X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/f564d016e40aed0eaa2b63c4292211d2ca01fe70..e2ef2342e2ea26be7a29beb55ea2674e2cd9cf6c:/ssh-keygen.1

diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 622cb5c9..78fdb496 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ssh-keygen.1,v 1.50 2001/10/25 21:14:32 markus Exp $
+.\"	$OpenBSD: ssh-keygen.1,v 1.55 2002/11/26 02:35:30 stevesk Exp $
 .\"
 .\"  -*- nroff -*-
 .\"
@@ -47,7 +47,7 @@
 .Nm ssh-keygen
 .Op Fl q
 .Op Fl b Ar bits
-.Op Fl t Ar type
+.Fl t Ar type
 .Op Fl N Ar new_passphrase
 .Op Fl C Ar comment
 .Op Fl f Ar output_keyfile
@@ -86,10 +86,11 @@
 generates, manages and converts authentication keys for
 .Xr ssh 1 .
 .Nm
-defaults to generating a RSA1 key for use by SSH protocol version 1.
-Specifying the
+can create RSA keys for use by SSH protocol version 1 and RSA or DSA
+keys for use by SSH protocol version 2. The type of key to be generated
+is specified with the
 .Fl t
-option instead creates a key for use by SSH protocol version 2.
+option.
 .Pp
 Normally each user wishing to use SSH
 with RSA or DSA authentication runs this once to create the authentication
@@ -111,10 +112,14 @@ The program also asks for a passphrase.
 The passphrase may be empty to indicate no passphrase
 (host keys must have an empty passphrase), or it may be a string of
 arbitrary length.
-Good passphrases are 10-30 characters long and are
+A passphrase is similar to a password, except it can be a phrase with a
+series of words, punctuation, numbers, whitespace, or any string of
+characters you want.
+Good passphrases are 10-30 characters long, are
 not simple sentences or otherwise easily guessable (English
 prose has only 1-2 bits of entropy per character, and provides very bad
-passphrases).
+passphrases), and contain a mix of upper and lowercase letters,
+numbers, and non-alphanumeric characters.
 The passphrase can be changed later by using the
 .Fl p
 option.
@@ -142,8 +147,7 @@ The options are as follows:
 .It Fl b Ar bits
 Specifies the number of bits in the key to create.
 Minimum is 512 bits.
-Generally 1024 bits is considered sufficient, and key sizes
-above that no longer improve security but make things slower.
+Generally, 1024 bits is considered sufficient.
 The default is 1024 bits.
 .It Fl c
 Requests changing the comment in the private and public key files.
@@ -198,8 +202,6 @@ for protocol version 1 and
 or
 .Dq dsa
 for protocol version 2.
-The default is
-.Dq rsa1 .
 .It Fl B
 Show the bubblebabble digest of specified private or public key file.
 .It Fl C Ar comment