blob: ce2213c7802b200ddf3fa99404cd3c2008fe26e7 [file] [log] [blame]
jmc@openbsd.orgb6cf84b2016-06-16 06:10:45 +00001.\" $OpenBSD: ssh-keygen.1,v 1.133 2016/06/16 06:10:45 jmc Exp $
Damien Miller32aa1441999-10-29 09:15:49 +10002.\"
Damien Miller32aa1441999-10-29 09:15:49 +10003.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
Damien Miller32aa1441999-10-29 09:15:49 +10004.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5.\" All rights reserved
6.\"
Damien Millere4340be2000-09-16 13:29:08 +11007.\" As far as I am concerned, the code I have written for this software
8.\" can be used freely for any purpose. Any derived versions of this
9.\" software must be clearly marked as such, and if the derived work is
10.\" incompatible with the protocol description in the RFC file, it must be
11.\" called by a name other than "ssh" or "Secure Shell".
Damien Miller32aa1441999-10-29 09:15:49 +100012.\"
Damien Millere4340be2000-09-16 13:29:08 +110013.\"
Ben Lindstrom92a2e382001-03-05 06:59:27 +000014.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
15.\" Copyright (c) 1999 Aaron Campbell. All rights reserved.
16.\" Copyright (c) 1999 Theo de Raadt. All rights reserved.
Damien Millere4340be2000-09-16 13:29:08 +110017.\"
18.\" Redistribution and use in source and binary forms, with or without
19.\" modification, are permitted provided that the following conditions
20.\" are met:
21.\" 1. Redistributions of source code must retain the above copyright
22.\" notice, this list of conditions and the following disclaimer.
23.\" 2. Redistributions in binary form must reproduce the above copyright
24.\" notice, this list of conditions and the following disclaimer in the
25.\" documentation and/or other materials provided with the distribution.
26.\"
27.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
28.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
29.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
30.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
31.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
32.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
33.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
34.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
35.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
36.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Damien Miller32aa1441999-10-29 09:15:49 +100037.\"
jmc@openbsd.orgb6cf84b2016-06-16 06:10:45 +000038.Dd $Mdocdate: June 16 2016 $
Damien Miller32aa1441999-10-29 09:15:49 +100039.Dt SSH-KEYGEN 1
40.Os
41.Sh NAME
42.Nm ssh-keygen
Ben Lindstrom5a707822001-04-22 17:15:46 +000043.Nd authentication key generation, management and conversion
Damien Miller32aa1441999-10-29 09:15:49 +100044.Sh SYNOPSIS
Damien Miller495dca32003-04-01 21:42:14 +100045.Bk -words
Damien Millerbad5e032010-07-16 13:59:59 +100046.Nm ssh-keygen
Damien Miller0bc1bd82000-11-13 22:57:25 +110047.Op Fl q
Damien Miller32aa1441999-10-29 09:15:49 +100048.Op Fl b Ar bits
Damien Millerf0858de2014-04-20 13:01:30 +100049.Op Fl t Cm dsa | ecdsa | ed25519 | rsa | rsa1
Damien Miller32aa1441999-10-29 09:15:49 +100050.Op Fl N Ar new_passphrase
51.Op Fl C Ar comment
Damien Miller1a425f32000-09-02 10:08:09 +110052.Op Fl f Ar output_keyfile
Damien Miller32aa1441999-10-29 09:15:49 +100053.Nm ssh-keygen
54.Fl p
55.Op Fl P Ar old_passphrase
56.Op Fl N Ar new_passphrase
Damien Miller10f6f6b1999-11-17 17:29:08 +110057.Op Fl f Ar keyfile
Damien Miller32aa1441999-10-29 09:15:49 +100058.Nm ssh-keygen
Ben Lindstrom5a707822001-04-22 17:15:46 +000059.Fl i
Damien Miller44b25042010-07-02 13:35:01 +100060.Op Fl m Ar key_format
Damien Miller1a425f32000-09-02 10:08:09 +110061.Op Fl f Ar input_keyfile
Damien Millere247cc42000-05-07 12:03:14 +100062.Nm ssh-keygen
Ben Lindstrom5a707822001-04-22 17:15:46 +000063.Fl e
Damien Miller44b25042010-07-02 13:35:01 +100064.Op Fl m Ar key_format
Damien Miller1a425f32000-09-02 10:08:09 +110065.Op Fl f Ar input_keyfile
Damien Millere247cc42000-05-07 12:03:14 +100066.Nm ssh-keygen
67.Fl y
Damien Miller1a425f32000-09-02 10:08:09 +110068.Op Fl f Ar input_keyfile
Damien Millere247cc42000-05-07 12:03:14 +100069.Nm ssh-keygen
Damien Miller32aa1441999-10-29 09:15:49 +100070.Fl c
71.Op Fl P Ar passphrase
72.Op Fl C Ar comment
Damien Miller10f6f6b1999-11-17 17:29:08 +110073.Op Fl f Ar keyfile
74.Nm ssh-keygen
75.Fl l
naddy@openbsd.org6288e3a2015-02-24 15:24:05 +000076.Op Fl v
djm@openbsd.org56d1c832014-12-21 22:27:55 +000077.Op Fl E Ar fingerprint_hash
Ben Lindstrom8fd372b2001-03-12 03:02:17 +000078.Op Fl f Ar input_keyfile
79.Nm ssh-keygen
80.Fl B
Damien Miller1a425f32000-09-02 10:08:09 +110081.Op Fl f Ar input_keyfile
Ben Lindstroma1ec4a92001-08-06 21:51:34 +000082.Nm ssh-keygen
Damien Miller048dc932010-02-12 09:22:04 +110083.Fl D Ar pkcs11
Ben Lindstroma1ec4a92001-08-06 21:51:34 +000084.Nm ssh-keygen
Damien Miller4b42d7f2005-03-01 21:48:35 +110085.Fl F Ar hostname
86.Op Fl f Ar known_hosts_file
Damien Miller718ed502008-11-03 19:15:20 +110087.Op Fl l
Damien Miller4b42d7f2005-03-01 21:48:35 +110088.Nm ssh-keygen
89.Fl H
90.Op Fl f Ar known_hosts_file
91.Nm ssh-keygen
92.Fl R Ar hostname
93.Op Fl f Ar known_hosts_file
94.Nm ssh-keygen
Damien Miller37876e92003-05-15 10:19:46 +100095.Fl r Ar hostname
96.Op Fl f Ar input_keyfile
97.Op Fl g
Darren Tucker019cefe2003-08-02 22:40:07 +100098.Nm ssh-keygen
99.Fl G Ar output_file
Darren Tucker06930c72003-12-31 11:34:51 +1100100.Op Fl v
Darren Tucker019cefe2003-08-02 22:40:07 +1000101.Op Fl b Ar bits
102.Op Fl M Ar memory
103.Op Fl S Ar start_point
104.Nm ssh-keygen
105.Fl T Ar output_file
106.Fl f Ar input_file
Darren Tucker06930c72003-12-31 11:34:51 +1100107.Op Fl v
Damien Miller4f752cf2013-12-18 17:45:35 +1100108.Op Fl a Ar rounds
Damien Millerdfceafe2012-07-06 13:44:19 +1000109.Op Fl J Ar num_lines
110.Op Fl j Ar start_line
Damien Miller390d0562011-10-18 16:05:19 +1100111.Op Fl K Ar checkpt
Darren Tucker019cefe2003-08-02 22:40:07 +1000112.Op Fl W Ar generator
Damien Miller0a80ca12010-02-27 07:55:05 +1100113.Nm ssh-keygen
114.Fl s Ar ca_key
115.Fl I Ar certificate_identity
116.Op Fl h
117.Op Fl n Ar principals
Damien Miller4e270b02010-04-16 15:56:21 +1000118.Op Fl O Ar option
Damien Miller0a80ca12010-02-27 07:55:05 +1100119.Op Fl V Ar validity_interval
Damien Miller4e270b02010-04-16 15:56:21 +1000120.Op Fl z Ar serial_number
Damien Miller0a80ca12010-02-27 07:55:05 +1100121.Ar
Damien Millerf2b70ca2010-03-05 07:39:35 +1100122.Nm ssh-keygen
Damien Millerf2b70ca2010-03-05 07:39:35 +1100123.Fl L
124.Op Fl f Ar input_keyfile
Damien Miller58f1baf2011-05-05 14:06:15 +1000125.Nm ssh-keygen
126.Fl A
Damien Millerf3747bf2013-01-18 11:44:04 +1100127.Nm ssh-keygen
128.Fl k
129.Fl f Ar krl_file
130.Op Fl u
Damien Millerac5542b2013-01-20 22:33:02 +1100131.Op Fl s Ar ca_public
132.Op Fl z Ar version_number
Damien Millerf3747bf2013-01-18 11:44:04 +1100133.Ar
134.Nm ssh-keygen
135.Fl Q
136.Fl f Ar krl_file
137.Ar
Damien Miller15f5b562010-03-03 10:25:21 +1100138.Ek
Damien Miller22c77262000-04-13 12:26:34 +1000139.Sh DESCRIPTION
Damien Miller32aa1441999-10-29 09:15:49 +1000140.Nm
Ben Lindstrom5a707822001-04-22 17:15:46 +0000141generates, manages and converts authentication keys for
Damien Miller32aa1441999-10-29 09:15:49 +1000142.Xr ssh 1 .
Damien Millere247cc42000-05-07 12:03:14 +1000143.Nm
jmc@openbsd.orga685ae82016-02-17 07:38:19 +0000144can create keys for use by SSH protocol versions 1 and 2.
145Protocol 1 should not be used
146and is only offered to support legacy devices.
147It suffers from a number of cryptographic weaknesses
148and doesn't support many of the advanced features available for protocol 2.
149.Pp
Damien Millerfbf486b2003-05-23 18:44:23 +1000150The type of key to be generated is specified with the
Damien Miller0bc1bd82000-11-13 22:57:25 +1100151.Fl t
Damien Millera41c8b12002-01-22 23:05:08 +1100152option.
Damien Millerf14be5c2005-11-05 15:15:49 +1100153If invoked without any arguments,
154.Nm
Damien Miller83d0d392005-11-05 15:16:27 +1100155will generate an RSA key for use in SSH protocol 2 connections.
Damien Millere247cc42000-05-07 12:03:14 +1000156.Pp
Darren Tucker019cefe2003-08-02 22:40:07 +1000157.Nm
158is also used to generate groups for use in Diffie-Hellman group
159exchange (DH-GEX).
160See the
161.Sx MODULI GENERATION
162section for details.
163.Pp
Damien Millerf3747bf2013-01-18 11:44:04 +1100164Finally,
165.Nm
166can be used to generate and update Key Revocation Lists, and to test whether
Damien Millerac5542b2013-01-20 22:33:02 +1100167given keys have been revoked by one.
168See the
Damien Millerf3747bf2013-01-18 11:44:04 +1100169.Sx KEY REVOCATION LISTS
170section for details.
171.Pp
Damien Miller32aa1441999-10-29 09:15:49 +1000172Normally each user wishing to use SSH
Damien Millereb8b60e2010-08-31 22:41:14 +1000173with public key authentication runs this once to create the authentication
Damien Miller32aa1441999-10-29 09:15:49 +1000174key in
Damien Miller167ea5d2005-05-26 12:04:02 +1000175.Pa ~/.ssh/identity ,
Damien Miller8ba0ead2013-12-18 17:46:27 +1100176.Pa ~/.ssh/id_dsa ,
Damien Millereb8b60e2010-08-31 22:41:14 +1000177.Pa ~/.ssh/id_ecdsa ,
Damien Miller8ba0ead2013-12-18 17:46:27 +1100178.Pa ~/.ssh/id_ed25519
Damien Millere247cc42000-05-07 12:03:14 +1000179or
Damien Miller167ea5d2005-05-26 12:04:02 +1000180.Pa ~/.ssh/id_rsa .
Damien Millere247cc42000-05-07 12:03:14 +1000181Additionally, the system administrator may use this to generate host keys,
182as seen in
183.Pa /etc/rc .
Damien Miller32aa1441999-10-29 09:15:49 +1000184.Pp
185Normally this program generates the key and asks for a file in which
Damien Miller450a7a12000-03-26 13:04:51 +1000186to store the private key.
187The public key is stored in a file with the same name but
Damien Miller32aa1441999-10-29 09:15:49 +1000188.Dq .pub
Damien Miller450a7a12000-03-26 13:04:51 +1000189appended.
190The program also asks for a passphrase.
191The passphrase may be empty to indicate no passphrase
Ben Lindstrombf555ba2001-01-18 02:04:35 +0000192(host keys must have an empty passphrase), or it may be a string of
Damien Miller450a7a12000-03-26 13:04:51 +1000193arbitrary length.
Ben Lindstrom4e366d52001-12-06 16:43:21 +0000194A passphrase is similar to a password, except it can be a phrase with a
195series of words, punctuation, numbers, whitespace, or any string of
196characters you want.
197Good passphrases are 10-30 characters long, are
Damien Miller32aa1441999-10-29 09:15:49 +1000198not simple sentences or otherwise easily guessable (English
Ben Lindstrom2a097a42001-06-09 01:13:40 +0000199prose has only 1-2 bits of entropy per character, and provides very bad
Ben Lindstrom4e366d52001-12-06 16:43:21 +0000200passphrases), and contain a mix of upper and lowercase letters,
201numbers, and non-alphanumeric characters.
Damien Miller450a7a12000-03-26 13:04:51 +1000202The passphrase can be changed later by using the
Damien Miller32aa1441999-10-29 09:15:49 +1000203.Fl p
204option.
205.Pp
Damien Miller450a7a12000-03-26 13:04:51 +1000206There is no way to recover a lost passphrase.
Damien Miller085c90f2011-05-05 14:15:33 +1000207If the passphrase is lost or forgotten, a new key must be generated
208and the corresponding public key copied to other machines.
Damien Miller32aa1441999-10-29 09:15:49 +1000209.Pp
jmc@openbsd.orgb6cf84b2016-06-16 06:10:45 +0000210For RSA1 keys and keys stored in the newer OpenSSH format,
Ben Lindstrom5a707822001-04-22 17:15:46 +0000211there is also a comment field in the key file that is only for
Damien Miller450a7a12000-03-26 13:04:51 +1000212convenience to the user to help identify the key.
213The comment can tell what the key is for, or whatever is useful.
214The comment is initialized to
Damien Miller32aa1441999-10-29 09:15:49 +1000215.Dq user@host
216when the key is created, but can be changed using the
217.Fl c
218option.
219.Pp
Damien Millere247cc42000-05-07 12:03:14 +1000220After a key is generated, instructions below detail where the keys
221should be placed to be activated.
222.Pp
Damien Miller32aa1441999-10-29 09:15:49 +1000223The options are as follows:
224.Bl -tag -width Ds
Damien Miller58f1baf2011-05-05 14:06:15 +1000225.It Fl A
Damien Miller8ba0ead2013-12-18 17:46:27 +1100226For each of the key types (rsa1, rsa, dsa, ecdsa and ed25519)
227for which host keys
Damien Miller58f1baf2011-05-05 14:06:15 +1000228do not exist, generate the host keys with the default key file path,
229an empty passphrase, default bits for the key type, and default comment.
Damien Miller3ca1eb32011-05-05 14:13:50 +1000230This is used by
Damien Miller58f1baf2011-05-05 14:06:15 +1000231.Pa /etc/rc
232to generate new host keys.
Damien Miller4f752cf2013-12-18 17:45:35 +1100233.It Fl a Ar rounds
234When saving a new-format private key (i.e. an ed25519 key or any SSH protocol
2352 key when the
236.Fl o
237flag is set), this option specifies the number of KDF (key derivation function)
238rounds used.
239Higher numbers result in slower passphrase verification and increased
240resistance to brute-force password cracking (should the keys be stolen).
241.Pp
242When screening DH-GEX candidates (
243using the
Darren Tucker019cefe2003-08-02 22:40:07 +1000244.Fl T
Damien Miller4f752cf2013-12-18 17:45:35 +1100245command).
246This option specifies the number of primality tests to perform.
Damien Miller265d3092005-03-02 12:05:06 +1100247.It Fl B
248Show the bubblebabble digest of specified private or public key file.
Damien Miller32aa1441999-10-29 09:15:49 +1000249.It Fl b Ar bits
Damien Miller450a7a12000-03-26 13:04:51 +1000250Specifies the number of bits in the key to create.
djm@openbsd.org933935c2015-07-03 03:49:45 +0000251For RSA keys, the minimum size is 1024 bits and the default is 2048 bits.
Damien Millerac7ef6a2005-06-16 13:19:06 +1000252Generally, 2048 bits is considered sufficient.
Darren Tucker9f647332005-11-28 16:41:46 +1100253DSA keys must be exactly 1024 bits as specified by FIPS 186-2.
Damien Millerad210322011-05-05 14:15:54 +1000254For ECDSA keys, the
255.Fl b
Damien Miller6232a162011-09-22 21:36:00 +1000256flag determines the key length by selecting from one of three elliptic
Damien Millerad210322011-05-05 14:15:54 +1000257curve sizes: 256, 384 or 521 bits.
258Attempting to use bit lengths other than these three values for ECDSA keys
259will fail.
sobrado@openbsd.orgf70b22b2014-08-30 15:33:50 +0000260Ed25519 keys have a fixed length and the
Damien Miller8ba0ead2013-12-18 17:46:27 +1100261.Fl b
262flag will be ignored.
Damien Miller265d3092005-03-02 12:05:06 +1100263.It Fl C Ar comment
264Provides a new comment.
Damien Miller32aa1441999-10-29 09:15:49 +1000265.It Fl c
266Requests changing the comment in the private and public key files.
jmc@openbsd.orgb6cf84b2016-06-16 06:10:45 +0000267This operation is only supported for RSA1 keys and keys stored in the
268newer OpenSSH format.
Damien Miller32aa1441999-10-29 09:15:49 +1000269The program will prompt for the file containing the private keys, for
Ben Lindstromaafff9c2001-05-06 03:01:02 +0000270the passphrase if the key has one, and for the new comment.
Damien Miller7ea845e2010-02-12 09:21:02 +1100271.It Fl D Ar pkcs11
Damien Millera7618442010-02-12 09:26:02 +1100272Download the RSA public keys provided by the PKCS#11 shared library
273.Ar pkcs11 .
Damien Miller757f34e2010-08-05 13:05:31 +1000274When used in combination with
275.Fl s ,
276this option indicates that a CA key resides in a PKCS#11 token (see the
277.Sx CERTIFICATES
278section for details).
djm@openbsd.org56d1c832014-12-21 22:27:55 +0000279.It Fl E Ar fingerprint_hash
280Specifies the hash algorithm used when displaying key fingerprints.
281Valid options are:
282.Dq md5
283and
284.Dq sha256 .
285The default is
286.Dq sha256 .
Ben Lindstrom5a707822001-04-22 17:15:46 +0000287.It Fl e
Ben Lindstrom46c264f2001-04-24 16:56:58 +0000288This option will read a private or public OpenSSH key file and
Damien Miller44b25042010-07-02 13:35:01 +1000289print to stdout the key in one of the formats specified by the
290.Fl m
291option.
292The default export format is
293.Dq RFC4716 .
Damien Millerea727282010-07-02 13:35:34 +1000294This option allows exporting OpenSSH keys for use by other programs, including
Damien Miller44b25042010-07-02 13:35:01 +1000295several commercial SSH implementations.
Damien Miller265d3092005-03-02 12:05:06 +1100296.It Fl F Ar hostname
297Search for the specified
298.Ar hostname
299in a
300.Pa known_hosts
301file, listing any occurrences found.
302This option is useful to find hashed host names or addresses and may also be
303used in conjunction with the
304.Fl H
305option to print found keys in a hashed format.
306.It Fl f Ar filename
307Specifies the filename of the key file.
308.It Fl G Ar output_file
309Generate candidate primes for DH-GEX.
310These primes must be screened for
311safety (using the
312.Fl T
313option) before use.
Damien Miller37876e92003-05-15 10:19:46 +1000314.It Fl g
Darren Tucker0b42e6d2004-08-13 21:22:40 +1000315Use generic DNS format when printing fingerprint resource records using the
Darren Tucker6e370372004-08-13 21:23:25 +1000316.Fl r
Darren Tucker0b42e6d2004-08-13 21:22:40 +1000317command.
Damien Miller265d3092005-03-02 12:05:06 +1100318.It Fl H
319Hash a
320.Pa known_hosts
Darren Tuckerda1adbc2005-03-14 23:15:58 +1100321file.
322This replaces all hostnames and addresses with hashed representations
323within the specified file; the original content is moved to a file with
324a .old suffix.
Damien Miller265d3092005-03-02 12:05:06 +1100325These hashes may be used normally by
326.Nm ssh
327and
328.Nm sshd ,
329but they do not reveal identifying information should the file's contents
330be disclosed.
331This option will not modify existing hashed hostnames and is therefore safe
332to use on files that mix hashed and non-hashed names.
Damien Miller0a80ca12010-02-27 07:55:05 +1100333.It Fl h
334When signing a key, create a host certificate instead of a user
335certificate.
336Please see the
337.Sx CERTIFICATES
338section for details.
Damien Miller15f5b562010-03-03 10:25:21 +1100339.It Fl I Ar certificate_identity
Damien Miller0a80ca12010-02-27 07:55:05 +1100340Specify the key identity when signing a public key.
341Please see the
342.Sx CERTIFICATES
343section for details.
Ben Lindstrom5a707822001-04-22 17:15:46 +0000344.It Fl i
345This option will read an unencrypted private (or public) key file
Damien Miller44b25042010-07-02 13:35:01 +1000346in the format specified by the
347.Fl m
348option and print an OpenSSH compatible private
Ben Lindstrom5a707822001-04-22 17:15:46 +0000349(or public) key to stdout.
Damien Miller43b156c2014-04-20 13:23:03 +1000350This option allows importing keys from other software, including several
351commercial SSH implementations.
352The default import format is
353.Dq RFC4716 .
Damien Millerdfceafe2012-07-06 13:44:19 +1000354.It Fl J Ar num_lines
355Exit after screening the specified number of lines
356while performing DH candidate screening using the
357.Fl T
358option.
359.It Fl j Ar start_line
360Start screening at the specified line number
361while performing DH candidate screening using the
362.Fl T
363option.
Damien Miller390d0562011-10-18 16:05:19 +1100364.It Fl K Ar checkpt
365Write the last line processed to the file
366.Ar checkpt
367while performing DH candidate screening using the
368.Fl T
369option.
370This will be used to skip lines in the input file that have already been
371processed if the job is restarted.
Damien Millerf3747bf2013-01-18 11:44:04 +1100372.It Fl k
373Generate a KRL file.
374In this mode,
375.Nm
376will generate a KRL file at the location specified via the
377.Fl f
Damien Miller881a7a22013-01-20 22:34:46 +1100378flag that revokes every key or certificate presented on the command line.
Damien Millerf3747bf2013-01-18 11:44:04 +1100379Keys/certificates to be revoked may be specified by public key file or
380using the format described in the
381.Sx KEY REVOCATION LISTS
382section.
Damien Millerf2b70ca2010-03-05 07:39:35 +1100383.It Fl L
djm@openbsd.org94bc0b72015-11-13 04:34:15 +0000384Prints the contents of one or more certificates.
Damien Miller10f6f6b1999-11-17 17:29:08 +1100385.It Fl l
Darren Tucker35c45532008-06-13 04:43:15 +1000386Show fingerprint of specified public key file.
Damien Millereb5fec62001-11-12 10:52:44 +1100387Private RSA1 keys are also supported.
388For RSA and DSA keys
389.Nm
Darren Tuckerf09e8252008-06-13 05:18:03 +1000390tries to find the matching public key file and prints its fingerprint.
391If combined with
392.Fl v ,
jmc@openbsd.org92838842016-05-03 18:38:12 +0000393a visual ASCII art representation of the key is supplied with the
djm@openbsd.orgcdcd9412016-05-03 14:54:08 +0000394fingerprint.
Damien Millerea727282010-07-02 13:35:34 +1000395.It Fl M Ar memory
396Specify the amount of memory to use (in megabytes) when generating
397candidate moduli for DH-GEX.
Damien Miller44b25042010-07-02 13:35:01 +1000398.It Fl m Ar key_format
399Specify a key format for the
400.Fl i
401(import) or
402.Fl e
Damien Millerea727282010-07-02 13:35:34 +1000403(export) conversion options.
Damien Miller44b25042010-07-02 13:35:01 +1000404The supported key formats are:
405.Dq RFC4716
Damien Millerea727282010-07-02 13:35:34 +1000406(RFC 4716/SSH2 public or private key),
Damien Miller44b25042010-07-02 13:35:01 +1000407.Dq PKCS8
408(PEM PKCS8 public key)
409or
410.Dq PEM
411(PEM public key).
412The default conversion format is
413.Dq RFC4716 .
Damien Miller265d3092005-03-02 12:05:06 +1100414.It Fl N Ar new_passphrase
415Provides the new passphrase.
Damien Miller0a80ca12010-02-27 07:55:05 +1100416.It Fl n Ar principals
417Specify one or more principals (user or host names) to be included in
418a certificate when signing a key.
419Multiple principals may be specified, separated by commas.
420Please see the
421.Sx CERTIFICATES
422section for details.
Damien Miller4e270b02010-04-16 15:56:21 +1000423.It Fl O Ar option
424Specify a certificate option when signing a key.
Damien Miller0a80ca12010-02-27 07:55:05 +1100425This option may be specified multiple times.
426Please see the
427.Sx CERTIFICATES
428section for details.
Damien Miller4e270b02010-04-16 15:56:21 +1000429The options that are valid for user certificates are:
Damien Miller0a80ca12010-02-27 07:55:05 +1100430.Bl -tag -width Ds
Damien Millerc59e2442010-03-22 05:50:31 +1100431.It Ic clear
432Clear all enabled permissions.
433This is useful for clearing the default set of permissions so permissions may
434be added individually.
435.It Ic force-command Ns = Ns Ar command
436Forces the execution of
437.Ar command
438instead of any shell or command specified by the user when
439the certificate is used for authentication.
Damien Miller0a80ca12010-02-27 07:55:05 +1100440.It Ic no-agent-forwarding
441Disable
442.Xr ssh-agent 1
Damien Miller15f5b562010-03-03 10:25:21 +1100443forwarding (permitted by default).
Damien Miller0a80ca12010-02-27 07:55:05 +1100444.It Ic no-port-forwarding
Damien Miller15f5b562010-03-03 10:25:21 +1100445Disable port forwarding (permitted by default).
Damien Miller0a80ca12010-02-27 07:55:05 +1100446.It Ic no-pty
Damien Miller15f5b562010-03-03 10:25:21 +1100447Disable PTY allocation (permitted by default).
Damien Miller0a80ca12010-02-27 07:55:05 +1100448.It Ic no-user-rc
449Disable execution of
450.Pa ~/.ssh/rc
451by
Damien Miller15f5b562010-03-03 10:25:21 +1100452.Xr sshd 8
453(permitted by default).
Damien Millerc59e2442010-03-22 05:50:31 +1100454.It Ic no-x11-forwarding
455Disable X11 forwarding (permitted by default).
Damien Miller081c9762010-03-08 11:30:00 +1100456.It Ic permit-agent-forwarding
457Allows
458.Xr ssh-agent 1
459forwarding.
Damien Miller0a80ca12010-02-27 07:55:05 +1100460.It Ic permit-port-forwarding
461Allows port forwarding.
462.It Ic permit-pty
463Allows PTY allocation.
464.It Ic permit-user-rc
465Allows execution of
466.Pa ~/.ssh/rc
467by
468.Xr sshd 8 .
Damien Millerc59e2442010-03-22 05:50:31 +1100469.It Ic permit-x11-forwarding
470Allows X11 forwarding.
471.It Ic source-address Ns = Ns Ar address_list
Damien Miller77497e12010-03-22 05:50:51 +1100472Restrict the source addresses from which the certificate is considered valid.
Damien Miller0a80ca12010-02-27 07:55:05 +1100473The
474.Ar address_list
475is a comma-separated list of one or more address/netmask pairs in CIDR
476format.
477.El
478.Pp
Damien Miller4e270b02010-04-16 15:56:21 +1000479At present, no options are valid for host keys.
Damien Miller4f752cf2013-12-18 17:45:35 +1100480.It Fl o
481Causes
482.Nm
jmc@openbsd.orga685ae82016-02-17 07:38:19 +0000483to save private keys using the new OpenSSH format rather than
Damien Miller4f752cf2013-12-18 17:45:35 +1100484the more compatible PEM format.
485The new format has increased resistance to brute-force password cracking
486but is not supported by versions of OpenSSH prior to 6.5.
487Ed25519 keys always use the new private key format.
Damien Miller265d3092005-03-02 12:05:06 +1100488.It Fl P Ar passphrase
489Provides the (old) passphrase.
Damien Miller32aa1441999-10-29 09:15:49 +1000490.It Fl p
491Requests changing the passphrase of a private key file instead of
Damien Miller450a7a12000-03-26 13:04:51 +1000492creating a new private key.
493The program will prompt for the file
Damien Miller32aa1441999-10-29 09:15:49 +1000494containing the private key, for the old passphrase, and twice for the
495new passphrase.
Damien Miller072fdcd2013-01-20 22:34:04 +1100496.It Fl Q
497Test whether keys have been revoked in a KRL.
Damien Miller32aa1441999-10-29 09:15:49 +1000498.It Fl q
499Silence
500.Nm ssh-keygen .
Damien Miller4b42d7f2005-03-01 21:48:35 +1100501.It Fl R Ar hostname
502Removes all keys belonging to
503.Ar hostname
Damien Miller4c9c6fd2005-03-02 12:03:43 +1100504from a
Damien Miller4b42d7f2005-03-01 21:48:35 +1100505.Pa known_hosts
506file.
Damien Miller4c9c6fd2005-03-02 12:03:43 +1100507This option is useful to delete hashed hosts (see the
Damien Miller4b42d7f2005-03-01 21:48:35 +1100508.Fl H
509option above).
Damien Miller265d3092005-03-02 12:05:06 +1100510.It Fl r Ar hostname
511Print the SSHFP fingerprint resource record named
512.Ar hostname
513for the specified public key file.
Darren Tucker019cefe2003-08-02 22:40:07 +1000514.It Fl S Ar start
515Specify start point (in hex) when generating candidate moduli for DH-GEX.
Damien Miller0a80ca12010-02-27 07:55:05 +1100516.It Fl s Ar ca_key
517Certify (sign) a public key using the specified CA key.
518Please see the
519.Sx CERTIFICATES
520section for details.
Damien Millerf3747bf2013-01-18 11:44:04 +1100521.Pp
522When generating a KRL,
523.Fl s
Damien Millerac5542b2013-01-20 22:33:02 +1100524specifies a path to a CA public key file used to revoke certificates directly
Damien Millerf3747bf2013-01-18 11:44:04 +1100525by key ID or serial number.
526See the
527.Sx KEY REVOCATION LISTS
528section for details.
Darren Tucker019cefe2003-08-02 22:40:07 +1000529.It Fl T Ar output_file
530Test DH group exchange candidate primes (generated using the
531.Fl G
532option) for safety.
Damien Millerf0858de2014-04-20 13:01:30 +1000533.It Fl t Cm dsa | ecdsa | ed25519 | rsa | rsa1
Damien Miller265d3092005-03-02 12:05:06 +1100534Specifies the type of key to create.
535The possible values are
536.Dq rsa1
537for protocol version 1 and
Damien Miller6186bbc2010-09-24 22:00:54 +1000538.Dq dsa ,
Damien Miller8ba0ead2013-12-18 17:46:27 +1100539.Dq ecdsa ,
540.Dq ed25519 ,
Damien Miller265d3092005-03-02 12:05:06 +1100541or
Damien Miller6186bbc2010-09-24 22:00:54 +1000542.Dq rsa
Damien Miller265d3092005-03-02 12:05:06 +1100543for protocol version 2.
Damien Millerac5542b2013-01-20 22:33:02 +1100544.It Fl u
545Update a KRL.
546When specified with
547.Fl k ,
Damien Miller881a7a22013-01-20 22:34:46 +1100548keys listed via the command line are added to the existing KRL rather than
Damien Millerac5542b2013-01-20 22:33:02 +1100549a new KRL being created.
Damien Miller0a80ca12010-02-27 07:55:05 +1100550.It Fl V Ar validity_interval
551Specify a validity interval when signing a certificate.
552A validity interval may consist of a single time, indicating that the
553certificate is valid beginning now and expiring at that time, or may consist
554of two times separated by a colon to indicate an explicit time interval.
555The start time may be specified as a date in YYYYMMDD format, a time
556in YYYYMMDDHHMMSS format or a relative time (to the current time) consisting
557of a minus sign followed by a relative time in the format described in the
Damien Millerfecfd112013-07-18 16:11:50 +1000558TIME FORMATS section of
Damien Miller77497e12010-03-22 05:50:51 +1100559.Xr sshd_config 5 .
Damien Miller0a80ca12010-02-27 07:55:05 +1100560The end time may be specified as a YYYYMMDD date, a YYYYMMDDHHMMSS time or
561a relative time starting with a plus character.
562.Pp
563For example:
564.Dq +52w1d
565(valid from now to 52 weeks and one day from now),
566.Dq -4w:+4w
567(valid from four weeks ago to four weeks from now),
568.Dq 20100101123000:20110101123000
569(valid from 12:30 PM, January 1st, 2010 to 12:30 PM, January 1st, 2011),
570.Dq -1d:20110101
571(valid from yesterday to midnight, January 1st, 2011).
Darren Tucker06930c72003-12-31 11:34:51 +1100572.It Fl v
573Verbose mode.
574Causes
575.Nm
576to print debugging messages about its progress.
577This is helpful for debugging moduli generation.
578Multiple
579.Fl v
580options increase the verbosity.
581The maximum is 3.
Damien Miller265d3092005-03-02 12:05:06 +1100582.It Fl W Ar generator
583Specify desired generator when testing candidate moduli for DH-GEX.
584.It Fl y
585This option will read a private
586OpenSSH format file and print an OpenSSH public key to stdout.
Damien Miller4e270b02010-04-16 15:56:21 +1000587.It Fl z Ar serial_number
588Specifies a serial number to be embedded in the certificate to distinguish
589this certificate from others from the same CA.
590The default serial number is zero.
Damien Millerf3747bf2013-01-18 11:44:04 +1100591.Pp
592When generating a KRL, the
593.Fl z
594flag is used to specify a KRL version number.
Damien Miller32aa1441999-10-29 09:15:49 +1000595.El
Darren Tucker019cefe2003-08-02 22:40:07 +1000596.Sh MODULI GENERATION
597.Nm
598may be used to generate groups for the Diffie-Hellman Group Exchange
599(DH-GEX) protocol.
600Generating these groups is a two-step process: first, candidate
601primes are generated using a fast, but memory intensive process.
602These candidate primes are then tested for suitability (a CPU-intensive
603process).
604.Pp
605Generation of primes is performed using the
606.Fl G
607option.
608The desired length of the primes may be specified by the
609.Fl b
610option.
611For example:
612.Pp
Damien Miller265d3092005-03-02 12:05:06 +1100613.Dl # ssh-keygen -G moduli-2048.candidates -b 2048
Darren Tucker019cefe2003-08-02 22:40:07 +1000614.Pp
615By default, the search for primes begins at a random point in the
616desired length range.
617This may be overridden using the
618.Fl S
619option, which specifies a different start point (in hex).
620.Pp
Damien Millerdfceafe2012-07-06 13:44:19 +1000621Once a set of candidates have been generated, they must be screened for
Darren Tucker019cefe2003-08-02 22:40:07 +1000622suitability.
623This may be performed using the
624.Fl T
625option.
626In this mode
627.Nm
628will read candidates from standard input (or a file specified using the
629.Fl f
630option).
631For example:
632.Pp
Damien Miller265d3092005-03-02 12:05:06 +1100633.Dl # ssh-keygen -T moduli-2048 -f moduli-2048.candidates
Darren Tucker019cefe2003-08-02 22:40:07 +1000634.Pp
635By default, each candidate will be subjected to 100 primality tests.
636This may be overridden using the
637.Fl a
638option.
639The DH generator value will be chosen automatically for the
640prime under consideration.
641If a specific generator is desired, it may be requested using the
642.Fl W
643option.
Damien Miller265d3092005-03-02 12:05:06 +1100644Valid generator values are 2, 3, and 5.
Darren Tucker019cefe2003-08-02 22:40:07 +1000645.Pp
646Screened DH groups may be installed in
647.Pa /etc/moduli .
648It is important that this file contains moduli of a range of bit lengths and
649that both ends of a connection share common moduli.
Damien Miller0a80ca12010-02-27 07:55:05 +1100650.Sh CERTIFICATES
651.Nm
652supports signing of keys to produce certificates that may be used for
653user or host authentication.
654Certificates consist of a public key, some identity information, zero or
Damien Miller1f181422010-04-18 08:08:03 +1000655more principal (user or host) names and a set of options that
Damien Miller0a80ca12010-02-27 07:55:05 +1100656are signed by a Certification Authority (CA) key.
657Clients or servers may then trust only the CA key and verify its signature
658on a certificate rather than trusting many user/host keys.
659Note that OpenSSH certificates are a different, and much simpler, format to
660the X.509 certificates used in
661.Xr ssl 8 .
662.Pp
663.Nm
664supports two types of certificates: user and host.
665User certificates authenticate users to servers, whereas host certificates
Damien Miller15f5b562010-03-03 10:25:21 +1100666authenticate server hosts to users.
667To generate a user certificate:
Damien Miller0a80ca12010-02-27 07:55:05 +1100668.Pp
669.Dl $ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub
670.Pp
671The resultant certificate will be placed in
Damien Miller1b61a282010-03-22 05:55:06 +1100672.Pa /path/to/user_key-cert.pub .
Damien Miller0a80ca12010-02-27 07:55:05 +1100673A host certificate requires the
674.Fl h
675option:
676.Pp
677.Dl $ ssh-keygen -s /path/to/ca_key -I key_id -h /path/to/host_key.pub
678.Pp
679The host certificate will be output to
Damien Miller1b61a282010-03-22 05:55:06 +1100680.Pa /path/to/host_key-cert.pub .
Damien Miller757f34e2010-08-05 13:05:31 +1000681.Pp
682It is possible to sign using a CA key stored in a PKCS#11 token by
683providing the token library using
684.Fl D
685and identifying the CA key by providing its public half as an argument
686to
687.Fl s :
688.Pp
naddy@openbsd.org05291e52015-08-20 19:20:06 +0000689.Dl $ ssh-keygen -s ca_key.pub -D libpkcs11.so -I key_id user_key.pub
Damien Miller757f34e2010-08-05 13:05:31 +1000690.Pp
691In all cases,
Damien Miller0a80ca12010-02-27 07:55:05 +1100692.Ar key_id
693is a "key identifier" that is logged by the server when the certificate
694is used for authentication.
695.Pp
696Certificates may be limited to be valid for a set of principal (user/host)
697names.
698By default, generated certificates are valid for all users or hosts.
699To generate a certificate for a specified set of principals:
700.Pp
701.Dl $ ssh-keygen -s ca_key -I key_id -n user1,user2 user_key.pub
naddy@openbsd.org05291e52015-08-20 19:20:06 +0000702.Dl "$ ssh-keygen -s ca_key -I key_id -h -n host.domain host_key.pub"
Damien Miller0a80ca12010-02-27 07:55:05 +1100703.Pp
704Additional limitations on the validity and use of user certificates may
Damien Miller1f181422010-04-18 08:08:03 +1000705be specified through certificate options.
Damien Miller4e270b02010-04-16 15:56:21 +1000706A certificate option may disable features of the SSH session, may be
Damien Miller0a80ca12010-02-27 07:55:05 +1100707valid only when presented from particular source addresses or may
708force the use of a specific command.
Damien Miller4e270b02010-04-16 15:56:21 +1000709For a list of valid certificate options, see the documentation for the
Damien Miller0a80ca12010-02-27 07:55:05 +1100710.Fl O
711option above.
712.Pp
713Finally, certificates may be defined with a validity lifetime.
714The
715.Fl V
716option allows specification of certificate start and end times.
717A certificate that is presented at a time outside this range will not be
718considered valid.
Darren Tucker3ee50c52012-09-06 21:18:11 +1000719By default, certificates are valid from
720.Ux
721Epoch to the distant future.
Damien Miller0a80ca12010-02-27 07:55:05 +1100722.Pp
723For certificates to be used for user or host authentication, the CA
724public key must be trusted by
725.Xr sshd 8
726or
727.Xr ssh 1 .
728Please refer to those manual pages for details.
Damien Millerf3747bf2013-01-18 11:44:04 +1100729.Sh KEY REVOCATION LISTS
730.Nm
731is able to manage OpenSSH format Key Revocation Lists (KRLs).
732These binary files specify keys or certificates to be revoked using a
Damien Miller13797712013-12-29 17:47:14 +1100733compact format, taking as little as one bit per certificate if they are being
Damien Millerf3747bf2013-01-18 11:44:04 +1100734revoked by serial number.
735.Pp
736KRLs may be generated using the
737.Fl k
738flag.
Damien Miller881a7a22013-01-20 22:34:46 +1100739This option reads one or more files from the command line and generates a new
Damien Millerf3747bf2013-01-18 11:44:04 +1100740KRL.
741The files may either contain a KRL specification (see below) or public keys,
742listed one per line.
743Plain public keys are revoked by listing their hash or contents in the KRL and
744certificates revoked by serial number or key ID (if the serial is zero or
745not available).
746.Pp
747Revoking keys using a KRL specification offers explicit control over the
748types of record used to revoke keys and may be used to directly revoke
749certificates by serial number or key ID without having the complete original
750certificate on hand.
751A KRL specification consists of lines containing one of the following directives
752followed by a colon and some directive-specific information.
753.Bl -tag -width Ds
Damien Millera0a7ee82013-01-20 22:35:06 +1100754.It Cm serial : Ar serial_number Ns Op - Ns Ar serial_number
Damien Millerf3747bf2013-01-18 11:44:04 +1100755Revokes a certificate with the specified serial number.
Damien Millerac5542b2013-01-20 22:33:02 +1100756Serial numbers are 64-bit values, not including zero and may be expressed
Damien Millerf3747bf2013-01-18 11:44:04 +1100757in decimal, hex or octal.
758If two serial numbers are specified separated by a hyphen, then the range
759of serial numbers including and between each is revoked.
760The CA key must have been specified on the
761.Nm
Damien Miller881a7a22013-01-20 22:34:46 +1100762command line using the
Damien Millerf3747bf2013-01-18 11:44:04 +1100763.Fl s
764option.
765.It Cm id : Ar key_id
766Revokes a certificate with the specified key ID string.
767The CA key must have been specified on the
768.Nm
Damien Miller881a7a22013-01-20 22:34:46 +1100769command line using the
Damien Millerf3747bf2013-01-18 11:44:04 +1100770.Fl s
771option.
772.It Cm key : Ar public_key
773Revokes the specified key.
Damien Millerac5542b2013-01-20 22:33:02 +1100774If a certificate is listed, then it is revoked as a plain public key.
Damien Millerf3747bf2013-01-18 11:44:04 +1100775.It Cm sha1 : Ar public_key
776Revokes the specified key by its SHA1 hash.
777.El
778.Pp
779KRLs may be updated using the
780.Fl u
781flag in addition to
782.Fl k .
Damien Miller881a7a22013-01-20 22:34:46 +1100783When this option is specified, keys listed via the command line are merged into
Damien Millerf3747bf2013-01-18 11:44:04 +1100784the KRL, adding to those already there.
785.Pp
786It is also possible, given a KRL, to test whether it revokes a particular key
787(or keys).
788The
789.Fl Q
jmc@openbsd.org8b290082015-11-05 09:48:05 +0000790flag will query an existing KRL, testing each key specified on the command line.
Damien Miller881a7a22013-01-20 22:34:46 +1100791If any key listed on the command line has been revoked (or an error encountered)
Damien Millerf3747bf2013-01-18 11:44:04 +1100792then
793.Nm
794will exit with a non-zero exit status.
795A zero exit status will only be returned if no key was revoked.
Damien Miller32aa1441999-10-29 09:15:49 +1000796.Sh FILES
Damien Miller6186bbc2010-09-24 22:00:54 +1000797.Bl -tag -width Ds -compact
Damien Miller167ea5d2005-05-26 12:04:02 +1000798.It Pa ~/.ssh/identity
Ben Lindstrom18a82ac2001-04-11 15:59:35 +0000799Contains the protocol version 1 RSA authentication identity of the user.
Damien Miller450a7a12000-03-26 13:04:51 +1000800This file should not be readable by anyone but the user.
801It is possible to
Damien Miller32aa1441999-10-29 09:15:49 +1000802specify a passphrase when generating the key; that passphrase will be
Damien Miller6186bbc2010-09-24 22:00:54 +1000803used to encrypt the private part of this file using 3DES.
Damien Miller450a7a12000-03-26 13:04:51 +1000804This file is not automatically accessed by
Damien Miller32aa1441999-10-29 09:15:49 +1000805.Nm
806but it is offered as the default file for the private key.
Ben Lindstrombda98b02001-07-04 03:35:24 +0000807.Xr ssh 1
Damien Millere247cc42000-05-07 12:03:14 +1000808will read this file when a login attempt is made.
Damien Miller6186bbc2010-09-24 22:00:54 +1000809.Pp
Damien Miller167ea5d2005-05-26 12:04:02 +1000810.It Pa ~/.ssh/identity.pub
Ben Lindstrom18a82ac2001-04-11 15:59:35 +0000811Contains the protocol version 1 RSA public key for authentication.
Damien Miller450a7a12000-03-26 13:04:51 +1000812The contents of this file should be added to
Damien Miller167ea5d2005-05-26 12:04:02 +1000813.Pa ~/.ssh/authorized_keys
Damien Miller32aa1441999-10-29 09:15:49 +1000814on all machines
Ben Lindstrom594e2032001-09-12 18:35:30 +0000815where the user wishes to log in using RSA authentication.
Damien Miller450a7a12000-03-26 13:04:51 +1000816There is no need to keep the contents of this file secret.
Damien Miller6186bbc2010-09-24 22:00:54 +1000817.Pp
Damien Miller167ea5d2005-05-26 12:04:02 +1000818.It Pa ~/.ssh/id_dsa
Damien Miller6186bbc2010-09-24 22:00:54 +1000819.It Pa ~/.ssh/id_ecdsa
Damien Miller8ba0ead2013-12-18 17:46:27 +1100820.It Pa ~/.ssh/id_ed25519
Damien Miller167ea5d2005-05-26 12:04:02 +1000821.It Pa ~/.ssh/id_rsa
sobrado@openbsd.orgf70b22b2014-08-30 15:33:50 +0000822Contains the protocol version 2 DSA, ECDSA, Ed25519 or RSA
Damien Miller8ba0ead2013-12-18 17:46:27 +1100823authentication identity of the user.
Ben Lindstrom18a82ac2001-04-11 15:59:35 +0000824This file should not be readable by anyone but the user.
825It is possible to
826specify a passphrase when generating the key; that passphrase will be
Darren Tucker199ee6f2009-10-24 11:50:17 +1100827used to encrypt the private part of this file using 128-bit AES.
Ben Lindstrom18a82ac2001-04-11 15:59:35 +0000828This file is not automatically accessed by
829.Nm
830but it is offered as the default file for the private key.
Ben Lindstrombda98b02001-07-04 03:35:24 +0000831.Xr ssh 1
Ben Lindstrom18a82ac2001-04-11 15:59:35 +0000832will read this file when a login attempt is made.
Damien Miller6186bbc2010-09-24 22:00:54 +1000833.Pp
834.It Pa ~/.ssh/id_dsa.pub
835.It Pa ~/.ssh/id_ecdsa.pub
Damien Miller8ba0ead2013-12-18 17:46:27 +1100836.It Pa ~/.ssh/id_ed25519.pub
Damien Miller167ea5d2005-05-26 12:04:02 +1000837.It Pa ~/.ssh/id_rsa.pub
sobrado@openbsd.orgf70b22b2014-08-30 15:33:50 +0000838Contains the protocol version 2 DSA, ECDSA, Ed25519 or RSA
Damien Miller8ba0ead2013-12-18 17:46:27 +1100839public key for authentication.
Damien Millere247cc42000-05-07 12:03:14 +1000840The contents of this file should be added to
Damien Miller167ea5d2005-05-26 12:04:02 +1000841.Pa ~/.ssh/authorized_keys
Damien Millere247cc42000-05-07 12:03:14 +1000842on all machines
Ben Lindstrom594e2032001-09-12 18:35:30 +0000843where the user wishes to log in using public key authentication.
Damien Millere247cc42000-05-07 12:03:14 +1000844There is no need to keep the contents of this file secret.
Damien Miller6186bbc2010-09-24 22:00:54 +1000845.Pp
Darren Tucker019cefe2003-08-02 22:40:07 +1000846.It Pa /etc/moduli
847Contains Diffie-Hellman groups used for DH-GEX.
848The file format is described in
849.Xr moduli 5 .
Damien Miller37023962000-07-11 17:31:38 +1000850.El
Damien Miller32aa1441999-10-29 09:15:49 +1000851.Sh SEE ALSO
852.Xr ssh 1 ,
853.Xr ssh-add 1 ,
Damien Miller2e8b1c81999-11-15 23:33:56 +1100854.Xr ssh-agent 1 ,
Darren Tucker019cefe2003-08-02 22:40:07 +1000855.Xr moduli 5 ,
Ben Lindstrom77788dc2001-02-10 23:10:33 +0000856.Xr sshd 8
Ben Lindstrom5a707822001-04-22 17:15:46 +0000857.Rs
Damien Millerc0367fb2007-01-05 16:25:46 +1100858.%R RFC 4716
859.%T "The Secure Shell (SSH) Public Key File Format"
860.%D 2006
Ben Lindstrom5a707822001-04-22 17:15:46 +0000861.Re
Damien Millerf1ce5052003-06-11 22:04:39 +1000862.Sh AUTHORS
863OpenSSH is a derivative of the original and free
864ssh 1.2.12 release by Tatu Ylonen.
865Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
866Theo de Raadt and Dug Song
867removed many bugs, re-added newer features and
868created OpenSSH.
869Markus Friedl contributed the support for SSH
870protocol versions 1.5 and 2.0.