diff options
author | Dag-Erling Smørgrav <des@FreeBSD.org> | 2008-07-22 19:01:18 +0000 |
---|---|---|
committer | Dag-Erling Smørgrav <des@FreeBSD.org> | 2008-07-22 19:01:18 +0000 |
commit | e3ae3b098db0d696976a0a4a75e7563b0bdbf21a (patch) | |
tree | 9827eb822991aa369cf5d220fce40c3d2011c19f /crypto/openssh/ssh-keygen.1 | |
parent | 92eb0aa103fa16ca6fc3ae7097a6a27d993f3b3c (diff) | |
download | src-e3ae3b098db0d696976a0a4a75e7563b0bdbf21a.tar.gz src-e3ae3b098db0d696976a0a4a75e7563b0bdbf21a.zip |
Properly flatten openssh/dist.
Notes
Notes:
svn path=/vendor-crypto/openssh/dist/; revision=180720
Diffstat (limited to 'crypto/openssh/ssh-keygen.1')
-rw-r--r-- | crypto/openssh/ssh-keygen.1 | 468 |
1 files changed, 0 insertions, 468 deletions
diff --git a/crypto/openssh/ssh-keygen.1 b/crypto/openssh/ssh-keygen.1 deleted file mode 100644 index ab16bcd77731..000000000000 --- a/crypto/openssh/ssh-keygen.1 +++ /dev/null @@ -1,468 +0,0 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.72 2005/11/28 05:16:53 dtucker Exp $ -.\" -.\" -*- nroff -*- -.\" -.\" Author: Tatu Ylonen <ylo@cs.hut.fi> -.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland -.\" All rights reserved -.\" -.\" As far as I am concerned, the code I have written for this software -.\" can be used freely for any purpose. Any derived versions of this -.\" software must be clearly marked as such, and if the derived work is -.\" incompatible with the protocol description in the RFC file, it must be -.\" called by a name other than "ssh" or "Secure Shell". -.\" -.\" -.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. -.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. -.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR -.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, -.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.Dd September 25, 1999 -.Dt SSH-KEYGEN 1 -.Os -.Sh NAME -.Nm ssh-keygen -.Nd authentication key generation, management and conversion -.Sh SYNOPSIS -.Nm ssh-keygen -.Bk -words -.Op Fl q -.Op Fl b Ar bits -.Fl t Ar type -.Op Fl N Ar new_passphrase -.Op Fl C Ar comment -.Op Fl f Ar output_keyfile -.Ek -.Nm ssh-keygen -.Fl p -.Op Fl P Ar old_passphrase -.Op Fl N Ar new_passphrase -.Op Fl f Ar keyfile -.Nm ssh-keygen -.Fl i -.Op Fl f Ar input_keyfile -.Nm ssh-keygen -.Fl e -.Op Fl f Ar input_keyfile -.Nm ssh-keygen -.Fl y -.Op Fl f Ar input_keyfile -.Nm ssh-keygen -.Fl c -.Op Fl P Ar passphrase -.Op Fl C Ar comment -.Op Fl f Ar keyfile -.Nm ssh-keygen -.Fl l -.Op Fl f Ar input_keyfile -.Nm ssh-keygen -.Fl B -.Op Fl f Ar input_keyfile -.Nm ssh-keygen -.Fl D Ar reader -.Nm ssh-keygen -.Fl F Ar hostname -.Op Fl f Ar known_hosts_file -.Nm ssh-keygen -.Fl H -.Op Fl f Ar known_hosts_file -.Nm ssh-keygen -.Fl R Ar hostname -.Op Fl f Ar known_hosts_file -.Nm ssh-keygen -.Fl U Ar reader -.Op Fl f Ar input_keyfile -.Nm ssh-keygen -.Fl r Ar hostname -.Op Fl f Ar input_keyfile -.Op Fl g -.Nm ssh-keygen -.Fl G Ar output_file -.Op Fl v -.Op Fl b Ar bits -.Op Fl M Ar memory -.Op Fl S Ar start_point -.Nm ssh-keygen -.Fl T Ar output_file -.Fl f Ar input_file -.Op Fl v -.Op Fl a Ar num_trials -.Op Fl W Ar generator -.Sh DESCRIPTION -.Nm -generates, manages and converts authentication keys for -.Xr ssh 1 . -.Nm -can create RSA keys for use by SSH protocol version 1 and RSA or DSA -keys for use by SSH protocol version 2. -The type of key to be generated is specified with the -.Fl t -option. -If invoked without any arguments, -.Nm -will generate an RSA key for use in SSH protocol 2 connections. -.Pp -.Nm -is also used to generate groups for use in Diffie-Hellman group -exchange (DH-GEX). -See the -.Sx MODULI GENERATION -section for details. -.Pp -Normally each user wishing to use SSH -with RSA or DSA authentication runs this once to create the authentication -key in -.Pa ~/.ssh/identity , -.Pa ~/.ssh/id_dsa -or -.Pa ~/.ssh/id_rsa . -Additionally, the system administrator may use this to generate host keys, -as seen in -.Pa /etc/rc . -.Pp -Normally this program generates the key and asks for a file in which -to store the private key. -The public key is stored in a file with the same name but -.Dq .pub -appended. -The program also asks for a passphrase. -The passphrase may be empty to indicate no passphrase -(host keys must have an empty passphrase), or it may be a string of -arbitrary length. -A passphrase is similar to a password, except it can be a phrase with a -series of words, punctuation, numbers, whitespace, or any string of -characters you want. -Good passphrases are 10-30 characters long, are -not simple sentences or otherwise easily guessable (English -prose has only 1-2 bits of entropy per character, and provides very bad -passphrases), and contain a mix of upper and lowercase letters, -numbers, and non-alphanumeric characters. -The passphrase can be changed later by using the -.Fl p -option. -.Pp -There is no way to recover a lost passphrase. -If the passphrase is -lost or forgotten, a new key must be generated and copied to the -corresponding public key to other machines. -.Pp -For RSA1 keys, -there is also a comment field in the key file that is only for -convenience to the user to help identify the key. -The comment can tell what the key is for, or whatever is useful. -The comment is initialized to -.Dq user@host -when the key is created, but can be changed using the -.Fl c -option. -.Pp -After a key is generated, instructions below detail where the keys -should be placed to be activated. -.Pp -The options are as follows: -.Bl -tag -width Ds -.It Fl a Ar trials -Specifies the number of primality tests to perform when screening DH-GEX -candidates using the -.Fl T -command. -.It Fl B -Show the bubblebabble digest of specified private or public key file. -.It Fl b Ar bits -Specifies the number of bits in the key to create. -For RSA keys, the minimum size is 768 bits and the default is 2048 bits. -Generally, 2048 bits is considered sufficient. -DSA keys must be exactly 1024 bits as specified by FIPS 186-2. -.It Fl C Ar comment -Provides a new comment. -.It Fl c -Requests changing the comment in the private and public key files. -This operation is only supported for RSA1 keys. -The program will prompt for the file containing the private keys, for -the passphrase if the key has one, and for the new comment. -.It Fl D Ar reader -Download the RSA public key stored in the smartcard in -.Ar reader . -.It Fl e -This option will read a private or public OpenSSH key file and -print the key in a -.Sq SECSH Public Key File Format -to stdout. -This option allows exporting keys for use by several commercial -SSH implementations. -.It Fl F Ar hostname -Search for the specified -.Ar hostname -in a -.Pa known_hosts -file, listing any occurrences found. -This option is useful to find hashed host names or addresses and may also be -used in conjunction with the -.Fl H -option to print found keys in a hashed format. -.It Fl f Ar filename -Specifies the filename of the key file. -.It Fl G Ar output_file -Generate candidate primes for DH-GEX. -These primes must be screened for -safety (using the -.Fl T -option) before use. -.It Fl g -Use generic DNS format when printing fingerprint resource records using the -.Fl r -command. -.It Fl H -Hash a -.Pa known_hosts -file. -This replaces all hostnames and addresses with hashed representations -within the specified file; the original content is moved to a file with -a .old suffix. -These hashes may be used normally by -.Nm ssh -and -.Nm sshd , -but they do not reveal identifying information should the file's contents -be disclosed. -This option will not modify existing hashed hostnames and is therefore safe -to use on files that mix hashed and non-hashed names. -.It Fl i -This option will read an unencrypted private (or public) key file -in SSH2-compatible format and print an OpenSSH compatible private -(or public) key to stdout. -.Nm -also reads the -.Sq SECSH Public Key File Format . -This option allows importing keys from several commercial -SSH implementations. -.It Fl l -Show fingerprint of specified public key file. -Private RSA1 keys are also supported. -For RSA and DSA keys -.Nm -tries to find the matching public key file and prints its fingerprint. -.It Fl M Ar memory -Specify the amount of memory to use (in megabytes) when generating -candidate moduli for DH-GEX. -.It Fl N Ar new_passphrase -Provides the new passphrase. -.It Fl P Ar passphrase -Provides the (old) passphrase. -.It Fl p -Requests changing the passphrase of a private key file instead of -creating a new private key. -The program will prompt for the file -containing the private key, for the old passphrase, and twice for the -new passphrase. -.It Fl q -Silence -.Nm ssh-keygen . -Used by -.Pa /etc/rc -when creating a new key. -.It Fl R Ar hostname -Removes all keys belonging to -.Ar hostname -from a -.Pa known_hosts -file. -This option is useful to delete hashed hosts (see the -.Fl H -option above). -.It Fl r Ar hostname -Print the SSHFP fingerprint resource record named -.Ar hostname -for the specified public key file. -.It Fl S Ar start -Specify start point (in hex) when generating candidate moduli for DH-GEX. -.It Fl T Ar output_file -Test DH group exchange candidate primes (generated using the -.Fl G -option) for safety. -.It Fl t Ar type -Specifies the type of key to create. -The possible values are -.Dq rsa1 -for protocol version 1 and -.Dq rsa -or -.Dq dsa -for protocol version 2. -.It Fl U Ar reader -Upload an existing RSA private key into the smartcard in -.Ar reader . -.It Fl v -Verbose mode. -Causes -.Nm -to print debugging messages about its progress. -This is helpful for debugging moduli generation. -Multiple -.Fl v -options increase the verbosity. -The maximum is 3. -.It Fl W Ar generator -Specify desired generator when testing candidate moduli for DH-GEX. -.It Fl y -This option will read a private -OpenSSH format file and print an OpenSSH public key to stdout. -.El -.Sh MODULI GENERATION -.Nm -may be used to generate groups for the Diffie-Hellman Group Exchange -(DH-GEX) protocol. -Generating these groups is a two-step process: first, candidate -primes are generated using a fast, but memory intensive process. -These candidate primes are then tested for suitability (a CPU-intensive -process). -.Pp -Generation of primes is performed using the -.Fl G -option. -The desired length of the primes may be specified by the -.Fl b -option. -For example: -.Pp -.Dl # ssh-keygen -G moduli-2048.candidates -b 2048 -.Pp -By default, the search for primes begins at a random point in the -desired length range. -This may be overridden using the -.Fl S -option, which specifies a different start point (in hex). -.Pp -Once a set of candidates have been generated, they must be tested for -suitability. -This may be performed using the -.Fl T -option. -In this mode -.Nm -will read candidates from standard input (or a file specified using the -.Fl f -option). -For example: -.Pp -.Dl # ssh-keygen -T moduli-2048 -f moduli-2048.candidates -.Pp -By default, each candidate will be subjected to 100 primality tests. -This may be overridden using the -.Fl a -option. -The DH generator value will be chosen automatically for the -prime under consideration. -If a specific generator is desired, it may be requested using the -.Fl W -option. -Valid generator values are 2, 3, and 5. -.Pp -Screened DH groups may be installed in -.Pa /etc/moduli . -It is important that this file contains moduli of a range of bit lengths and -that both ends of a connection share common moduli. -.Sh FILES -.Bl -tag -width Ds -.It Pa ~/.ssh/identity -Contains the protocol version 1 RSA authentication identity of the user. -This file should not be readable by anyone but the user. -It is possible to -specify a passphrase when generating the key; that passphrase will be -used to encrypt the private part of this file using 3DES. -This file is not automatically accessed by -.Nm -but it is offered as the default file for the private key. -.Xr ssh 1 -will read this file when a login attempt is made. -.It Pa ~/.ssh/identity.pub -Contains the protocol version 1 RSA public key for authentication. -The contents of this file should be added to -.Pa ~/.ssh/authorized_keys -on all machines -where the user wishes to log in using RSA authentication. -There is no need to keep the contents of this file secret. -.It Pa ~/.ssh/id_dsa -Contains the protocol version 2 DSA authentication identity of the user. -This file should not be readable by anyone but the user. -It is possible to -specify a passphrase when generating the key; that passphrase will be -used to encrypt the private part of this file using 3DES. -This file is not automatically accessed by -.Nm -but it is offered as the default file for the private key. -.Xr ssh 1 -will read this file when a login attempt is made. -.It Pa ~/.ssh/id_dsa.pub -Contains the protocol version 2 DSA public key for authentication. -The contents of this file should be added to -.Pa ~/.ssh/authorized_keys -on all machines -where the user wishes to log in using public key authentication. -There is no need to keep the contents of this file secret. -.It Pa ~/.ssh/id_rsa -Contains the protocol version 2 RSA authentication identity of the user. -This file should not be readable by anyone but the user. -It is possible to -specify a passphrase when generating the key; that passphrase will be -used to encrypt the private part of this file using 3DES. -This file is not automatically accessed by -.Nm -but it is offered as the default file for the private key. -.Xr ssh 1 -will read this file when a login attempt is made. -.It Pa ~/.ssh/id_rsa.pub -Contains the protocol version 2 RSA public key for authentication. -The contents of this file should be added to -.Pa ~/.ssh/authorized_keys -on all machines -where the user wishes to log in using public key authentication. -There is no need to keep the contents of this file secret. -.It Pa /etc/moduli -Contains Diffie-Hellman groups used for DH-GEX. -The file format is described in -.Xr moduli 5 . -.El -.Sh SEE ALSO -.Xr ssh 1 , -.Xr ssh-add 1 , -.Xr ssh-agent 1 , -.Xr moduli 5 , -.Xr sshd 8 -.Rs -.%A J. Galbraith -.%A R. Thayer -.%T "SECSH Public Key File Format" -.%N draft-ietf-secsh-publickeyfile-01.txt -.%D March 2001 -.%O work in progress material -.Re -.Sh AUTHORS -OpenSSH is a derivative of the original and free -ssh 1.2.12 release by Tatu Ylonen. -Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, -Theo de Raadt and Dug Song -removed many bugs, re-added newer features and -created OpenSSH. -Markus Friedl contributed the support for SSH -protocol versions 1.5 and 2.0. |