
.It Fl l
Show fingerprint of specified public key file.
Private RSA1 keys are also supported.
For RSA and DSA keys
.Nm
tries to find the matching public key file and prints its fingerprint.
.It Fl p
Requests changing the passphrase of a private key file instead of
creating a new private key.
The program will prompt for the file
containing the private key, for the old passphrase, and twice for the
new passphrase.
.It Fl q
Silence
.Nm ssh-keygen .
Used by
.Pa /etc/rc
when creating a new key.
.It Fl y
This option will read a private
OpenSSH format file and print an OpenSSH public key to stdout.
.It Fl t Ar type
Specifies the type of the key to create.
The possible values are
.Dq rsa1
for protocol version 1 and
.Dq rsa
or
.Dq dsa
for protocol version 2.
.It Fl B
Show the bubblebabble digest of specified private or public key file.
.It Fl C Ar comment
Provides the new comment.
.It Fl D Ar reader
Download the RSA public key stored in the smartcard in
.Ar reader .
.It Fl G Ar output_file
Generate candidate primes for DH-GEX.
These primes must be screened for
safety (using the
.Fl T
option) before use.
.It Fl M Ar memory
Specify the amount of memory to use (in megabytes) when generating
candidate moduli for DH-GEX.
.It Fl N Ar new_passphrase
Provides the new passphrase.
.It Fl P Ar passphrase
Provides the (old) passphrase.
.It Fl S Ar start
Specify start point (in hex) when generating candidate moduli for DH-GEX.
.It Fl T Ar output_file
Test DH group exchange candidate primes (generated using the
.Fl G
option) for safety.
.It Fl W Ar generator
Specify desired generator when testing candidate moduli for DH-GEX.
.It Fl U Ar reader
Upload an existing RSA private key into the smartcard in
.Ar reader .
.It Fl v
Verbose mode.
Causes
.Nm
to print debugging messages about its progress.
This is helpful for debugging moduli generation.
Multiple
.Fl v
options increase the verbosity.
The maximum is 3.
.It Fl r Ar hostname
Print the SSHFP fingerprint resource record named
.Ar hostname
for the specified public key file.
.El
.Sh MODULI GENERATION
.Nm
may be used to generate groups for the Diffie-Hellman Group Exchange
(DH-GEX) protocol.
Generating these groups is a two-step process: first, candidate
primes are generated using a fast, but memory intensive process.
These candidate primes are then tested for suitability (a CPU-intensive
process).
.Pp
Generation of primes is performed using the
.Fl G
option.
The desired length of the primes may be specified by the
.Fl b
option.
For example:
.Pp
.Dl ssh-keygen -G moduli-2048.candidates -b 2048
.Pp
By default, the search for primes begins at a random point in the
desired length range.
This may be overridden using the
.Fl S
option, which specifies a different start point (in hex).
.Pp
Once a set of candidates have been generated, they must be tested for
suitability.
This may be performed using the
.Fl T
option.
In this mode
.Nm
will read candidates from standard input (or a file specified using the
.Fl f
option).
For example:
.Pp
.Dl ssh-keygen -T moduli-2048 -f moduli-2048.candidates
.Pp
By default, each candidate will be subjected to 100 primality tests.
This may be overridden using the
.Fl a
option.
The DH generator value will be chosen automatically for the
prime under consideration.
If a specific generator is desired, it may be requested using the
.Fl W
option.
Valid generator values are 2, 3 and 5.
.Pp
Screened DH groups may be installed in
.Pa /etc/moduli .
It is important that this file contains moduli of a range of bit lengths and
that both ends of a connection share common moduli.
.Sh FILES
.Bl -tag -width Ds
.It Pa $HOME/.ssh/identity
Contains the protocol version 1 RSA authentication identity of the user.
This file should not be readable by anyone but the user.
It is possible to
specify a passphrase when generating the key; that passphrase will be
used to encrypt the private part of this file using 3DES.
This file is not automatically accessed by
.Nm
but it is offered as the default file for the private key.
.Xr ssh 1
will read this file when a login attempt is made.
.It Pa $HOME/.ssh/identity.pub
Contains the protocol version 1 RSA public key for authentication.
The contents of this file should be added to
.Pa $HOME/.ssh/authorized_keys
on all machines
where the user wishes to log in using RSA authentication.
There is no need to keep the contents of this file secret.
.It Pa $HOME/.ssh/id_dsa
Contains the protocol version 2 DSA authentication identity of the user.
This file should not be readable by anyone but the user.
It is possible to
specify a passphrase when generating the key; that passphrase will be
used to encrypt the private part of this file using 3DES.
This file is not automatically accessed by
.Nm
but it is offered as the default file for the private key.
.Xr ssh 1
will read this file when a login attempt is made.
.It Pa $HOME/.ssh/id_dsa.pub
Contains the protocol version 2 DSA public key for authentication.
The contents of this file should be added to
.Pa $HOME/.ssh/authorized_keys
on all machines
where the user wishes to log in using public key authentication.
There is no need to keep the contents of this file secret.
.It Pa $HOME/.ssh/id_rsa
Contains the protocol version 2 RSA authentication identity of the user.
This file should not be readable by anyone but the user.
It is possible to
specify a passphrase when generating the key; that passphrase will be
used to encrypt the private part of this file using 3DES.
This file is not automatically accessed by
.Nm
but it is offered as the default file for the private key.
.Xr ssh 1
will read this file when a login attempt is made.
.It Pa $HOME/.ssh/id_rsa.pub
Contains the protocol version 2 RSA public key for authentication.
The contents of this file should be added to
.Pa $HOME/.ssh/authorized_keys
on all machines
where the user wishes to log in using public key authentication.
There is no need to keep the contents of this file secret.
.It Pa /etc/moduli
Contains Diffie-Hellman groups used for DH-GEX.
The file format is described in
.Xr moduli 5 .
.El
.Sh SEE ALSO
.Xr ssh 1 ,
.Xr ssh-add 1 ,
.Xr ssh-agent 1 ,
.Xr moduli 5 ,
.Xr sshd 8
.Rs
.%A J. Galbraith
.%A R. Thayer
.%T "SECSH Public Key File Format"
.%N draft-ietf-secsh-publickeyfile-01.txt
.%D March 2001
.%O work in progress material
.Re
.Sh AUTHORS
OpenSSH is a derivative of the original and free
ssh 1.2.12 release by Tatu Ylonen.
Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
Theo de Raadt and Dug Song
removed many bugs, re-added newer features and
created OpenSSH.
Markus Friedl contributed the support for SSH
protocol versions 1.5 and 2.0.
Commit	Line	Data
c9f39d2c	1	.\" $OpenBSD: ssh-keygen.1,v 1.63 2004/08/13 00:01:43 jmc Exp $
3c0ef626	2	.\"
	3	.\" -- nroff --
	4	.\"
	5	.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
	6	.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
	7	.\" All rights reserved
	8	.\"
	9	.\" As far as I am concerned, the code I have written for this software
	10	.\" can be used freely for any purpose. Any derived versions of this
	11	.\" software must be clearly marked as such, and if the derived work is
	12	.\" incompatible with the protocol description in the RFC file, it must be
	13	.\" called by a name other than "ssh" or "Secure Shell".
	14	.\"
	15	.\"
	16	.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
	17	.\" Copyright (c) 1999 Aaron Campbell. All rights reserved.
	18	.\" Copyright (c) 1999 Theo de Raadt. All rights reserved.
	19	.\"
	20	.\" Redistribution and use in source and binary forms, with or without
	21	.\" modification, are permitted provided that the following conditions
	22	.\" are met:
	23	.\" 1. Redistributions of source code must retain the above copyright
	24	.\" notice, this list of conditions and the following disclaimer.
	25	.\" 2. Redistributions in binary form must reproduce the above copyright
	26	.\" notice, this list of conditions and the following disclaimer in the
	27	.\" documentation and/or other materials provided with the distribution.
	28	.\"
	29	.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
	30	.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
	31	.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	32	.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
	33	.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	34	.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	35	.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	36	.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	37	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
	38	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	39	.\"
	40	.Dd September 25, 1999
	41	.Dt SSH-KEYGEN 1
	42	.Os
	43	.Sh NAME
	44	.Nm ssh-keygen
	45	.Nd authentication key generation, management and conversion
	46	.Sh SYNOPSIS
	47	.Nm ssh-keygen
6a9b3198	48	.Bk -words
3c0ef626	49	.Op Fl q
3c0ef626	50	.Op Fl b Ar bits
e9a17296	51	.Fl t Ar type
3c0ef626	52	.Op Fl N Ar new_passphrase
	53	.Op Fl C Ar comment
	54	.Op Fl f Ar output_keyfile
6a9b3198	55	.Ek
3c0ef626	56	.Nm ssh-keygen
	57	.Fl p
	58	.Op Fl P Ar old_passphrase
	59	.Op Fl N Ar new_passphrase
	60	.Op Fl f Ar keyfile
	61	.Nm ssh-keygen
	62	.Fl i
	63	.Op Fl f Ar input_keyfile
	64	.Nm ssh-keygen
	65	.Fl e
	66	.Op Fl f Ar input_keyfile
	67	.Nm ssh-keygen
	68	.Fl y
	69	.Op Fl f Ar input_keyfile
	70	.Nm ssh-keygen
	71	.Fl c
	72	.Op Fl P Ar passphrase
	73	.Op Fl C Ar comment
	74	.Op Fl f Ar keyfile
	75	.Nm ssh-keygen
	76	.Fl l
	77	.Op Fl f Ar input_keyfile
	78	.Nm ssh-keygen
	79	.Fl B
	80	.Op Fl f Ar input_keyfile
	81	.Nm ssh-keygen
	82	.Fl D Ar reader
	83	.Nm ssh-keygen
	84	.Fl U Ar reader
	85	.Op Fl f Ar input_keyfile
0fff78ff	86	.Nm ssh-keygen
	87	.Fl r Ar hostname
	88	.Op Fl f Ar input_keyfile
	89	.Op Fl g
	90	.Nm ssh-keygen
	91	.Fl G Ar output_file
cdd66111	92	.Op Fl v
0fff78ff	93	.Op Fl b Ar bits
	94	.Op Fl M Ar memory
	95	.Op Fl S Ar start_point
	96	.Nm ssh-keygen
	97	.Fl T Ar output_file
	98	.Fl f Ar input_file
cdd66111	99	.Op Fl v
0fff78ff	100	.Op Fl a Ar num_trials
0fff78ff	101	.Op Fl W Ar generator
3c0ef626	102	.Sh DESCRIPTION
	103	.Nm
	104	generates, manages and converts authentication keys for
	105	.Xr ssh 1 .
	106	.Nm
f5799ae1	107	can create RSA keys for use by SSH protocol version 1 and RSA or DSA
0fff78ff	108	keys for use by SSH protocol version 2.
0fff78ff	109	The type of key to be generated is specified with the
3c0ef626	110	.Fl t
e9a17296	111	option.
3c0ef626	112	.Pp
0fff78ff	113	.Nm
	114	is also used to generate groups for use in Diffie-Hellman group
	115	exchange (DH-GEX).
	116	See the
	117	.Sx MODULI GENERATION
	118	section for details.
	119	.Pp
3c0ef626	120	Normally each user wishing to use SSH
	121	with RSA or DSA authentication runs this once to create the authentication
	122	key in
	123	.Pa $HOME/.ssh/identity ,
	124	.Pa $HOME/.ssh/id_dsa
	125	or
	126	.Pa $HOME/.ssh/id_rsa .
	127	Additionally, the system administrator may use this to generate host keys,
	128	as seen in
	129	.Pa /etc/rc .
	130	.Pp
	131	Normally this program generates the key and asks for a file in which
	132	to store the private key.
	133	The public key is stored in a file with the same name but
	134	.Dq .pub
	135	appended.
	136	The program also asks for a passphrase.
	137	The passphrase may be empty to indicate no passphrase
	138	(host keys must have an empty passphrase), or it may be a string of
	139	arbitrary length.
e9a17296	140	A passphrase is similar to a password, except it can be a phrase with a
	141	series of words, punctuation, numbers, whitespace, or any string of
	142	characters you want.
	143	Good passphrases are 10-30 characters long, are
3c0ef626	144	not simple sentences or otherwise easily guessable (English
3c0ef626	145	prose has only 1-2 bits of entropy per character, and provides very bad
e9a17296	146	passphrases), and contain a mix of upper and lowercase letters,
e9a17296	147	numbers, and non-alphanumeric characters.
3c0ef626	148	The passphrase can be changed later by using the
	149	.Fl p
	150	option.
	151	.Pp
	152	There is no way to recover a lost passphrase.
	153	If the passphrase is
	154	lost or forgotten, a new key must be generated and copied to the
	155	corresponding public key to other machines.
	156	.Pp
	157	For RSA1 keys,
	158	there is also a comment field in the key file that is only for
	159	convenience to the user to help identify the key.
	160	The comment can tell what the key is for, or whatever is useful.
	161	The comment is initialized to
	162	.Dq user@host
	163	when the key is created, but can be changed using the
	164	.Fl c
	165	option.
	166	.Pp
	167	After a key is generated, instructions below detail where the keys
	168	should be placed to be activated.
	169	.Pp
	170	The options are as follows:
	171	.Bl -tag -width Ds
0fff78ff	172	.It Fl a Ar trials
	173	Specifies the number of primality tests to perform when screening DH-GEX
	174	candidates using the
	175	.Fl T
	176	command.
3c0ef626	177	.It Fl b Ar bits
	178	Specifies the number of bits in the key to create.
	179	Minimum is 512 bits.
6a9b3198	180	Generally, 1024 bits is considered sufficient.
3c0ef626	181	The default is 1024 bits.
	182	.It Fl c
	183	Requests changing the comment in the private and public key files.
	184	This operation is only supported for RSA1 keys.
	185	The program will prompt for the file containing the private keys, for
	186	the passphrase if the key has one, and for the new comment.
	187	.It Fl e
	188	This option will read a private or public OpenSSH key file and
	189	print the key in a
	190	.Sq SECSH Public Key File Format
	191	to stdout.
	192	This option allows exporting keys for use by several commercial
	193	SSH implementations.
0fff78ff	194	.It Fl g
c9f39d2c	195	Use generic DNS format when printing fingerprint resource records using the
	196	.Fl r
	197	command.
3c0ef626	198	.It Fl f Ar filename
	199	Specifies the filename of the key file.
	200	.It Fl i
	201	This option will read an unencrypted private (or public) key file
	202	in SSH2-compatible format and print an OpenSSH compatible private
	203	(or public) key to stdout.
	204	.Nm
	205	also reads the
	206	.Sq SECSH Public Key File Format .
	207	This option allows importing keys from several commercial
	208	SSH implementations.
	209	.It Fl l
	210	Show fingerprint of specified public key file.
	211	Private RSA1 keys are also supported.
	212	For RSA and DSA keys
	213	.Nm
	214	tries to find the matching public key file and prints its fingerprint.
	215	.It Fl p
	216	Requests changing the passphrase of a private key file instead of
	217	creating a new private key.
	218	The program will prompt for the file
	219	containing the private key, for the old passphrase, and twice for the
	220	new passphrase.
	221	.It Fl q
	222	Silence
	223	.Nm ssh-keygen .
	224	Used by
	225	.Pa /etc/rc
	226	when creating a new key.
	227	.It Fl y
	228	This option will read a private
	229	OpenSSH format file and print an OpenSSH public key to stdout.
	230	.It Fl t Ar type
	231	Specifies the type of the key to create.
	232	The possible values are
	233	.Dq rsa1
	234	for protocol version 1 and
	235	.Dq rsa
	236	or
	237	.Dq dsa
	238	for protocol version 2.
3c0ef626	239	.It Fl B
	240	Show the bubblebabble digest of specified private or public key file.
	241	.It Fl C Ar comment
	242	Provides the new comment.
	243	.It Fl D Ar reader
	244	Download the RSA public key stored in the smartcard in
	245	.Ar reader .
0fff78ff	246	.It Fl G Ar output_file
	247	Generate candidate primes for DH-GEX.
	248	These primes must be screened for
	249	safety (using the
	250	.Fl T
	251	option) before use.
	252	.It Fl M Ar memory
	253	Specify the amount of memory to use (in megabytes) when generating
	254	candidate moduli for DH-GEX.
3c0ef626	255	.It Fl N Ar new_passphrase
	256	Provides the new passphrase.
	257	.It Fl P Ar passphrase
	258	Provides the (old) passphrase.
0fff78ff	259	.It Fl S Ar start
	260	Specify start point (in hex) when generating candidate moduli for DH-GEX.
	261	.It Fl T Ar output_file
	262	Test DH group exchange candidate primes (generated using the
	263	.Fl G
	264	option) for safety.
	265	.It Fl W Ar generator
	266	Specify desired generator when testing candidate moduli for DH-GEX.
3c0ef626	267	.It Fl U Ar reader
	268	Upload an existing RSA private key into the smartcard in
	269	.Ar reader .
cdd66111	270	.It Fl v
	271	Verbose mode.
	272	Causes
	273	.Nm
	274	to print debugging messages about its progress.
	275	This is helpful for debugging moduli generation.
	276	Multiple
	277	.Fl v
	278	options increase the verbosity.
	279	The maximum is 3.
0fff78ff	280	.It Fl r Ar hostname
c9f39d2c	281	Print the SSHFP fingerprint resource record named
	282	.Ar hostname
	283	for the specified public key file.
3c0ef626	284	.El
0fff78ff	285	.Sh MODULI GENERATION
	286	.Nm
	287	may be used to generate groups for the Diffie-Hellman Group Exchange
	288	(DH-GEX) protocol.
	289	Generating these groups is a two-step process: first, candidate
	290	primes are generated using a fast, but memory intensive process.
	291	These candidate primes are then tested for suitability (a CPU-intensive
	292	process).
	293	.Pp
	294	Generation of primes is performed using the
	295	.Fl G
	296	option.
	297	The desired length of the primes may be specified by the
	298	.Fl b
	299	option.
	300	For example:
	301	.Pp
	302	.Dl ssh-keygen -G moduli-2048.candidates -b 2048
	303	.Pp
	304	By default, the search for primes begins at a random point in the
	305	desired length range.
	306	This may be overridden using the
	307	.Fl S
	308	option, which specifies a different start point (in hex).
	309	.Pp
	310	Once a set of candidates have been generated, they must be tested for
	311	suitability.
	312	This may be performed using the
	313	.Fl T
	314	option.
	315	In this mode
	316	.Nm
	317	will read candidates from standard input (or a file specified using the
	318	.Fl f
	319	option).
	320	For example:
	321	.Pp
	322	.Dl ssh-keygen -T moduli-2048 -f moduli-2048.candidates
	323	.Pp
	324	By default, each candidate will be subjected to 100 primality tests.
	325	This may be overridden using the
	326	.Fl a
	327	option.
	328	The DH generator value will be chosen automatically for the
	329	prime under consideration.
	330	If a specific generator is desired, it may be requested using the
	331	.Fl W
	332	option.
	333	Valid generator values are 2, 3 and 5.
	334	.Pp
	335	Screened DH groups may be installed in
	336	.Pa /etc/moduli .
	337	It is important that this file contains moduli of a range of bit lengths and
	338	that both ends of a connection share common moduli.
3c0ef626	339	.Sh FILES
	340	.Bl -tag -width Ds
	341	.It Pa $HOME/.ssh/identity
	342	Contains the protocol version 1 RSA authentication identity of the user.
	343	This file should not be readable by anyone but the user.
	344	It is possible to
	345	specify a passphrase when generating the key; that passphrase will be
	346	used to encrypt the private part of this file using 3DES.
	347	This file is not automatically accessed by
	348	.Nm
	349	but it is offered as the default file for the private key.
	350	.Xr ssh 1
	351	will read this file when a login attempt is made.
	352	.It Pa $HOME/.ssh/identity.pub
	353	Contains the protocol version 1 RSA public key for authentication.
	354	The contents of this file should be added to
	355	.Pa $HOME/.ssh/authorized_keys
	356	on all machines
	357	where the user wishes to log in using RSA authentication.
	358	There is no need to keep the contents of this file secret.
	359	.It Pa $HOME/.ssh/id_dsa
	360	Contains the protocol version 2 DSA authentication identity of the user.
	361	This file should not be readable by anyone but the user.
	362	It is possible to
	363	specify a passphrase when generating the key; that passphrase will be
	364	used to encrypt the private part of this file using 3DES.
	365	This file is not automatically accessed by
	366	.Nm
	367	but it is offered as the default file for the private key.
	368	.Xr ssh 1
	369	will read this file when a login attempt is made.
	370	.It Pa $HOME/.ssh/id_dsa.pub
	371	Contains the protocol version 2 DSA public key for authentication.
	372	The contents of this file should be added to
	373	.Pa $HOME/.ssh/authorized_keys
	374	on all machines
	375	where the user wishes to log in using public key authentication.
	376	There is no need to keep the contents of this file secret.
	377	.It Pa $HOME/.ssh/id_rsa
	378	Contains the protocol version 2 RSA authentication identity of the user.
	379	This file should not be readable by anyone but the user.
	380	It is possible to
	381	specify a passphrase when generating the key; that passphrase will be
	382	used to encrypt the private part of this file using 3DES.
	383	This file is not automatically accessed by
	384	.Nm
	385	but it is offered as the default file for the private key.
	386	.Xr ssh 1
	387	will read this file when a login attempt is made.
	388	.It Pa $HOME/.ssh/id_rsa.pub
	389	Contains the protocol version 2 RSA public key for authentication.
	390	The contents of this file should be added to
	391	.Pa $HOME/.ssh/authorized_keys
	392	on all machines
	393	where the user wishes to log in using public key authentication.
	394	There is no need to keep the contents of this file secret.
0fff78ff	395	.It Pa /etc/moduli
	396	Contains Diffie-Hellman groups used for DH-GEX.
	397	The file format is described in
	398	.Xr moduli 5 .
3c0ef626	399	.El
3c0ef626	400	.Sh SEE ALSO
	401	.Xr ssh 1 ,
	402	.Xr ssh-add 1 ,
	403	.Xr ssh-agent 1 ,
0fff78ff	404	.Xr moduli 5 ,
3c0ef626	405	.Xr sshd 8
	406	.Rs
	407	.%A J. Galbraith
	408	.%A R. Thayer
	409	.%T "SECSH Public Key File Format"
	410	.%N draft-ietf-secsh-publickeyfile-01.txt
	411	.%D March 2001
	412	.%O work in progress material
	413	.Re
0fff78ff	414	.Sh AUTHORS
	415	OpenSSH is a derivative of the original and free
	416	ssh 1.2.12 release by Tatu Ylonen.
	417	Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
	418	Theo de Raadt and Dug Song
	419	removed many bugs, re-added newer features and
	420	created OpenSSH.
	421	Markus Friedl contributed the support for SSH
	422	protocol versions 1.5 and 2.0.