👤
Home Man
Search
Today's Posts
Register

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:
Select Section of Man Page:
Select Man Page Repository:

OpenSolaris 2009.06 - man page for ssh-keygen (opensolaris section 1)

ssh-keygen(1)				  User Commands 			    ssh-keygen(1)

NAME
       ssh-keygen - authentication key generation

SYNOPSIS
       ssh-keygen [-q] [-b bits ] -t type [-N new_passphrase]
	    [-C comment] [-f output_keyfile]

       ssh-keygen -p [-P old_passphrase] [-N new_passphrase]
	    [-f keyfile]

       ssh-keygen -i [-f input_keyfile]

       ssh-keygen -e [-f input_keyfile]

       ssh-keygen -y [-f input_keyfile]

       ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]

       ssh-keygen -l [-f input_keyfile]

       ssh-keygen -B [-f input_keyfile]

       ssh-keygen -F hostname [-f known_hosts_file]

       ssh-keygen -H [-f known_hosts_file]

       ssh-keygen -R hostname [-f known_hosts_file]

DESCRIPTION
       The  ssh-keygen	utility  generates, manages, and converts authentication keys for ssh(1).
       ssh-keygen can create RSA keys for use by SSH protocol version 1 and RSA or DSA	keys  for
       use  by	SSH  protocol version 2. The type of key to be generated is specified with the -t
       option.

       Normally, each user wishing to use SSH with RSA or DSA authentication runs  this  once  to
       create	 the   authentication	key   in   $HOME/.ssh/identity,   $HOME/.ssh/id_dsa,   or
       $HOME/.ssh/id_rsa. The system administrator can also use this to generate host keys..

       Ordinarily, this program generates the key and asks for a file in which to store the  pri-
       vate  key.  The	public	key  is stored in a file with the same name but with the ``.pub''
       extension appended. The program also asks for a passphrase. The passphrase can be empty to
       indicate  no  passphrase (host keys must have empty passphrases), or it can be a string of
       arbitrary length. Good passphrases are 10-30 characters long, are not simple sentences  or
       otherwise  easy	to  guess, and contain a mix of uppercase and lowercase letters, numbers,
       and non-alphanumeric characters. (English prose has only 1-2 bits of entropy per word  and
       provides  very poor passphrases.) If a passphrase is set, it must be at least 4 characters
       long.

       The passphrase can be changed later by using the -p option.

       There is no way to recover a lost passphrase. If the passphrase is lost or forgotten,  you
       have to generate a new key and copy the corresponding public key to other machines.

       For RSA, there is also a comment field in the key file that is only for convenience to the
       user to help identify the key. The comment can tell what the key is for,  or  whatever  is
       useful.	The  comment  is initialized to ``user@host'' when the key is created, but can be
       changed using the -c option.

       After a key is generated, instructions below detail where to place the  keys  to  activate
       them.

OPTIONS
       The following options are supported:

       -b bits		    Specifies the number of bits in the key to create. The minimum number
			    is 512 bits. Generally, 1024 bits is considered sufficient. Key sizes
			    above  that  no  longer  improve security but make things slower. The
			    default is 1024 bits.

       -B		    Shows the bubblebabble digest of the specified private or public  key
			    file.

       -c		    Requests  changing	the  comment in the private and public key files.
			    The program prompts for the file containing the private keys, for the
			    passphrase if the key has one, and for the new comment.

			    This option only applies to rsa1 (SSHv1) keys.

       -C comment	    Provides the new comment.

       -e		    This option reads a private or public OpenSSH key file and prints the
			    key in a "SECSH" Public Key File Format to stdout. This option allows
			    exporting keys for use by several other SSH implementations.

       -f		    Specifies the filename of the key file.

       -F		    Search  for the specified hostname in a known_hosts file, listing any
			    occurrences found. This option is useful to find hashed host names or
			    addresses  and  can also be used in conjunction with the -H option to
			    print found keys in a hashed format.

       -H		    Hash a known_hosts file. This replaces all host names  and	addresses
			    with  hashed  representations within the specified file. The original
			    content is moved to a file with a .old suffix. These  hashes  may  be
			    used  normally  by	ssh  and sshd, but they do not reveal identifying
			    information should the file's contents be disclosed. This option does
			    not modify existing hashed host names and is therefore safe to use on
			    files that mix hashed and non-hashed names.

       -i		    This option reads an unencrypted private  (or  public)  key  file  in
			    SSH2-compatible  format  and prints an OpenSSH compatible private (or
			    public) key to stdout. ssh-keygen also reads the "SECSH"  Public  Key
			    File Format. This option allows importing keys from several other SSH
			    implementations.

       -l		    Shows the fingerprint of the specified private or public key file.

       -N new_passphrase    Provides the new passphrase.

       -p		    Requests changing the passphrase of a private  key	file  instead  of
			    creating a new private key. The program prompts for the file contain-
			    ing the private key, for the old passphrase, and  prompts  twice  for
			    the new passphrase.

       -P passphrase	    Provides the (old) passphrase.

       -q		    Silences ssh-keygen.

       -t type		    Specifies  the  algorithm used for the key, where type is one of rsa,
			    dsa, and rsa1. Type rsa1 is used only for the SSHv1 protocol.

       -R hostname	    Removes all keys belonging to hostname from a known_hosts file.  This
			    option is useful to delete hashed hosts. See -H.

       -x		    Obsolete. Replaced by the -e option.

       -X		    Obsolete. Replaced by the -i option.

       -y		    This option reads a private OpenSSH format file and prints an OpenSSH
			    public key to stdout.

EXIT STATUS
       The following exit values are returned:

       0    Successful completion.

       1    An error occurred.

FILES
       $HOME/.ssh/identity	  This file contains the RSA private key for the SSHv1	protocol.
				  This	file should not be readable by anyone but the user. It is
				  possible to specify a passphrase when generating the key;  that
				  passphrase  is  used	to  encrypt the private part of this file
				  using 3DES. This file is not automatically accessed by ssh-key-
				  gen, but it is offered as the default file for the private key.
				  sshd(1M) reads this file when a login attempt is made.

       $HOME/.ssh/identity.pub	  This file contains the RSA public key for the  SSHv1	protocol.
				  The  contents of this file should be added to $HOME/.ssh/autho-
				  rized_keys on all machines where you wish to log in  using  RSA
				  authentication.  There  is no need to keep the contents of this
				  file secret.

       $HOME/.ssh/id_dsa	  These files contain, respectively, the DSA or RSA  private  key
       $HOME/.ssh/id_rsa	  for  the  SSHv2 protocol. These files should not be readable by
				  anyone but the user. It is possible  to  specify  a  passphrase
				  when generating the key; that passphrase is used to encrypt the
				  private part of the file using 3DES. Neither of these files  is
				  automatically  accessed  by  ssh-keygen  but	is offered as the
				  default file for the private key. sshd(1M) reads this file when
				  a login attempt is made.

       $HOME/.ssh/id_dsa.pub	  These  files	contain,  respectively, the DSA or RSA public key
       $HOME/.ssh/id_rsa.pub	  for the SSHv2 protocol. The contents of these files  should  be
				  added,   respectively,  to  $HOME/.ssh/authorized_keys  on  all
				  machines where you wish to log in using DSA or RSA  authentica-
				  tion.  There	is  no	need  to keep the contents of these files
				  secret.

ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWsshcu 		   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Committed 		   |
       +-----------------------------+-----------------------------+

SEE ALSO
       ssh(1), ssh-add(1), ssh-agent(1), sshd(1M), attributes(5)

SunOS 5.11				   17 Feb 2009				    ssh-keygen(1)


All times are GMT -4. The time now is 05:08 AM.

Unix & Linux Forums Content Copyrightę1993-2018. All Rights Reserved.
×
UNIX.COM Login
Username:
Password:  
Show Password