diff options
Diffstat (limited to 'other/openssh-reverse/ssh-keygen.0')
| -rw-r--r-- | other/openssh-reverse/ssh-keygen.0 | 152 |
1 files changed, 152 insertions, 0 deletions
diff --git a/other/openssh-reverse/ssh-keygen.0 b/other/openssh-reverse/ssh-keygen.0 new file mode 100644 index 0000000..deec172 --- /dev/null +++ b/other/openssh-reverse/ssh-keygen.0 | |||
| @@ -0,0 +1,152 @@ | |||
| 1 | |||
| 2 | SSH-KEYGEN(1) System Reference Manual SSH-KEYGEN(1) | ||
| 3 | |||
| 4 | NAME | ||
| 5 | ssh-keygen - authentication key generation | ||
| 6 | |||
| 7 | SYNOPSIS | ||
| 8 | ssh-keygen [-dq] [-b bits] [-N new_passphrase] [-C comment] [-f keyfile] | ||
| 9 | ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile] | ||
| 10 | ssh-keygen -x [-f keyfile] | ||
| 11 | ssh-keygen -X [-f keyfile] | ||
| 12 | ssh-keygen -y [-f keyfile] | ||
| 13 | ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile] | ||
| 14 | ssh-keygen -l [-f keyfile] | ||
| 15 | ssh-keygen -R | ||
| 16 | |||
| 17 | DESCRIPTION | ||
| 18 | ssh-keygen generates and manages authentication keys for ssh(1). ssh- | ||
| 19 | keygen defaults to generating an RSA key for use by protocols 1.3 and | ||
| 20 | 1.5; specifying the -d flag will create a DSA key instead for use by pro- | ||
| 21 | tocol 2.0. | ||
| 22 | |||
| 23 | Normally each user wishing to use SSH with RSA or DSA authentication runs | ||
| 24 | this once to create the authentication key in $HOME/.ssh/identity or | ||
| 25 | $HOME/.ssh/id_dsa. Additionally, the system administrator may use this to | ||
| 26 | generate host keys, as seen in /etc/rc. | ||
| 27 | |||
| 28 | Normally this program generates the key and asks for a file in which to | ||
| 29 | store the private key. The public key is stored in a file with the same | ||
| 30 | name but ``.pub'' appended. The program also asks for a passphrase. The | ||
| 31 | passphrase may be empty to indicate no passphrase (host keys must have | ||
| 32 | empty passphrase), or it may be a string of arbitrary length. Good | ||
| 33 | passphrases are 10-30 characters long and are not simple sentences or | ||
| 34 | otherwise easily guessable (English prose has only 1-2 bits of entropy | ||
| 35 | per word, and provides very bad passphrases). The passphrase can be | ||
| 36 | changed later by using the -p option. | ||
| 37 | |||
| 38 | There is no way to recover a lost passphrase. If the passphrase is lost | ||
| 39 | or forgotten, you will have to generate a new key and copy the corre- | ||
| 40 | sponding public key to other machines. | ||
| 41 | |||
| 42 | For RSA, there is also a comment field in the key file that is only for | ||
| 43 | convenience to the user to help identify the key. The comment can tell | ||
| 44 | what the key is for, or whatever is useful. The comment is initialized | ||
| 45 | to ``user@host'' when the key is created, but can be changed using the -c | ||
| 46 | option. | ||
| 47 | |||
| 48 | After a key is generated, instructions below detail where the keys should | ||
| 49 | be placed to be activated. | ||
| 50 | |||
| 51 | The options are as follows: | ||
| 52 | |||
| 53 | -b bits | ||
| 54 | Specifies the number of bits in the key to create. Minimum is | ||
| 55 | 512 bits. Generally 1024 bits is considered sufficient, and key | ||
| 56 | sizes above that no longer improve security but make things slow- | ||
| 57 | er. The default is 1024 bits. | ||
| 58 | |||
| 59 | -c Requests changing the comment in the private and public key | ||
| 60 | files. The program will prompt for the file containing the pri- | ||
| 61 | vate keys, for passphrase if the key has one, and for the new | ||
| 62 | comment. | ||
| 63 | |||
| 64 | |||
| 65 | |||
| 66 | -f Specifies the filename of the key file. | ||
| 67 | |||
| 68 | -l Show fingerprint of specified private or public key file. | ||
| 69 | |||
| 70 | -p Requests changing the passphrase of a private key file instead of | ||
| 71 | creating a new private key. The program will prompt for the file | ||
| 72 | containing the private key, for the old passphrase, and twice for | ||
| 73 | the new passphrase. | ||
| 74 | |||
| 75 | -q Silence ssh-keygen. Used by /etc/rc when creating a new key. | ||
| 76 | |||
| 77 | -C comment | ||
| 78 | Provides the new comment. | ||
| 79 | |||
| 80 | -N new_passphrase | ||
| 81 | Provides the new passphrase. | ||
| 82 | |||
| 83 | -P passphrase | ||
| 84 | Provides the (old) passphrase. | ||
| 85 | |||
| 86 | -R If RSA support is functional, immediately exits with code 0. If | ||
| 87 | RSA support is not functional, exits with code 1. This flag will | ||
| 88 | be removed once the RSA patent expires. | ||
| 89 | |||
| 90 | -x This option will read a private OpenSSH DSA format file and print | ||
| 91 | a SSH2-compatible public key to stdout. | ||
| 92 | |||
| 93 | -X This option will read a SSH2-compatible public key file and print | ||
| 94 | an OpenSSH DSA compatible public key to stdout. | ||
| 95 | |||
| 96 | -y This option will read a private OpenSSH DSA format file and print | ||
| 97 | an OpenSSH DSA public key to stdout. | ||
| 98 | |||
| 99 | FILES | ||
| 100 | $HOME/.ssh/identity | ||
| 101 | Contains the RSA authentication identity of the user. This file | ||
| 102 | should not be readable by anyone but the user. It is possible to | ||
| 103 | specify a passphrase when generating the key; that passphrase | ||
| 104 | will be used to encrypt the private part of this file using 3DES. | ||
| 105 | This file is not automatically accessed by ssh-keygen but it is | ||
| 106 | offered as the default file for the private key. sshd(8) will | ||
| 107 | read this file when a login attempt is made. | ||
| 108 | |||
| 109 | $HOME/.ssh/identity.pub | ||
| 110 | Contains the public key for authentication. The contents of this | ||
| 111 | file should be added to $HOME/.ssh/authorized_keys on all ma- | ||
| 112 | chines where you wish to log in using RSA authentication. There | ||
| 113 | is no need to keep the contents of this file secret. | ||
| 114 | |||
| 115 | $HOME/.ssh/id_dsa | ||
| 116 | Contains the DSA authentication identity of the user. This file | ||
| 117 | should not be readable by anyone but the user. It is possible to | ||
| 118 | specify a passphrase when generating the key; that passphrase | ||
| 119 | will be used to encrypt the private part of this file using 3DES. | ||
| 120 | This file is not automatically accessed by ssh-keygen but it is | ||
| 121 | offered as the default file for the private key. sshd(8) will | ||
| 122 | read this file when a login attempt is made. | ||
| 123 | |||
| 124 | $HOME/.ssh/id_dsa.pub | ||
| 125 | Contains the public key for authentication. The contents of this | ||
| 126 | file should be added to $HOME/.ssh/authorized_keys2 on all ma- | ||
| 127 | chines where you wish to log in using DSA authentication. There | ||
| 128 | is no need to keep the contents of this file secret. | ||
| 129 | |||
| 130 | AUTHOR | ||
| 131 | Tatu Ylonen <ylo@cs.hut.fi> | ||
| 132 | |||
| 133 | OpenSSH is a derivative of the original (free) ssh 1.2.12 release, but | ||
| 134 | with bugs removed and newer features re-added. Rapidly after the 1.2.12 | ||
| 135 | release, newer versions bore successively more restrictive licenses. | ||
| 136 | This version of OpenSSH | ||
| 137 | |||
| 138 | o has all components of a restrictive nature (i.e., patents) directly | ||
| 139 | removed from the source code; any licensed or patented components are | ||
| 140 | chosen from external libraries. | ||
| 141 | |||
| 142 | o has been updated to support ssh protocol 1.5. | ||
| 143 | |||
| 144 | o contains added support for kerberos(8) authentication and ticket | ||
| 145 | passing. | ||
| 146 | |||
| 147 | o supports one-time password authentication with skey(1). | ||
| 148 | |||
| 149 | SEE ALSO | ||
| 150 | ssh(1), ssh-add(1), ssh-agent(1), sshd(8), | ||
| 151 | |||
| 152 | BSD Experimental September 25, 1999 3 | ||