summaryrefslogtreecommitdiff
path: root/usr/src/man/man1/ssh-keygen.1
diff options
context:
space:
mode:
Diffstat (limited to 'usr/src/man/man1/ssh-keygen.1')
-rw-r--r--usr/src/man/man1/ssh-keygen.1466
1 files changed, 466 insertions, 0 deletions
diff --git a/usr/src/man/man1/ssh-keygen.1 b/usr/src/man/man1/ssh-keygen.1
new file mode 100644
index 0000000000..d1a4419538
--- /dev/null
+++ b/usr/src/man/man1/ssh-keygen.1
@@ -0,0 +1,466 @@
+'\" te
+.\" To view license terms, attribution, and copyright for OpenSSH, the default path is /var/sadm/pkg/SUNWsshdr/install/copyright. If the Solaris operating environment has been installed anywhere other than the default, modify the given path to access the file at the
+.\" installed location.
+.\" Portions Copyright (c) 2009, Sun Microsystems, Inc. All Rights Reserved.
+.TH ssh-keygen 1 "17 Feb 2009" "SunOS 5.11" "User Commands"
+.SH NAME
+ssh-keygen \- authentication key generation
+.SH SYNOPSIS
+.LP
+.nf
+\fBssh-keygen\fR [\fB-q\fR] [\fB-b\fR \fIbits\fR ] \fB-t\fR \fItype\fR [\fB-N\fR \fInew_passphrase\fR]
+ [\fB-C\fR \fIcomment\fR] [\fB-f\fR \fIoutput_keyfile\fR]
+.fi
+
+.LP
+.nf
+\fBssh-keygen\fR \fB-p\fR [\fB-P\fR \fIold_passphrase\fR] [\fB-N\fR \fInew_passphrase\fR]
+ [\fB-f\fR \fIkeyfile\fR]
+.fi
+
+.LP
+.nf
+\fBssh-keygen\fR \fB-i\fR [\fB-f\fR \fIinput_keyfile\fR]
+.fi
+
+.LP
+.nf
+\fBssh-keygen\fR \fB-e\fR [\fB-f\fR \fIinput_keyfile\fR]
+.fi
+
+.LP
+.nf
+\fBssh-keygen\fR \fB-y\fR [\fB-f\fR \fIinput_keyfile\fR]
+.fi
+
+.LP
+.nf
+\fBssh-keygen\fR \fB-c\fR [\fB-P\fR \fIpassphrase\fR] [\fB-C\fR \fIcomment\fR] [\fB-f\fR \fIkeyfile\fR]
+.fi
+
+.LP
+.nf
+\fBssh-keygen\fR \fB-l\fR [\fB-f\fR \fIinput_keyfile\fR]
+.fi
+
+.LP
+.nf
+\fBssh-keygen\fR \fB-B\fR [\fB-f\fR \fIinput_keyfile\fR]
+.fi
+
+.LP
+.nf
+\fBssh-keygen\fR \fB-F\fR \fIhostname\fR [\fB-f\fR \fIknown_hosts_file\fR]
+.fi
+
+.LP
+.nf
+\fBssh-keygen\fR \fB-H\fR [\fB-f\fR \fIknown_hosts_file\fR]
+.fi
+
+.LP
+.nf
+\fBssh-keygen\fR \fB-R\fR \fIhostname\fR [\fB-f\fR \fIknown_hosts_file\fR]
+.fi
+
+.SH DESCRIPTION
+.sp
+.LP
+The \fBssh-keygen\fR utility generates, manages, and converts authentication
+keys for \fBssh\fR(1). \fBssh-keygen\fR can create RSA keys for use by SSH
+protocol version 1 and RSA or DSA keys for use by SSH protocol version 2. The
+type of key to be generated is specified with the \fB-t\fR option.
+.sp
+.LP
+Normally, each user wishing to use \fBSSH\fR with \fBRSA\fR or \fBDSA\fR
+authentication runs this once to create the authentication key in
+\fB$HOME/.ssh/identity\fR, \fB$HOME/.ssh/id_dsa\fR, or \fB$HOME/.ssh/id_rsa\fR.
+The system administrator can also use this to generate host keys..
+.sp
+.LP
+Ordinarily, this program generates the key and asks for a file in which to
+store the private key. The public key is stored in a file with the same name
+but with the ``\fB\&.pub\fR'' extension appended. The program also asks for a
+passphrase. The passphrase can be empty to indicate no passphrase (host keys
+must have empty passphrases), or it can be a string of arbitrary length. Good
+passphrases are 10-30 characters long, are not simple sentences or otherwise
+easy to guess, and contain a mix of uppercase and lowercase letters, numbers,
+and non-alphanumeric characters. (English prose has only 1-2 bits of entropy
+per word and provides very poor passphrases.) If a passphrase is set, it must
+be at least 4 characters long.
+.sp
+.LP
+The passphrase can be changed later by using the \fB-p\fR option.
+.sp
+.LP
+There is no way to recover a lost passphrase. If the passphrase is lost or
+forgotten, you have to generate a new key and copy the corresponding public key
+to other machines.
+.sp
+.LP
+For \fBRSA\fR, there is also a comment field in the key file that is only for
+convenience to the user to help identify the key. The \fIcomment\fR can tell
+what the key is for, or whatever is useful. The comment is initialized to
+``\fBuser@host\fR'' when the key is created, but can be changed using the
+\fB-c\fR option.
+.sp
+.LP
+After a key is generated, instructions below detail where to place the keys to
+activate them.
+.SH OPTIONS
+.sp
+.LP
+The following options are supported:
+.sp
+.ne 2
+.mk
+.na
+\fB\fB-b\fR \fIbits\fR\fR
+.ad
+.RS 21n
+.rt
+Specifies the number of bits in the key to create. The minimum number is 512
+bits. Generally, 1024 bits is considered sufficient. Key sizes above that no
+longer improve security but make things slower. The default is 1024 bits.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB-B\fR\fR
+.ad
+.RS 21n
+.rt
+Shows the bubblebabble digest of the specified private or public key file.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB-c\fR\fR
+.ad
+.RS 21n
+.rt
+Requests changing the comment in the private and public key files. The program
+prompts for the file containing the private keys, for the passphrase if the key
+has one, and for the new comment.
+.sp
+This option only applies to \fBrsa1\fR (\fBSSHv1\fR) keys.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB-C\fR \fIcomment\fR\fR
+.ad
+.RS 21n
+.rt
+Provides the new comment.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB-e\fR\fR
+.ad
+.RS 21n
+.rt
+This option reads a private or public OpenSSH key file and prints the key in a
+"SECSH" Public Key File Format to stdout. This option allows exporting keys for
+use by several other SSH implementations.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB-f\fR\fR
+.ad
+.RS 21n
+.rt
+Specifies the filename of the key file.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB-F\fR\fR
+.ad
+.RS 21n
+.rt
+Search for the specified \fIhostname\fR in a \fBknown_hosts\fR file, listing
+any occurrences found. This option is useful to find hashed host names or
+addresses and can also be used in conjunction with the \fB-H\fR option to print
+found keys in a hashed format.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB-H\fR\fR
+.ad
+.RS 21n
+.rt
+Hash a \fBknown_hosts\fR file. This replaces all host names and addresses with
+hashed representations within the specified file. The original content is moved
+to a file with a \fB\&.old\fR suffix. These hashes may be used normally by
+\fBssh\fR and \fBsshd\fR, but they do not reveal identifying information should
+the file's contents be disclosed. This option does not modify existing hashed
+host names and is therefore safe to use on files that mix hashed and non-hashed
+names.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB-i\fR\fR
+.ad
+.RS 21n
+.rt
+This option reads an unencrypted private (or public) key file in
+SSH2-compatible format and prints an OpenSSH compatible private (or public) key
+to stdout. \fBssh-keygen\fR also reads the "SECSH" Public Key File Format. This
+option allows importing keys from several other SSH implementations.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB-l\fR\fR
+.ad
+.RS 21n
+.rt
+Shows the fingerprint of the specified private or public key file.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB-N\fR \fInew_passphrase\fR\fR
+.ad
+.RS 21n
+.rt
+Provides the new passphrase.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB-p\fR\fR
+.ad
+.RS 21n
+.rt
+Requests changing the passphrase of a private key file instead of creating a
+new private key. The program prompts for the file containing the private key,
+for the old passphrase, and prompts twice for the new passphrase.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB-P\fR \fIpassphrase\fR\fR
+.ad
+.RS 21n
+.rt
+Provides the (old) passphrase.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB-q\fR\fR
+.ad
+.RS 21n
+.rt
+Silences \fBssh-keygen\fR.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB-t\fR \fItype\fR\fR
+.ad
+.RS 21n
+.rt
+Specifies the algorithm used for the key, where \fItype\fR is one of \fBrsa\fR,
+\fBdsa\fR, and \fBrsa1\fR. Type \fBrsa1\fR is used only for the SSHv1 protocol.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB-R\fR \fIhostname\fR\fR
+.ad
+.RS 21n
+.rt
+Removes all keys belonging to \fIhostname\fR from a \fBknown_hosts\fR file.
+This option is useful to delete hashed hosts. See \fB-H\fR.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB-x\fR\fR
+.ad
+.RS 21n
+.rt
+Obsolete. Replaced by the \fB-e\fR option.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB-X\fR\fR
+.ad
+.RS 21n
+.rt
+Obsolete. Replaced by the \fB-i\fR option.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB-y\fR\fR
+.ad
+.RS 21n
+.rt
+This option reads a private OpenSSH format file and prints an OpenSSH public
+key to stdout.
+.RE
+
+.SH EXIT STATUS
+.sp
+.LP
+The following exit values are returned:
+.sp
+.ne 2
+.mk
+.na
+\fB\fB0\fR\fR
+.ad
+.RS 5n
+.rt
+Successful completion.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB1\fR\fR
+.ad
+.RS 5n
+.rt
+An error occurred.
+.RE
+
+.SH FILES
+.sp
+.ne 2
+.mk
+.na
+\fB\fB$HOME/.ssh/identity\fR\fR
+.ad
+.RS 27n
+.rt
+This file contains the RSA private key for the SSHv1 protocol. This file should
+not be readable by anyone but the user. It is possible to specify a passphrase
+when generating the key; that passphrase is used to encrypt the private part of
+this file using 3DES. This file is not automatically accessed by
+\fBssh-keygen\fR, but it is offered as the default file for the private key.
+\fBsshd\fR(1M) reads this file when a login attempt is made.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB$HOME/.ssh/identity.pub\fR\fR
+.ad
+.RS 27n
+.rt
+This file contains the RSA public key for the SSHv1 protocol. The contents of
+this file should be added to \fB$HOME/.ssh/authorized_keys\fR on all machines
+where you wish to log in using \fBRSA\fR authentication. There is no need to
+keep the contents of this file secret.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB$HOME/.ssh/id_dsa\fR\fR
+.ad
+.br
+.na
+\fB\fB$HOME/.ssh/id_rsa\fR\fR
+.ad
+.RS 27n
+.rt
+These files contain, respectively, the DSA or RSA private key for the SSHv2
+protocol. These files should not be readable by anyone but the user. It is
+possible to specify a passphrase when generating the key; that passphrase is
+used to encrypt the private part of the file using 3DES. Neither of these files
+is automatically accessed by \fBssh-keygen\fR but is offered as the default
+file for the private key. \fBsshd\fR(1M) reads this file when a login attempt
+is made.
+.RE
+
+.sp
+.ne 2
+.mk
+.na
+\fB\fB$HOME/.ssh/id_dsa.pub\fR\fR
+.ad
+.br
+.na
+\fB\fB$HOME/.ssh/id_rsa.pub\fR\fR
+.ad
+.RS 27n
+.rt
+These files contain, respectively, the DSA or RSA public key for the SSHv2
+protocol. The contents of these files should be added, respectively, to
+\fB$HOME/.ssh/authorized_keys\fR on all machines where you wish to log in using
+DSA or RSA authentication. There is no need to keep the contents of these files
+secret.
+.RE
+
+.SH ATTRIBUTES
+.sp
+.LP
+See \fBattributes\fR(5) for descriptions of the following attributes:
+.sp
+
+.sp
+.TS
+tab() box;
+cw(2.75i) |cw(2.75i)
+lw(2.75i) |lw(2.75i)
+.
+ATTRIBUTE TYPEATTRIBUTE VALUE
+_
+Interface StabilityCommitted
+.TE
+
+.SH SEE ALSO
+.sp
+.LP
+\fBssh\fR(1), \fBssh-add\fR(1), \fBssh-agent\fR(1), \fBsshd\fR(1M),
+\fBattributes\fR(5)
generated by cgit v1.2.3 (git 2.39.1) at 2025-06-05 09:49:25 +0000