summaryrefslogtreecommitdiff
path: root/usr.bin/ssh/ssh-keygen.1
diff options
context:
space:
mode:
Diffstat (limited to 'usr.bin/ssh/ssh-keygen.1')
-rw-r--r--usr.bin/ssh/ssh-keygen.162
1 files changed, 35 insertions, 27 deletions
diff --git a/usr.bin/ssh/ssh-keygen.1 b/usr.bin/ssh/ssh-keygen.1
index e7c837c79fb..90361643c7b 100644
--- a/usr.bin/ssh/ssh-keygen.1
+++ b/usr.bin/ssh/ssh-keygen.1
@@ -9,7 +9,7 @@
.\"
.\" Created: Sat Apr 22 23:55:14 1995 ylo
.\"
-.\" $Id: ssh-keygen.1,v 1.11 2000/01/22 02:17:50 aaron Exp $
+.\" $Id: ssh-keygen.1,v 1.12 2000/03/23 21:10:10 aaron Exp $
.\"
.Dd September 25, 1999
.Dt SSH-KEYGEN 1
@@ -48,27 +48,31 @@ key in
Additionally, the system administrator may use this to generate host keys.
.Pp
Normally this program generates the key and asks for a file in which
-to store the private key. The public key is stored in a file with the
-same name but
+to store the private key.
+The public key is stored in a file with the same name but
.Dq .pub
-appended. The program also asks for a
-passphrase. The passphrase may be empty to indicate no passphrase
+appended.
+The program also asks for a passphrase.
+The passphrase may be empty to indicate no passphrase
(host keys must have empty passphrase), or it may be a string of
-arbitrary length. Good passphrases are 10-30 characters long and are
+arbitrary length.
+Good passphrases are 10-30 characters long and are
not simple sentences or otherwise easily guessable (English
prose has only 1-2 bits of entropy per word, and provides very bad
-passphrases). The passphrase can be changed later by using the
+passphrases).
+The passphrase can be changed later by using the
.Fl p
option.
.Pp
-There is no way to recover a lost passphrase. If the passphrase is
+There is no way to recover a lost passphrase.
+If the passphrase is
lost or forgotten, you will have to generate a new key and copy the
corresponding public key to other machines.
.Pp
There is also a comment field in the key file that is only for
-convenience to the user to help identify the key. The comment can
-tell what the key is for, or whatever is useful. The comment is
-initialized to
+convenience to the user to help identify the key.
+The comment can tell what the key is for, or whatever is useful.
+The comment is initialized to
.Dq user@host
when the key is created, but can be changed using the
.Fl c
@@ -77,10 +81,11 @@ option.
The options are as follows:
.Bl -tag -width Ds
.It Fl b Ar bits
-Specifies the number of bits in the key to create. Minimum is 512
-bits. Generally 1024 bits is considered sufficient, and key sizes
-above that no longer improve security but make things slower. The
-default is 1024 bits.
+Specifies the number of bits in the key to create.
+Minimum is 512 bits.
+Generally 1024 bits is considered sufficient, and key sizes
+above that no longer improve security but make things slower.
+The default is 1024 bits.
.It Fl c
Requests changing the comment in the private and public key files.
The program will prompt for the file containing the private keys, for
@@ -91,7 +96,8 @@ Specifies the filename of the key file.
Show fingerprint of specified private or public key file.
.It Fl p
Requests changing the passphrase of a private key file instead of
-creating a new private key. The program will prompt for the file
+creating a new private key.
+The program will prompt for the file
containing the private key, for the old passphrase, and twice for the
new passphrase.
.It Fl q
@@ -110,28 +116,30 @@ Provides the (old) passphrase.
.Sh FILES
.Bl -tag -width Ds
.It Pa $HOME/.ssh/identity
-Contains the RSA authentication identity of the user. This file
-should not be readable by anyone but the user. It is possible to
+Contains the RSA authentication identity of the user.
+This file should not be readable by anyone but the user.
+It is possible to
specify a passphrase when generating the key; that passphrase will be
-used to encrypt the private part of this file using 3DES. This file
-is not automatically accessed by
+used to encrypt the private part of this file using 3DES.
+This file is not automatically accessed by
.Nm
but it is offered as the default file for the private key.
.It Pa $HOME/.ssh/identity.pub
-Contains the public key for authentication. The contents of this file
-should be added to
+Contains the public key for authentication.
+The contents of this file should be added to
.Pa $HOME/.ssh/authorized_keys
on all machines
-where you wish to log in using RSA authentication. There is no
-need to keep the contents of this file secret.
+where you wish to log in using RSA authentication.
+There is no need to keep the contents of this file secret.
.Sh AUTHOR
Tatu Ylonen <ylo@cs.hut.fi>
.Pp
OpenSSH
is a derivative of the original (free) ssh 1.2.12 release, but with bugs
-removed and newer features re-added. Rapidly after the 1.2.12 release,
-newer versions bore successively more restrictive licenses. This version
-of OpenSSH
+removed and newer features re-added.
+Rapidly after the 1.2.12 release,
+newer versions bore successively more restrictive licenses.
+This version of OpenSSH
.Bl -bullet
.It
has all components of a restrictive nature (i.e., patents, see