.\" -*- nroff -*-
.\"
-.\" ssh-keygen.1
-.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
-.\"
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
.\" All rights reserved
.\"
-.\" Created: Sat Apr 22 23:55:14 1995 ylo
+.\" As far as I am concerned, the code I have written for this software
+.\" can be used freely for any purpose. Any derived versions of this
+.\" software must be clearly marked as such, and if the derived work is
+.\" incompatible with the protocol description in the RFC file, it must be
+.\" called by a name other than "ssh" or "Secure Shell".
+.\"
.\"
-.\" $Id$
+.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
+.\" Copyright (c) 1999 Aaron Campbell. All rights reserved.
+.\" Copyright (c) 1999 Theo de Raadt. All rights reserved.
+.\"
+.\" Redistribution and use in source and binary forms, with or without
+.\" modification, are permitted provided that the following conditions
+.\" are met:
+.\" 1. Redistributions of source code must retain the above copyright
+.\" notice, this list of conditions and the following disclaimer.
+.\" 2. Redistributions in binary form must reproduce the above copyright
+.\" notice, this list of conditions and the following disclaimer in the
+.\" documentation and/or other materials provided with the distribution.
+.\"
+.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd September 25, 1999
.Dt SSH-KEYGEN 1
.Nd authentication key generation
.Sh SYNOPSIS
.Nm ssh-keygen
-.Op Fl dq
+.Op Fl q
.Op Fl b Ar bits
+.Op Fl t Ar type
.Op Fl N Ar new_passphrase
.Op Fl C Ar comment
-.Op Fl f Ar keyfile
+.Op Fl f Ar output_keyfile
.Nm ssh-keygen
.Fl p
.Op Fl P Ar old_passphrase
.Op Fl f Ar keyfile
.Nm ssh-keygen
.Fl x
-.Op Fl f Ar keyfile
+.Op Fl f Ar input_keyfile
.Nm ssh-keygen
.Fl X
-.Op Fl f Ar keyfile
+.Op Fl f Ar input_keyfile
.Nm ssh-keygen
.Fl y
-.Op Fl f Ar keyfile
+.Op Fl f Ar input_keyfile
.Nm ssh-keygen
.Fl c
.Op Fl P Ar passphrase
.Op Fl f Ar keyfile
.Nm ssh-keygen
.Fl l
-.Op Fl f Ar keyfile
+.Op Fl f Ar input_keyfile
.Nm ssh-keygen
.Fl R
.Sh DESCRIPTION
.Nm
defaults to generating an RSA key for use by protocols 1.3 and 1.5;
specifying the
-.Fl d
-flag will create a DSA key instead for use by protocol 2.0.
+.Fl t
+allows you to create a key for use by protocol 2.0.
.Pp
Normally each user wishing to use SSH
with RSA or DSA authentication runs this once to create the authentication
Used by
.Pa /etc/rc
when creating a new key.
+.It Fl t Ar type
+Specifies the type of the key to create.
+The possible values are
+.Dq rsa1
+for protocol version 1 and
+.Dq rsa
+or
+.Dq dsa
+for protocol version 2.
+The default is
+.Dq rsa .
.It Fl C Ar comment
Provides the new comment.
.It Fl N Ar new_passphrase
This option will read a private
OpenSSH DSA format file and print a SSH2-compatible public key to stdout.
.It Fl X
-This option will read a
-SSH2-compatible public key file and print an OpenSSH DSA compatible public key to stdout.
+This option will read a unencrypted
+SSH2-compatible private (or public) key file and
+print an OpenSSH compatible private (or public) key to stdout.
.It Fl y
This option will read a private
-OpenSSH DSA format file and print an OpenSSH DSA public key to stdout.
+OpenSSH format file and print an OpenSSH public key to stdout.
.El
.Sh FILES
.Bl -tag -width Ds
The contents of this file should be added to
.Pa $HOME/.ssh/authorized_keys2
on all machines
-where you wish to log in using DSA authentication.
+where you wish to log in using public key authentication.
There is no need to keep the contents of this file secret.
-.Sh AUTHOR
+.El
+.Sh AUTHORS
Tatu Ylonen <ylo@cs.hut.fi>
.Pp
OpenSSH
This version of OpenSSH
.Bl -bullet
.It
-has all components of a restrictive nature (i.e., patents)
+has all components of a restrictive nature (i.e., patents, see
+.Xr crypto 3 )
directly removed from the source code; any licensed or patented components
are chosen from
external libraries.
.Xr ssh-add 1 ,
.Xr ssh-agent 1 ,
.Xr sshd 8 ,
+.Xr crypto 3