]>
Commit | Line | Data |
---|---|---|
8efc0c15 | 1 | .\" -*- nroff -*- |
2 | .\" | |
3 | .\" ssh-keygen.1 | |
4 | .\" | |
5 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> | |
6 | .\" | |
7 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | |
8 | .\" All rights reserved | |
9 | .\" | |
10 | .\" Created: Sat Apr 22 23:55:14 1995 ylo | |
11 | .\" | |
12 | .\" $Id$ | |
13 | .\" | |
14 | .Dd September 25, 1999 | |
15 | .Dt SSH-KEYGEN 1 | |
16 | .Os | |
17 | .Sh NAME | |
18 | .Nm ssh-keygen | |
19 | .Nd authentication key generation | |
20 | .Sh SYNOPSIS | |
21 | .Nm ssh-keygen | |
22 | .Op Fl q | |
23 | .Op Fl b Ar bits | |
24 | .Op Fl N Ar new_passphrase | |
25 | .Op Fl C Ar comment | |
26 | .Nm ssh-keygen | |
27 | .Fl p | |
28 | .Op Fl P Ar old_passphrase | |
29 | .Op Fl N Ar new_passphrase | |
30 | .Nm ssh-keygen | |
31 | .Fl c | |
32 | .Op Fl P Ar passphrase | |
33 | .Op Fl C Ar comment | |
34 | .Sh DESCRIPTION | |
35 | .Nm | |
36 | generates and manages authentication keys for | |
37 | .Xr ssh 1 . | |
38 | Normally each user wishing to use SSH | |
39 | with RSA authentication runs this once to create the authentication | |
40 | key in | |
41 | .Pa $HOME/.ssh/identity . | |
42 | Additionally, the system administrator may use this to generate host keys. | |
43 | .Pp | |
44 | Normally this program generates the key and asks for a file in which | |
45 | to store the private key. The public key is stored in a file with the | |
46 | same name but | |
47 | .Dq .pub | |
48 | appended. The program also asks for a | |
49 | passphrase. The passphrase may be empty to indicate no passphrase | |
50 | (host keys must have empty passphrase), or it may be a string of | |
51 | arbitrary length. Good passphrases are 10-30 characters long and are | |
52 | not simple sentences or otherwise easily guessable (English | |
53 | prose has only 1-2 bits of entropy per word, and provides very bad | |
54 | passphrases). The passphrase can be changed later by using the | |
55 | .Fl p | |
56 | option. | |
57 | .Pp | |
58 | There is no way to recover a lost passphrase. If the passphrase is | |
59 | lost or forgotten, you will have to generate a new key and copy the | |
60 | corresponding public key to other machines. | |
61 | .Pp | |
62 | There is also a comment field in the key file that is only for | |
63 | convenience to the user to help identify the key. The comment can | |
64 | tell what the key is for, or whatever is useful. The comment is | |
65 | initialized to | |
66 | .Dq user@host | |
67 | when the key is created, but can be changed using the | |
68 | .Fl c | |
69 | option. | |
70 | .Pp | |
71 | The options are as follows: | |
72 | .Bl -tag -width Ds | |
73 | .It Fl b Ar bits | |
74 | Specifies the number of bits in the key to create. Minimum is 512 | |
75 | bits. Generally 1024 bits is considered sufficient, and key sizes | |
76 | above that no longer improve security but make things slower. The | |
77 | default is 1024 bits. | |
78 | .It Fl c | |
79 | Requests changing the comment in the private and public key files. | |
80 | The program will prompt for the file containing the private keys, for | |
81 | passphrase if the key has one, and for the new comment. | |
82 | .It Fl p | |
83 | Requests changing the passphrase of a private key file instead of | |
84 | creating a new private key. The program will prompt for the file | |
85 | containing the private key, for the old passphrase, and twice for the | |
86 | new passphrase. | |
87 | .It Fl q | |
88 | Silence | |
89 | .Nm ssh-keygen . | |
90 | Used by | |
91 | .Pa /etc/rc | |
92 | when creating a new key. | |
93 | .It Fl C Ar comment | |
94 | Provides the new comment. | |
95 | .It Fl N Ar new_passphrase | |
96 | Provides the new passphrase. | |
97 | .It Fl P Ar passphrase | |
98 | Provides the (old) passphrase. | |
99 | .El | |
100 | .Sh FILES | |
101 | .Bl -tag -width Ds | |
102 | .It Pa $HOME/.ssh/random_seed | |
103 | Used for seeding the random number generator. This file should not be | |
104 | readable by anyone but the user. This file is created the first time | |
105 | the program is run, and is updated every time. | |
106 | .It Pa $HOME/.ssh/identity | |
107 | Contains the RSA authentication identity of the user. This file | |
108 | should not be readable by anyone but the user. It is possible to | |
109 | specify a passphrase when generating the key; that passphrase will be | |
110 | used to encrypt the private part of this file using 3DES. This file | |
111 | is not automatically accessed by | |
112 | .Nm | |
113 | but it is offered as the default file for the private key. | |
114 | .It Pa $HOME/.ssh/identity.pub | |
115 | Contains the public key for authentication. The contents of this file | |
116 | should be added to | |
117 | .Pa $HOME/.ssh/authorized_keys | |
118 | on all machines | |
119 | where you wish to log in using RSA authentication. There is no | |
120 | need to keep the contents of this file secret. | |
121 | .Sh AUTHOR | |
122 | Tatu Ylonen <ylo@cs.hut.fi> | |
123 | .Pp | |
124 | OpenSSH | |
125 | is a derivative of the original (free) ssh 1.2.12 release, but with bugs | |
126 | removed and newer features re-added. Rapidly after the 1.2.12 release, | |
127 | newer versions bore successively more restrictive licenses. This version | |
128 | of OpenSSH | |
129 | .Bl -bullet | |
130 | .It | |
131 | has all components of a restrictive nature (ie. patents, see | |
132 | .Xr ssl 8 ) | |
133 | directly removed from the source code; any licensed or patented components | |
134 | are chosen from | |
135 | external libraries. | |
136 | .It | |
137 | has been updated to support ssh protocol 1.5. | |
138 | .It | |
139 | contains added support for | |
140 | .Xr kerberos 8 | |
141 | authentication and ticket passing. | |
142 | .It | |
143 | supports one-time password authentication with | |
144 | .Xr skey 1 . | |
145 | .El | |
146 | .Pp | |
147 | The libraries described in | |
148 | .Xr ssl 8 | |
149 | are required for proper operation. | |
150 | .Sh SEE ALSO | |
151 | .Xr ssh 1 , | |
152 | .Xr ssh-add 1 , | |
153 | .Xr ssh-agent 1, | |
154 | .Xr sshd 8 , | |
155 | .Xr ssl 8 |