diff options
Diffstat (limited to 'usr.bin/ssh/ssh-keygen.1')
-rw-r--r-- | usr.bin/ssh/ssh-keygen.1 | 62 |
1 files changed, 35 insertions, 27 deletions
diff --git a/usr.bin/ssh/ssh-keygen.1 b/usr.bin/ssh/ssh-keygen.1 index e7c837c79fb..90361643c7b 100644 --- a/usr.bin/ssh/ssh-keygen.1 +++ b/usr.bin/ssh/ssh-keygen.1 @@ -9,7 +9,7 @@ .\" .\" Created: Sat Apr 22 23:55:14 1995 ylo .\" -.\" $Id: ssh-keygen.1,v 1.11 2000/01/22 02:17:50 aaron Exp $ +.\" $Id: ssh-keygen.1,v 1.12 2000/03/23 21:10:10 aaron Exp $ .\" .Dd September 25, 1999 .Dt SSH-KEYGEN 1 @@ -48,27 +48,31 @@ key in Additionally, the system administrator may use this to generate host keys. .Pp Normally this program generates the key and asks for a file in which -to store the private key. The public key is stored in a file with the -same name but +to store the private key. +The public key is stored in a file with the same name but .Dq .pub -appended. The program also asks for a -passphrase. The passphrase may be empty to indicate no passphrase +appended. +The program also asks for a passphrase. +The passphrase may be empty to indicate no passphrase (host keys must have empty passphrase), or it may be a string of -arbitrary length. Good passphrases are 10-30 characters long and are +arbitrary length. +Good passphrases are 10-30 characters long and are not simple sentences or otherwise easily guessable (English prose has only 1-2 bits of entropy per word, and provides very bad -passphrases). The passphrase can be changed later by using the +passphrases). +The passphrase can be changed later by using the .Fl p option. .Pp -There is no way to recover a lost passphrase. If the passphrase is +There is no way to recover a lost passphrase. +If the passphrase is lost or forgotten, you will have to generate a new key and copy the corresponding public key to other machines. .Pp There is also a comment field in the key file that is only for -convenience to the user to help identify the key. The comment can -tell what the key is for, or whatever is useful. The comment is -initialized to +convenience to the user to help identify the key. +The comment can tell what the key is for, or whatever is useful. +The comment is initialized to .Dq user@host when the key is created, but can be changed using the .Fl c @@ -77,10 +81,11 @@ option. The options are as follows: .Bl -tag -width Ds .It Fl b Ar bits -Specifies the number of bits in the key to create. Minimum is 512 -bits. Generally 1024 bits is considered sufficient, and key sizes -above that no longer improve security but make things slower. The -default is 1024 bits. +Specifies the number of bits in the key to create. +Minimum is 512 bits. +Generally 1024 bits is considered sufficient, and key sizes +above that no longer improve security but make things slower. +The default is 1024 bits. .It Fl c Requests changing the comment in the private and public key files. The program will prompt for the file containing the private keys, for @@ -91,7 +96,8 @@ Specifies the filename of the key file. Show fingerprint of specified private or public key file. .It Fl p Requests changing the passphrase of a private key file instead of -creating a new private key. The program will prompt for the file +creating a new private key. +The program will prompt for the file containing the private key, for the old passphrase, and twice for the new passphrase. .It Fl q @@ -110,28 +116,30 @@ Provides the (old) passphrase. .Sh FILES .Bl -tag -width Ds .It Pa $HOME/.ssh/identity -Contains the RSA authentication identity of the user. This file -should not be readable by anyone but the user. It is possible to +Contains the RSA authentication identity of the user. +This file should not be readable by anyone but the user. +It is possible to specify a passphrase when generating the key; that passphrase will be -used to encrypt the private part of this file using 3DES. This file -is not automatically accessed by +used to encrypt the private part of this file using 3DES. +This file is not automatically accessed by .Nm but it is offered as the default file for the private key. .It Pa $HOME/.ssh/identity.pub -Contains the public key for authentication. The contents of this file -should be added to +Contains the public key for authentication. +The contents of this file should be added to .Pa $HOME/.ssh/authorized_keys on all machines -where you wish to log in using RSA authentication. There is no -need to keep the contents of this file secret. +where you wish to log in using RSA authentication. +There is no need to keep the contents of this file secret. .Sh AUTHOR Tatu Ylonen <ylo@cs.hut.fi> .Pp OpenSSH is a derivative of the original (free) ssh 1.2.12 release, but with bugs -removed and newer features re-added. Rapidly after the 1.2.12 release, -newer versions bore successively more restrictive licenses. This version -of OpenSSH +removed and newer features re-added. +Rapidly after the 1.2.12 release, +newer versions bore successively more restrictive licenses. +This version of OpenSSH .Bl -bullet .It has all components of a restrictive nature (i.e., patents, see |