Import of OpenSSH 5.1p1

[gssapi-openssh.git] / openssh / ssh-keygen.1

diff --git a/openssh/ssh-keygen.1 b/openssh/ssh-keygen.1
index c14eed14e81be949a6f987786994bcc25b028733..3fff59e770825fe3590c385910b582f4e2fab1fa 100644 (file)
--- a/openssh/ssh-keygen.1
+++ b/openssh/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\"    $OpenBSD: ssh-keygen.1,v 1.67 2005/03/14 10:09:03 dtucker Exp $
+.\"    $OpenBSD: ssh-keygen.1,v 1.78 2008/06/12 19:10:09 jmc Exp $
 .\"
 .\"  -*- nroff -*-
 .\"
@@ -37,7 +37,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd September 25, 1999
+.Dd $Mdocdate: June 12 2008 $
 .Dt SSH-KEYGEN 1
 .Os
 .Sh NAME
@@ -118,6 +118,9 @@ keys for use by SSH protocol version 2.
 The type of key to be generated is specified with the
 .Fl t
 option.
+If invoked without any arguments,
+.Nm
+will generate an RSA key for use in SSH protocol 2 connections.
 .Pp
 .Nm
 is also used to generate groups for use in Diffie-Hellman group
@@ -129,10 +132,10 @@ section for details.
 Normally each user wishing to use SSH
 with RSA or DSA authentication runs this once to create the authentication
 key in
-.Pa $HOME/.ssh/identity ,
-.Pa $HOME/.ssh/id_dsa
+.Pa ~/.ssh/identity ,
+.Pa ~/.ssh/id_dsa
 or
-.Pa $HOME/.ssh/id_rsa .
+.Pa ~/.ssh/id_rsa .
 Additionally, the system administrator may use this to generate host keys,
 as seen in
 .Pa /etc/rc .
@@ -187,9 +190,9 @@ command.
 Show the bubblebabble digest of specified private or public key file.
 .It Fl b Ar bits
 Specifies the number of bits in the key to create.
-Minimum is 512 bits.
-Generally, 1024 bits is considered sufficient.
-The default is 1024 bits.
+For RSA keys, the minimum size is 768 bits and the default is 2048 bits.
+Generally, 2048 bits is considered sufficient.
+DSA keys must be exactly 1024 bits as specified by FIPS 186-2.
 .It Fl C Ar comment
 Provides a new comment.
 .It Fl c
@@ -202,8 +205,8 @@ Download the RSA public key stored in the smartcard in
 .Ar reader .
 .It Fl e
 This option will read a private or public OpenSSH key file and
-print the key in a
-.Sq SECSH Public Key File Format
+print the key in
+RFC 4716 SSH Public Key File Format
 to stdout.
 This option allows exporting keys for use by several commercial
 SSH implementations.
@@ -250,7 +253,7 @@ in SSH2-compatible format and print an OpenSSH compatible private
 (or public) key to stdout.
 .Nm
 also reads the
-.Sq SECSH Public Key File Format .
+RFC 4716 SSH Public Key File Format.
 This option allows importing keys from several commercial
 SSH implementations.
 .It Fl l
@@ -259,6 +262,9 @@ Private RSA1 keys are also supported.
 For RSA and DSA keys
 .Nm
 tries to find the matching public key file and prints its fingerprint.
+If combined with
+.Fl v ,
+an ASCII art representation of the key is supplied with the fingerprint.
 .It Fl M Ar memory
 Specify the amount of memory to use (in megabytes) when generating
 candidate moduli for DH-GEX.
@@ -381,7 +387,7 @@ It is important that this file contains moduli of a range of bit lengths and
 that both ends of a connection share common moduli.
 .Sh FILES
 .Bl -tag -width Ds
-.It Pa $HOME/.ssh/identity
+.It Pa ~/.ssh/identity
 Contains the protocol version 1 RSA authentication identity of the user.
 This file should not be readable by anyone but the user.
 It is possible to
@@ -392,14 +398,14 @@ This file is not automatically accessed by
 but it is offered as the default file for the private key.
 .Xr ssh 1
 will read this file when a login attempt is made.
-.It Pa $HOME/.ssh/identity.pub
+.It Pa ~/.ssh/identity.pub
 Contains the protocol version 1 RSA public key for authentication.
 The contents of this file should be added to
-.Pa $HOME/.ssh/authorized_keys
+.Pa ~/.ssh/authorized_keys
 on all machines
 where the user wishes to log in using RSA authentication.
 There is no need to keep the contents of this file secret.
-.It Pa $HOME/.ssh/id_dsa
+.It Pa ~/.ssh/id_dsa
 Contains the protocol version 2 DSA authentication identity of the user.
 This file should not be readable by anyone but the user.
 It is possible to
@@ -410,14 +416,14 @@ This file is not automatically accessed by
 but it is offered as the default file for the private key.
 .Xr ssh 1
 will read this file when a login attempt is made.
-.It Pa $HOME/.ssh/id_dsa.pub
+.It Pa ~/.ssh/id_dsa.pub
 Contains the protocol version 2 DSA public key for authentication.
 The contents of this file should be added to
-.Pa $HOME/.ssh/authorized_keys
+.Pa ~/.ssh/authorized_keys
 on all machines
 where the user wishes to log in using public key authentication.
 There is no need to keep the contents of this file secret.
-.It Pa $HOME/.ssh/id_rsa
+.It Pa ~/.ssh/id_rsa
 Contains the protocol version 2 RSA authentication identity of the user.
 This file should not be readable by anyone but the user.
 It is possible to
@@ -428,10 +434,10 @@ This file is not automatically accessed by
 but it is offered as the default file for the private key.
 .Xr ssh 1
 will read this file when a login attempt is made.
-.It Pa $HOME/.ssh/id_rsa.pub
+.It Pa ~/.ssh/id_rsa.pub
 Contains the protocol version 2 RSA public key for authentication.
 The contents of this file should be added to
-.Pa $HOME/.ssh/authorized_keys
+.Pa ~/.ssh/authorized_keys
 on all machines
 where the user wishes to log in using public key authentication.
 There is no need to keep the contents of this file secret.
@@ -447,12 +453,9 @@ The file format is described in
 .Xr moduli 5 ,
 .Xr sshd 8
 .Rs
-.%A J. Galbraith
-.%A R. Thayer
-.%T "SECSH Public Key File Format"
-.%N draft-ietf-secsh-publickeyfile-01.txt
-.%D March 2001
-.%O work in progress material
+.%R RFC 4716
+.%T "The Secure Shell (SSH) Public Key File Format"
+.%D 2006
 .Re
 .Sh AUTHORS
 OpenSSH is a derivative of the original and free