[openssh.git] / ssh-keygen.1

.\"	$OpenBSD: ssh-keygen.1,v 1.61 2003/12/22 09:16:58 djm Exp $
.\"
.\"  -*- nroff -*-
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
.\"                    All rights reserved
.\"
.\" As far as I am concerned, the code I have written for this software
.\" can be used freely for any purpose.  Any derived versions of this
.\" software must be clearly marked as such, and if the derived work is
.\" incompatible with the protocol description in the RFC file, it must be
.\" called by a name other than "ssh" or "Secure Shell".
.\"
.\"
.\" Copyright (c) 1999,2000 Markus Friedl.  All rights reserved.
.\" Copyright (c) 1999 Aaron Campbell.  All rights reserved.
.\" Copyright (c) 1999 Theo de Raadt.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd September 25, 1999
.Dt SSH-KEYGEN 1
.Os
.Sh NAME
.Nm ssh-keygen
.Nd authentication key generation, management and conversion
.Sh SYNOPSIS
.Nm ssh-keygen
.Bk -words
.Op Fl q
.Op Fl b Ar bits
.Fl t Ar type
.Op Fl N Ar new_passphrase
.Op Fl C Ar comment
.Op Fl f Ar output_keyfile
.Ek
.Nm ssh-keygen
.Fl p
.Op Fl P Ar old_passphrase
.Op Fl N Ar new_passphrase
.Op Fl f Ar keyfile
.Nm ssh-keygen
.Fl i
.Op Fl f Ar input_keyfile
.Nm ssh-keygen
.Fl e
.Op Fl f Ar input_keyfile
.Nm ssh-keygen
.Fl y
.Op Fl f Ar input_keyfile
.Nm ssh-keygen
.Fl c
.Op Fl P Ar passphrase
.Op Fl C Ar comment
.Op Fl f Ar keyfile
.Nm ssh-keygen
.Fl l
.Op Fl f Ar input_keyfile
.Nm ssh-keygen
.Fl B
.Op Fl f Ar input_keyfile
.Nm ssh-keygen
.Fl D Ar reader
.Nm ssh-keygen
.Fl U Ar reader
.Op Fl f Ar input_keyfile
.Nm ssh-keygen
.Fl r Ar hostname
.Op Fl f Ar input_keyfile
.Op Fl g
.Nm ssh-keygen
.Fl G Ar output_file
.Op Fl v
.Op Fl b Ar bits
.Op Fl M Ar memory
.Op Fl S Ar start_point
.Nm ssh-keygen
.Fl T Ar output_file
.Fl f Ar input_file
.Op Fl v
.Op Fl a Ar num_trials
.Op Fl W Ar generator
.Sh DESCRIPTION
.Nm
generates, manages and converts authentication keys for
.Xr ssh 1 .
.Nm
can create RSA keys for use by SSH protocol version 1 and RSA or DSA
keys for use by SSH protocol version 2.
The type of key to be generated is specified with the
.Fl t
option.
.Pp
.Nm
is also used to generate groups for use in Diffie-Hellman group
exchange (DH-GEX).
See the
.Sx MODULI GENERATION
section for details.
.Pp
Normally each user wishing to use SSH
with RSA or DSA authentication runs this once to create the authentication
key in
.Pa $HOME/.ssh/identity ,
.Pa $HOME/.ssh/id_dsa
or
.Pa $HOME/.ssh/id_rsa .
Additionally, the system administrator may use this to generate host keys,
as seen in
.Pa /etc/rc .
.Pp
Normally this program generates the key and asks for a file in which
to store the private key.
The public key is stored in a file with the same name but
.Dq .pub
appended.
The program also asks for a passphrase.
The passphrase may be empty to indicate no passphrase
(host keys must have an empty passphrase), or it may be a string of
arbitrary length.
A passphrase is similar to a password, except it can be a phrase with a
series of words, punctuation, numbers, whitespace, or any string of
characters you want.
Good passphrases are 10-30 characters long, are
not simple sentences or otherwise easily guessable (English
prose has only 1-2 bits of entropy per character, and provides very bad
passphrases), and contain a mix of upper and lowercase letters,
numbers, and non-alphanumeric characters.
The passphrase can be changed later by using the
.Fl p
option.
.Pp
There is no way to recover a lost passphrase.
If the passphrase is
lost or forgotten, a new key must be generated and copied to the
corresponding public key to other machines.
.Pp
For RSA1 keys,
there is also a comment field in the key file that is only for
convenience to the user to help identify the key.
The comment can tell what the key is for, or whatever is useful.
The comment is initialized to
.Dq user@host
when the key is created, but can be changed using the
.Fl c
option.
.Pp
After a key is generated, instructions below detail where the keys
should be placed to be activated.
.Pp
The options are as follows:
.Bl -tag -width Ds
.It Fl a Ar trials
Specifies the number of primality tests to perform when screening DH-GEX
candidates using the
.Fl T
command.
.It Fl b Ar bits
Specifies the number of bits in the key to create.
Minimum is 512 bits.
Generally, 1024 bits is considered sufficient.
The default is 1024 bits.
.It Fl c
Requests changing the comment in the private and public key files.
This operation is only supported for RSA1 keys.
The program will prompt for the file containing the private keys, for
the passphrase if the key has one, and for the new comment.
.It Fl e
This option will read a private or public OpenSSH key file and
print the key in a
.Sq SECSH Public Key File Format
to stdout.
This option allows exporting keys for use by several commercial
SSH implementations.
.It Fl g
Use generic DNS resource record format.
.It Fl f Ar filename
Specifies the filename of the key file.
.It Fl i
This option will read an unencrypted private (or public) key file
in SSH2-compatible format and print an OpenSSH compatible private
(or public) key to stdout.
.Nm
also reads the
.Sq SECSH Public Key File Format .
This option allows importing keys from several commercial
SSH implementations.
.It Fl l
Show fingerprint of specified public key file.
Private RSA1 keys are also supported.
For RSA and DSA keys
.Nm
tries to find the matching public key file and prints its fingerprint.
.It Fl p
Requests changing the passphrase of a private key file instead of
creating a new private key.
The program will prompt for the file
containing the private key, for the old passphrase, and twice for the
new passphrase.
.It Fl q
Silence
.Nm ssh-keygen .
Used by
.Pa /etc/rc
when creating a new key.
.It Fl y
This option will read a private
OpenSSH format file and print an OpenSSH public key to stdout.
.It Fl t Ar type
Specifies the type of the key to create.
The possible values are
.Dq rsa1
for protocol version 1 and
.Dq rsa
or
.Dq dsa
for protocol version 2.
.It Fl B
Show the bubblebabble digest of specified private or public key file.
.It Fl C Ar comment
Provides the new comment.
.It Fl D Ar reader
Download the RSA public key stored in the smartcard in
.Ar reader .
.It Fl G Ar output_file
Generate candidate primes for DH-GEX.
These primes must be screened for
safety (using the
.Fl T
option) before use.
.It Fl M Ar memory
Specify the amount of memory to use (in megabytes) when generating
candidate moduli for DH-GEX.
.It Fl N Ar new_passphrase
Provides the new passphrase.
.It Fl P Ar passphrase
Provides the (old) passphrase.
.It Fl S Ar start
Specify start point (in hex) when generating candidate moduli for DH-GEX.
.It Fl T Ar output_file
Test DH group exchange candidate primes (generated using the
.Fl G
option) for safety.
.It Fl W Ar generator
Specify desired generator when testing candidate moduli for DH-GEX.
.It Fl U Ar reader
Upload an existing RSA private key into the smartcard in
.Ar reader .
.It Fl v
Verbose mode.
Causes
.Nm
to print debugging messages about its progress.
This is helpful for debugging moduli generation.
Multiple
.Fl v
options increase the verbosity.
The maximum is 3.
.It Fl r Ar hostname
Print DNS resource record with the specified
.Ar hostname .
.El
.Sh MODULI GENERATION
.Nm
may be used to generate groups for the Diffie-Hellman Group Exchange
(DH-GEX) protocol.
Generating these groups is a two-step process: first, candidate
primes are generated using a fast, but memory intensive process.
These candidate primes are then tested for suitability (a CPU-intensive
process).
.Pp
Generation of primes is performed using the
.Fl G
option.
The desired length of the primes may be specified by the
.Fl b
option.
For example:
.Pp
.Dl ssh-keygen -G moduli-2048.candidates -b 2048
.Pp
By default, the search for primes begins at a random point in the
desired length range.
This may be overridden using the
.Fl S
option, which specifies a different start point (in hex).
.Pp
Once a set of candidates have been generated, they must be tested for
suitability.
This may be performed using the
.Fl T
option.
In this mode
.Nm
will read candidates from standard input (or a file specified using the
.Fl f
option).
For example:
.Pp
.Dl ssh-keygen -T moduli-2048 -f moduli-2048.candidates
.Pp
By default, each candidate will be subjected to 100 primality tests.
This may be overridden using the
.Fl a
option.
The DH generator value will be chosen automatically for the
prime under consideration.
If a specific generator is desired, it may be requested using the
.Fl W
option.
Valid generator values are 2, 3 and 5.
.Pp
Screened DH groups may be installed in
.Pa /etc/moduli .
It is important that this file contains moduli of a range of bit lengths and
that both ends of a connection share common moduli.
.Sh FILES
.Bl -tag -width Ds
.It Pa $HOME/.ssh/identity
Contains the protocol version 1 RSA authentication identity of the user.
This file should not be readable by anyone but the user.
It is possible to
specify a passphrase when generating the key; that passphrase will be
used to encrypt the private part of this file using 3DES.
This file is not automatically accessed by
.Nm
but it is offered as the default file for the private key.
.Xr ssh 1
will read this file when a login attempt is made.
.It Pa $HOME/.ssh/identity.pub
Contains the protocol version 1 RSA public key for authentication.
The contents of this file should be added to
.Pa $HOME/.ssh/authorized_keys
on all machines
where the user wishes to log in using RSA authentication.
There is no need to keep the contents of this file secret.
.It Pa $HOME/.ssh/id_dsa
Contains the protocol version 2 DSA authentication identity of the user.
This file should not be readable by anyone but the user.
It is possible to
specify a passphrase when generating the key; that passphrase will be
used to encrypt the private part of this file using 3DES.
This file is not automatically accessed by
.Nm
but it is offered as the default file for the private key.
.Xr ssh 1
will read this file when a login attempt is made.
.It Pa $HOME/.ssh/id_dsa.pub
Contains the protocol version 2 DSA public key for authentication.
The contents of this file should be added to
.Pa $HOME/.ssh/authorized_keys
on all machines
where the user wishes to log in using public key authentication.
There is no need to keep the contents of this file secret.
.It Pa $HOME/.ssh/id_rsa
Contains the protocol version 2 RSA authentication identity of the user.
This file should not be readable by anyone but the user.
It is possible to
specify a passphrase when generating the key; that passphrase will be
used to encrypt the private part of this file using 3DES.
This file is not automatically accessed by
.Nm
but it is offered as the default file for the private key.
.Xr ssh 1
will read this file when a login attempt is made.
.It Pa $HOME/.ssh/id_rsa.pub
Contains the protocol version 2 RSA public key for authentication.
The contents of this file should be added to
.Pa $HOME/.ssh/authorized_keys
on all machines
where the user wishes to log in using public key authentication.
There is no need to keep the contents of this file secret.
.It Pa /etc/moduli
Contains Diffie-Hellman groups used for DH-GEX.
The file format is described in
.Xr moduli 5 .
.El
.Sh SEE ALSO
.Xr ssh 1 ,
.Xr ssh-add 1 ,
.Xr ssh-agent 1 ,
.Xr moduli 5 ,
.Xr sshd 8
.Rs
.%A J. Galbraith
.%A R. Thayer
.%T "SECSH Public Key File Format"
.%N draft-ietf-secsh-publickeyfile-01.txt
.%D March 2001
.%O work in progress material
.Re
.Sh AUTHORS
OpenSSH is a derivative of the original and free
ssh 1.2.12 release by Tatu Ylonen.
Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
Theo de Raadt and Dug Song
removed many bugs, re-added newer features and
created OpenSSH.
Markus Friedl contributed the support for SSH
protocol versions 1.5 and 2.0.
Commit	Line	Data
c6fbc95a	1	.\" $OpenBSD: ssh-keygen.1,v 1.61 2003/12/22 09:16:58 djm Exp $
23c2a7a5	2	.\"
bf740959	3	.\" -- nroff --
bf740959	4	.\"
bf740959	5	.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
bf740959	6	.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
	7	.\" All rights reserved
	8	.\"
bcbf86ec	9	.\" As far as I am concerned, the code I have written for this software
	10	.\" can be used freely for any purpose. Any derived versions of this
	11	.\" software must be clearly marked as such, and if the derived work is
	12	.\" incompatible with the protocol description in the RFC file, it must be
	13	.\" called by a name other than "ssh" or "Secure Shell".
	14	.\"
	15	.\"
f3c7c613	16	.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
	17	.\" Copyright (c) 1999 Aaron Campbell. All rights reserved.
	18	.\" Copyright (c) 1999 Theo de Raadt. All rights reserved.
bcbf86ec	19	.\"
	20	.\" Redistribution and use in source and binary forms, with or without
	21	.\" modification, are permitted provided that the following conditions
	22	.\" are met:
	23	.\" 1. Redistributions of source code must retain the above copyright
	24	.\" notice, this list of conditions and the following disclaimer.
	25	.\" 2. Redistributions in binary form must reproduce the above copyright
	26	.\" notice, this list of conditions and the following disclaimer in the
	27	.\" documentation and/or other materials provided with the distribution.
bf740959	28	.\"
bcbf86ec	29	.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
	30	.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
	31	.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	32	.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
	33	.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	34	.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	35	.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	36	.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	37	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
	38	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
bf740959	39	.\"
	40	.Dd September 25, 1999
	41	.Dt SSH-KEYGEN 1
	42	.Os
	43	.Sh NAME
	44	.Nm ssh-keygen
5deceabb	45	.Nd authentication key generation, management and conversion
bf740959	46	.Sh SYNOPSIS
bf740959	47	.Nm ssh-keygen
a4e5acef	48	.Bk -words
fa08c86b	49	.Op Fl q
bf740959	50	.Op Fl b Ar bits
2a55e100	51	.Fl t Ar type
bf740959	52	.Op Fl N Ar new_passphrase
bf740959	53	.Op Fl C Ar comment
7cd3766c	54	.Op Fl f Ar output_keyfile
a4e5acef	55	.Ek
bf740959	56	.Nm ssh-keygen
	57	.Fl p
	58	.Op Fl P Ar old_passphrase
	59	.Op Fl N Ar new_passphrase
f095fcc7	60	.Op Fl f Ar keyfile
bf740959	61	.Nm ssh-keygen
5deceabb	62	.Fl i
7cd3766c	63	.Op Fl f Ar input_keyfile
1d1ffb87	64	.Nm ssh-keygen
5deceabb	65	.Fl e
7cd3766c	66	.Op Fl f Ar input_keyfile
1d1ffb87	67	.Nm ssh-keygen
1d1ffb87	68	.Fl y
7cd3766c	69	.Op Fl f Ar input_keyfile
1d1ffb87	70	.Nm ssh-keygen
bf740959	71	.Fl c
	72	.Op Fl P Ar passphrase
	73	.Op Fl C Ar comment
f095fcc7	74	.Op Fl f Ar keyfile
	75	.Nm ssh-keygen
	76	.Fl l
aaf45d87	77	.Op Fl f Ar input_keyfile
	78	.Nm ssh-keygen
	79	.Fl B
7cd3766c	80	.Op Fl f Ar input_keyfile
f0d6bdcf	81	.Nm ssh-keygen
	82	.Fl D Ar reader
	83	.Nm ssh-keygen
	84	.Fl U Ar reader
	85	.Op Fl f Ar input_keyfile
21289cd0	86	.Nm ssh-keygen
	87	.Fl r Ar hostname
	88	.Op Fl f Ar input_keyfile
	89	.Op Fl g
c35a6dc5	90	.Nm ssh-keygen
c35a6dc5	91	.Fl G Ar output_file
c6fbc95a	92	.Op Fl v
c35a6dc5	93	.Op Fl b Ar bits
	94	.Op Fl M Ar memory
	95	.Op Fl S Ar start_point
	96	.Nm ssh-keygen
	97	.Fl T Ar output_file
	98	.Fl f Ar input_file
c6fbc95a	99	.Op Fl v
c35a6dc5	100	.Op Fl a Ar num_trials
c35a6dc5	101	.Op Fl W Ar generator
f54651ce	102	.Sh DESCRIPTION
bf740959	103	.Nm
5deceabb	104	generates, manages and converts authentication keys for
bf740959	105	.Xr ssh 1 .
1d1ffb87	106	.Nm
7203d6bb	107	can create RSA keys for use by SSH protocol version 1 and RSA or DSA
3cbc677d	108	keys for use by SSH protocol version 2.
3cbc677d	109	The type of key to be generated is specified with the
fa08c86b	110	.Fl t
3dc93cd8	111	option.
1d1ffb87	112	.Pp
c35a6dc5	113	.Nm
	114	is also used to generate groups for use in Diffie-Hellman group
	115	exchange (DH-GEX).
	116	See the
	117	.Sx MODULI GENERATION
	118	section for details.
	119	.Pp
bf740959	120	Normally each user wishing to use SSH
1d1ffb87	121	with RSA or DSA authentication runs this once to create the authentication
bf740959	122	key in
c0ecc314	123	.Pa $HOME/.ssh/identity ,
c0ecc314	124	.Pa $HOME/.ssh/id_dsa
1d1ffb87	125	or
c0ecc314	126	.Pa $HOME/.ssh/id_rsa .
1d1ffb87	127	Additionally, the system administrator may use this to generate host keys,
	128	as seen in
	129	.Pa /etc/rc .
bf740959	130	.Pp
bf740959	131	Normally this program generates the key and asks for a file in which
4fe2af09	132	to store the private key.
4fe2af09	133	The public key is stored in a file with the same name but
bf740959	134	.Dq .pub
4fe2af09	135	appended.
	136	The program also asks for a passphrase.
	137	The passphrase may be empty to indicate no passphrase
b5c334cc	138	(host keys must have an empty passphrase), or it may be a string of
4fe2af09	139	arbitrary length.
c840d0ad	140	A passphrase is similar to a password, except it can be a phrase with a
	141	series of words, punctuation, numbers, whitespace, or any string of
	142	characters you want.
	143	Good passphrases are 10-30 characters long, are
bf740959	144	not simple sentences or otherwise easily guessable (English
e5b71e99	145	prose has only 1-2 bits of entropy per character, and provides very bad
c840d0ad	146	passphrases), and contain a mix of upper and lowercase letters,
c840d0ad	147	numbers, and non-alphanumeric characters.
4fe2af09	148	The passphrase can be changed later by using the
bf740959	149	.Fl p
	150	option.
	151	.Pp
4fe2af09	152	There is no way to recover a lost passphrase.
4fe2af09	153	If the passphrase is
91789042	154	lost or forgotten, a new key must be generated and copied to the
bf740959	155	corresponding public key to other machines.
bf740959	156	.Pp
5deceabb	157	For RSA1 keys,
5deceabb	158	there is also a comment field in the key file that is only for
4fe2af09	159	convenience to the user to help identify the key.
	160	The comment can tell what the key is for, or whatever is useful.
	161	The comment is initialized to
bf740959	162	.Dq user@host
	163	when the key is created, but can be changed using the
	164	.Fl c
	165	option.
	166	.Pp
1d1ffb87	167	After a key is generated, instructions below detail where the keys
	168	should be placed to be activated.
	169	.Pp
bf740959	170	The options are as follows:
bf740959	171	.Bl -tag -width Ds
c35a6dc5	172	.It Fl a Ar trials
	173	Specifies the number of primality tests to perform when screening DH-GEX
	174	candidates using the
	175	.Fl T
	176	command.
bf740959	177	.It Fl b Ar bits
4fe2af09	178	Specifies the number of bits in the key to create.
4fe2af09	179	Minimum is 512 bits.
63baa058	180	Generally, 1024 bits is considered sufficient.
4fe2af09	181	The default is 1024 bits.
bf740959	182	.It Fl c
bf740959	183	Requests changing the comment in the private and public key files.
f564d016	184	This operation is only supported for RSA1 keys.
bf740959	185	The program will prompt for the file containing the private keys, for
cf7ff074	186	the passphrase if the key has one, and for the new comment.
5deceabb	187	.It Fl e
b587c165	188	This option will read a private or public OpenSSH key file and
b587c165	189	print the key in a
5deceabb	190	.Sq SECSH Public Key File Format
	191	to stdout.
	192	This option allows exporting keys for use by several commercial
	193	SSH implementations.
21289cd0	194	.It Fl g
21289cd0	195	Use generic DNS resource record format.
f0d6bdcf	196	.It Fl f Ar filename
f095fcc7	197	Specifies the filename of the key file.
5deceabb	198	.It Fl i
	199	This option will read an unencrypted private (or public) key file
	200	in SSH2-compatible format and print an OpenSSH compatible private
	201	(or public) key to stdout.
	202	.Nm
bcaa828e	203	also reads the
5deceabb	204	.Sq SECSH Public Key File Format .
	205	This option allows importing keys from several commercial
	206	SSH implementations.
f095fcc7	207	.It Fl l
f564d016	208	Show fingerprint of specified public key file.
	209	Private RSA1 keys are also supported.
	210	For RSA and DSA keys
	211	.Nm
	212	tries to find the matching public key file and prints its fingerprint.
bf740959	213	.It Fl p
bf740959	214	Requests changing the passphrase of a private key file instead of
4fe2af09	215	creating a new private key.
4fe2af09	216	The program will prompt for the file
bf740959	217	containing the private key, for the old passphrase, and twice for the
	218	new passphrase.
	219	.It Fl q
	220	Silence
	221	.Nm ssh-keygen .
	222	Used by
	223	.Pa /etc/rc
	224	when creating a new key.
5deceabb	225	.It Fl y
	226	This option will read a private
	227	OpenSSH format file and print an OpenSSH public key to stdout.
fa08c86b	228	.It Fl t Ar type
	229	Specifies the type of the key to create.
	230	The possible values are
	231	.Dq rsa1
	232	for protocol version 1 and
	233	.Dq rsa
	234	or
	235	.Dq dsa
	236	for protocol version 2.
aaf45d87	237	.It Fl B
aaf45d87	238	Show the bubblebabble digest of specified private or public key file.
bf740959	239	.It Fl C Ar comment
bf740959	240	Provides the new comment.
f0d6bdcf	241	.It Fl D Ar reader
	242	Download the RSA public key stored in the smartcard in
	243	.Ar reader .
c35a6dc5	244	.It Fl G Ar output_file
	245	Generate candidate primes for DH-GEX.
	246	These primes must be screened for
	247	safety (using the
	248	.Fl T
	249	option) before use.
	250	.It Fl M Ar memory
	251	Specify the amount of memory to use (in megabytes) when generating
	252	candidate moduli for DH-GEX.
bf740959	253	.It Fl N Ar new_passphrase
	254	Provides the new passphrase.
	255	.It Fl P Ar passphrase
	256	Provides the (old) passphrase.
c35a6dc5	257	.It Fl S Ar start
	258	Specify start point (in hex) when generating candidate moduli for DH-GEX.
	259	.It Fl T Ar output_file
	260	Test DH group exchange candidate primes (generated using the
	261	.Fl G
	262	option) for safety.
	263	.It Fl W Ar generator
	264	Specify desired generator when testing candidate moduli for DH-GEX.
f0d6bdcf	265	.It Fl U Ar reader
	266	Upload an existing RSA private key into the smartcard in
	267	.Ar reader .
c6fbc95a	268	.It Fl v
	269	Verbose mode.
	270	Causes
	271	.Nm
	272	to print debugging messages about its progress.
	273	This is helpful for debugging moduli generation.
	274	Multiple
	275	.Fl v
	276	options increase the verbosity.
	277	The maximum is 3.
21289cd0	278	.It Fl r Ar hostname
	279	Print DNS resource record with the specified
	280	.Ar hostname .
bf740959	281	.El
c35a6dc5	282	.Sh MODULI GENERATION
	283	.Nm
	284	may be used to generate groups for the Diffie-Hellman Group Exchange
	285	(DH-GEX) protocol.
	286	Generating these groups is a two-step process: first, candidate
	287	primes are generated using a fast, but memory intensive process.
	288	These candidate primes are then tested for suitability (a CPU-intensive
	289	process).
	290	.Pp
	291	Generation of primes is performed using the
	292	.Fl G
	293	option.
	294	The desired length of the primes may be specified by the
	295	.Fl b
	296	option.
	297	For example:
	298	.Pp
	299	.Dl ssh-keygen -G moduli-2048.candidates -b 2048
	300	.Pp
	301	By default, the search for primes begins at a random point in the
	302	desired length range.
	303	This may be overridden using the
	304	.Fl S
	305	option, which specifies a different start point (in hex).
	306	.Pp
	307	Once a set of candidates have been generated, they must be tested for
	308	suitability.
	309	This may be performed using the
	310	.Fl T
	311	option.
	312	In this mode
	313	.Nm
	314	will read candidates from standard input (or a file specified using the
	315	.Fl f
	316	option).
	317	For example:
	318	.Pp
	319	.Dl ssh-keygen -T moduli-2048 -f moduli-2048.candidates
	320	.Pp
	321	By default, each candidate will be subjected to 100 primality tests.
	322	This may be overridden using the
	323	.Fl a
	324	option.
	325	The DH generator value will be chosen automatically for the
	326	prime under consideration.
	327	If a specific generator is desired, it may be requested using the
	328	.Fl W
	329	option.
	330	Valid generator values are 2, 3 and 5.
	331	.Pp
	332	Screened DH groups may be installed in
	333	.Pa /etc/moduli .
	334	It is important that this file contains moduli of a range of bit lengths and
	335	that both ends of a connection share common moduli.
bf740959	336	.Sh FILES
bf740959	337	.Bl -tag -width Ds
bf740959	338	.It Pa $HOME/.ssh/identity
c0ecc314	339	Contains the protocol version 1 RSA authentication identity of the user.
4fe2af09	340	This file should not be readable by anyone but the user.
4fe2af09	341	It is possible to
bf740959	342	specify a passphrase when generating the key; that passphrase will be
4fe2af09	343	used to encrypt the private part of this file using 3DES.
4fe2af09	344	This file is not automatically accessed by
bf740959	345	.Nm
bf740959	346	but it is offered as the default file for the private key.
8a497b11	347	.Xr ssh 1
1d1ffb87	348	will read this file when a login attempt is made.
bf740959	349	.It Pa $HOME/.ssh/identity.pub
c0ecc314	350	Contains the protocol version 1 RSA public key for authentication.
4fe2af09	351	The contents of this file should be added to
bf740959	352	.Pa $HOME/.ssh/authorized_keys
bf740959	353	on all machines
91789042	354	where the user wishes to log in using RSA authentication.
4fe2af09	355	There is no need to keep the contents of this file secret.
1d1ffb87	356	.It Pa $HOME/.ssh/id_dsa
c0ecc314	357	Contains the protocol version 2 DSA authentication identity of the user.
1d1ffb87	358	This file should not be readable by anyone but the user.
	359	It is possible to
	360	specify a passphrase when generating the key; that passphrase will be
	361	used to encrypt the private part of this file using 3DES.
	362	This file is not automatically accessed by
	363	.Nm
	364	but it is offered as the default file for the private key.
8a497b11	365	.Xr ssh 1
1d1ffb87	366	will read this file when a login attempt is made.
1d1ffb87	367	.It Pa $HOME/.ssh/id_dsa.pub
c0ecc314	368	Contains the protocol version 2 DSA public key for authentication.
c0ecc314	369	The contents of this file should be added to
96a7b0cc	370	.Pa $HOME/.ssh/authorized_keys
c0ecc314	371	on all machines
91789042	372	where the user wishes to log in using public key authentication.
c0ecc314	373	There is no need to keep the contents of this file secret.
	374	.It Pa $HOME/.ssh/id_rsa
	375	Contains the protocol version 2 RSA authentication identity of the user.
	376	This file should not be readable by anyone but the user.
	377	It is possible to
	378	specify a passphrase when generating the key; that passphrase will be
	379	used to encrypt the private part of this file using 3DES.
	380	This file is not automatically accessed by
	381	.Nm
	382	but it is offered as the default file for the private key.
8a497b11	383	.Xr ssh 1
c0ecc314	384	will read this file when a login attempt is made.
	385	.It Pa $HOME/.ssh/id_rsa.pub
	386	Contains the protocol version 2 RSA public key for authentication.
1d1ffb87	387	The contents of this file should be added to
96a7b0cc	388	.Pa $HOME/.ssh/authorized_keys
1d1ffb87	389	on all machines
91789042	390	where the user wishes to log in using public key authentication.
1d1ffb87	391	There is no need to keep the contents of this file secret.
c35a6dc5	392	.It Pa /etc/moduli
	393	Contains Diffie-Hellman groups used for DH-GEX.
	394	The file format is described in
	395	.Xr moduli 5 .
089fbbd2	396	.El
bf740959	397	.Sh SEE ALSO
	398	.Xr ssh 1 ,
	399	.Xr ssh-add 1 ,
0c372277	400	.Xr ssh-agent 1 ,
c35a6dc5	401	.Xr moduli 5 ,
a5ef76f1	402	.Xr sshd 8
5deceabb	403	.Rs
7b518233	404	.%A J. Galbraith
7b518233	405	.%A R. Thayer
5deceabb	406	.%T "SECSH Public Key File Format"
	407	.%N draft-ietf-secsh-publickeyfile-01.txt
	408	.%D March 2001
	409	.%O work in progress material
	410	.Re
be193d89	411	.Sh AUTHORS
	412	OpenSSH is a derivative of the original and free
	413	ssh 1.2.12 release by Tatu Ylonen.
	414	Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
	415	Theo de Raadt and Dug Song
	416	removed many bugs, re-added newer features and
	417	created OpenSSH.
	418	Markus Friedl contributed the support for SSH
	419	protocol versions 1.5 and 2.0.