blob: 723a0162e9aa16db75de7d4e8974d7e3632db4d9 [file] [log] [blame]
Damien Miller43b156c2014-04-20 13:23:03 +10001.\" $OpenBSD: ssh-keygen.1,v 1.122 2014/03/31 13:39:34 jmc Exp $
Damien Miller32aa1441999-10-29 09:15:49 +10002.\"
Damien Miller32aa1441999-10-29 09:15:49 +10003.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
Damien Miller32aa1441999-10-29 09:15:49 +10004.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5.\" All rights reserved
6.\"
Damien Millere4340be2000-09-16 13:29:08 +11007.\" As far as I am concerned, the code I have written for this software
8.\" can be used freely for any purpose. Any derived versions of this
9.\" software must be clearly marked as such, and if the derived work is
10.\" incompatible with the protocol description in the RFC file, it must be
11.\" called by a name other than "ssh" or "Secure Shell".
Damien Miller32aa1441999-10-29 09:15:49 +100012.\"
Damien Millere4340be2000-09-16 13:29:08 +110013.\"
Ben Lindstrom92a2e382001-03-05 06:59:27 +000014.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
15.\" Copyright (c) 1999 Aaron Campbell. All rights reserved.
16.\" Copyright (c) 1999 Theo de Raadt. All rights reserved.
Damien Millere4340be2000-09-16 13:29:08 +110017.\"
18.\" Redistribution and use in source and binary forms, with or without
19.\" modification, are permitted provided that the following conditions
20.\" are met:
21.\" 1. Redistributions of source code must retain the above copyright
22.\" notice, this list of conditions and the following disclaimer.
23.\" 2. Redistributions in binary form must reproduce the above copyright
24.\" notice, this list of conditions and the following disclaimer in the
25.\" documentation and/or other materials provided with the distribution.
26.\"
27.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
28.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
29.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
30.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
31.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
32.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
33.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
34.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
35.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
36.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Damien Miller32aa1441999-10-29 09:15:49 +100037.\"
Damien Miller43b156c2014-04-20 13:23:03 +100038.Dd $Mdocdate: March 31 2014 $
Damien Miller32aa1441999-10-29 09:15:49 +100039.Dt SSH-KEYGEN 1
40.Os
41.Sh NAME
42.Nm ssh-keygen
Ben Lindstrom5a707822001-04-22 17:15:46 +000043.Nd authentication key generation, management and conversion
Damien Miller32aa1441999-10-29 09:15:49 +100044.Sh SYNOPSIS
Damien Miller495dca32003-04-01 21:42:14 +100045.Bk -words
Damien Millerbad5e032010-07-16 13:59:59 +100046.Nm ssh-keygen
Damien Miller0bc1bd82000-11-13 22:57:25 +110047.Op Fl q
Damien Miller32aa1441999-10-29 09:15:49 +100048.Op Fl b Ar bits
Damien Millerf0858de2014-04-20 13:01:30 +100049.Op Fl t Cm dsa | ecdsa | ed25519 | rsa | rsa1
Damien Miller32aa1441999-10-29 09:15:49 +100050.Op Fl N Ar new_passphrase
51.Op Fl C Ar comment
Damien Miller1a425f32000-09-02 10:08:09 +110052.Op Fl f Ar output_keyfile
Damien Miller32aa1441999-10-29 09:15:49 +100053.Nm ssh-keygen
54.Fl p
55.Op Fl P Ar old_passphrase
56.Op Fl N Ar new_passphrase
Damien Miller10f6f6b1999-11-17 17:29:08 +110057.Op Fl f Ar keyfile
Damien Miller32aa1441999-10-29 09:15:49 +100058.Nm ssh-keygen
Ben Lindstrom5a707822001-04-22 17:15:46 +000059.Fl i
Damien Miller44b25042010-07-02 13:35:01 +100060.Op Fl m Ar key_format
Damien Miller1a425f32000-09-02 10:08:09 +110061.Op Fl f Ar input_keyfile
Damien Millere247cc42000-05-07 12:03:14 +100062.Nm ssh-keygen
Ben Lindstrom5a707822001-04-22 17:15:46 +000063.Fl e
Damien Miller44b25042010-07-02 13:35:01 +100064.Op Fl m Ar key_format
Damien Miller1a425f32000-09-02 10:08:09 +110065.Op Fl f Ar input_keyfile
Damien Millere247cc42000-05-07 12:03:14 +100066.Nm ssh-keygen
67.Fl y
Damien Miller1a425f32000-09-02 10:08:09 +110068.Op Fl f Ar input_keyfile
Damien Millere247cc42000-05-07 12:03:14 +100069.Nm ssh-keygen
Damien Miller32aa1441999-10-29 09:15:49 +100070.Fl c
71.Op Fl P Ar passphrase
72.Op Fl C Ar comment
Damien Miller10f6f6b1999-11-17 17:29:08 +110073.Op Fl f Ar keyfile
74.Nm ssh-keygen
75.Fl l
Ben Lindstrom8fd372b2001-03-12 03:02:17 +000076.Op Fl f Ar input_keyfile
77.Nm ssh-keygen
78.Fl B
Damien Miller1a425f32000-09-02 10:08:09 +110079.Op Fl f Ar input_keyfile
Ben Lindstroma1ec4a92001-08-06 21:51:34 +000080.Nm ssh-keygen
Damien Miller048dc932010-02-12 09:22:04 +110081.Fl D Ar pkcs11
Ben Lindstroma1ec4a92001-08-06 21:51:34 +000082.Nm ssh-keygen
Damien Miller4b42d7f2005-03-01 21:48:35 +110083.Fl F Ar hostname
84.Op Fl f Ar known_hosts_file
Damien Miller718ed502008-11-03 19:15:20 +110085.Op Fl l
Damien Miller4b42d7f2005-03-01 21:48:35 +110086.Nm ssh-keygen
87.Fl H
88.Op Fl f Ar known_hosts_file
89.Nm ssh-keygen
90.Fl R Ar hostname
91.Op Fl f Ar known_hosts_file
92.Nm ssh-keygen
Damien Miller37876e92003-05-15 10:19:46 +100093.Fl r Ar hostname
94.Op Fl f Ar input_keyfile
95.Op Fl g
Darren Tucker019cefe2003-08-02 22:40:07 +100096.Nm ssh-keygen
97.Fl G Ar output_file
Darren Tucker06930c72003-12-31 11:34:51 +110098.Op Fl v
Darren Tucker019cefe2003-08-02 22:40:07 +100099.Op Fl b Ar bits
100.Op Fl M Ar memory
101.Op Fl S Ar start_point
102.Nm ssh-keygen
103.Fl T Ar output_file
104.Fl f Ar input_file
Darren Tucker06930c72003-12-31 11:34:51 +1100105.Op Fl v
Damien Miller4f752cf2013-12-18 17:45:35 +1100106.Op Fl a Ar rounds
Damien Millerdfceafe2012-07-06 13:44:19 +1000107.Op Fl J Ar num_lines
108.Op Fl j Ar start_line
Damien Miller390d0562011-10-18 16:05:19 +1100109.Op Fl K Ar checkpt
Darren Tucker019cefe2003-08-02 22:40:07 +1000110.Op Fl W Ar generator
Damien Miller0a80ca12010-02-27 07:55:05 +1100111.Nm ssh-keygen
112.Fl s Ar ca_key
113.Fl I Ar certificate_identity
114.Op Fl h
115.Op Fl n Ar principals
Damien Miller4e270b02010-04-16 15:56:21 +1000116.Op Fl O Ar option
Damien Miller0a80ca12010-02-27 07:55:05 +1100117.Op Fl V Ar validity_interval
Damien Miller4e270b02010-04-16 15:56:21 +1000118.Op Fl z Ar serial_number
Damien Miller0a80ca12010-02-27 07:55:05 +1100119.Ar
Damien Millerf2b70ca2010-03-05 07:39:35 +1100120.Nm ssh-keygen
Damien Millerf2b70ca2010-03-05 07:39:35 +1100121.Fl L
122.Op Fl f Ar input_keyfile
Damien Miller58f1baf2011-05-05 14:06:15 +1000123.Nm ssh-keygen
124.Fl A
Damien Millerf3747bf2013-01-18 11:44:04 +1100125.Nm ssh-keygen
126.Fl k
127.Fl f Ar krl_file
128.Op Fl u
Damien Millerac5542b2013-01-20 22:33:02 +1100129.Op Fl s Ar ca_public
130.Op Fl z Ar version_number
Damien Millerf3747bf2013-01-18 11:44:04 +1100131.Ar
132.Nm ssh-keygen
133.Fl Q
134.Fl f Ar krl_file
135.Ar
Damien Miller15f5b562010-03-03 10:25:21 +1100136.Ek
Damien Miller22c77262000-04-13 12:26:34 +1000137.Sh DESCRIPTION
Damien Miller32aa1441999-10-29 09:15:49 +1000138.Nm
Ben Lindstrom5a707822001-04-22 17:15:46 +0000139generates, manages and converts authentication keys for
Damien Miller32aa1441999-10-29 09:15:49 +1000140.Xr ssh 1 .
Damien Millere247cc42000-05-07 12:03:14 +1000141.Nm
Damien Miller8ba0ead2013-12-18 17:46:27 +1100142can create RSA keys for use by SSH protocol version 1 and
143DSA, ECDSA, ED25519 or RSA keys for use by SSH protocol version 2.
Damien Millerfbf486b2003-05-23 18:44:23 +1000144The type of key to be generated is specified with the
Damien Miller0bc1bd82000-11-13 22:57:25 +1100145.Fl t
Damien Millera41c8b12002-01-22 23:05:08 +1100146option.
Damien Millerf14be5c2005-11-05 15:15:49 +1100147If invoked without any arguments,
148.Nm
Damien Miller83d0d392005-11-05 15:16:27 +1100149will generate an RSA key for use in SSH protocol 2 connections.
Damien Millere247cc42000-05-07 12:03:14 +1000150.Pp
Darren Tucker019cefe2003-08-02 22:40:07 +1000151.Nm
152is also used to generate groups for use in Diffie-Hellman group
153exchange (DH-GEX).
154See the
155.Sx MODULI GENERATION
156section for details.
157.Pp
Damien Millerf3747bf2013-01-18 11:44:04 +1100158Finally,
159.Nm
160can be used to generate and update Key Revocation Lists, and to test whether
Damien Millerac5542b2013-01-20 22:33:02 +1100161given keys have been revoked by one.
162See the
Damien Millerf3747bf2013-01-18 11:44:04 +1100163.Sx KEY REVOCATION LISTS
164section for details.
165.Pp
Damien Miller32aa1441999-10-29 09:15:49 +1000166Normally each user wishing to use SSH
Damien Millereb8b60e2010-08-31 22:41:14 +1000167with public key authentication runs this once to create the authentication
Damien Miller32aa1441999-10-29 09:15:49 +1000168key in
Damien Miller167ea5d2005-05-26 12:04:02 +1000169.Pa ~/.ssh/identity ,
Damien Miller8ba0ead2013-12-18 17:46:27 +1100170.Pa ~/.ssh/id_dsa ,
Damien Millereb8b60e2010-08-31 22:41:14 +1000171.Pa ~/.ssh/id_ecdsa ,
Damien Miller8ba0ead2013-12-18 17:46:27 +1100172.Pa ~/.ssh/id_ed25519
Damien Millere247cc42000-05-07 12:03:14 +1000173or
Damien Miller167ea5d2005-05-26 12:04:02 +1000174.Pa ~/.ssh/id_rsa .
Damien Millere247cc42000-05-07 12:03:14 +1000175Additionally, the system administrator may use this to generate host keys,
176as seen in
177.Pa /etc/rc .
Damien Miller32aa1441999-10-29 09:15:49 +1000178.Pp
179Normally this program generates the key and asks for a file in which
Damien Miller450a7a12000-03-26 13:04:51 +1000180to store the private key.
181The public key is stored in a file with the same name but
Damien Miller32aa1441999-10-29 09:15:49 +1000182.Dq .pub
Damien Miller450a7a12000-03-26 13:04:51 +1000183appended.
184The program also asks for a passphrase.
185The passphrase may be empty to indicate no passphrase
Ben Lindstrombf555ba2001-01-18 02:04:35 +0000186(host keys must have an empty passphrase), or it may be a string of
Damien Miller450a7a12000-03-26 13:04:51 +1000187arbitrary length.
Ben Lindstrom4e366d52001-12-06 16:43:21 +0000188A passphrase is similar to a password, except it can be a phrase with a
189series of words, punctuation, numbers, whitespace, or any string of
190characters you want.
191Good passphrases are 10-30 characters long, are
Damien Miller32aa1441999-10-29 09:15:49 +1000192not simple sentences or otherwise easily guessable (English
Ben Lindstrom2a097a42001-06-09 01:13:40 +0000193prose has only 1-2 bits of entropy per character, and provides very bad
Ben Lindstrom4e366d52001-12-06 16:43:21 +0000194passphrases), and contain a mix of upper and lowercase letters,
195numbers, and non-alphanumeric characters.
Damien Miller450a7a12000-03-26 13:04:51 +1000196The passphrase can be changed later by using the
Damien Miller32aa1441999-10-29 09:15:49 +1000197.Fl p
198option.
199.Pp
Damien Miller450a7a12000-03-26 13:04:51 +1000200There is no way to recover a lost passphrase.
Damien Miller085c90f2011-05-05 14:15:33 +1000201If the passphrase is lost or forgotten, a new key must be generated
202and the corresponding public key copied to other machines.
Damien Miller32aa1441999-10-29 09:15:49 +1000203.Pp
Ben Lindstrom5a707822001-04-22 17:15:46 +0000204For RSA1 keys,
205there is also a comment field in the key file that is only for
Damien Miller450a7a12000-03-26 13:04:51 +1000206convenience to the user to help identify the key.
207The comment can tell what the key is for, or whatever is useful.
208The comment is initialized to
Damien Miller32aa1441999-10-29 09:15:49 +1000209.Dq user@host
210when the key is created, but can be changed using the
211.Fl c
212option.
213.Pp
Damien Millere247cc42000-05-07 12:03:14 +1000214After a key is generated, instructions below detail where the keys
215should be placed to be activated.
216.Pp
Damien Miller32aa1441999-10-29 09:15:49 +1000217The options are as follows:
218.Bl -tag -width Ds
Damien Miller58f1baf2011-05-05 14:06:15 +1000219.It Fl A
Damien Miller8ba0ead2013-12-18 17:46:27 +1100220For each of the key types (rsa1, rsa, dsa, ecdsa and ed25519)
221for which host keys
Damien Miller58f1baf2011-05-05 14:06:15 +1000222do not exist, generate the host keys with the default key file path,
223an empty passphrase, default bits for the key type, and default comment.
Damien Miller3ca1eb32011-05-05 14:13:50 +1000224This is used by
Damien Miller58f1baf2011-05-05 14:06:15 +1000225.Pa /etc/rc
226to generate new host keys.
Damien Miller4f752cf2013-12-18 17:45:35 +1100227.It Fl a Ar rounds
228When saving a new-format private key (i.e. an ed25519 key or any SSH protocol
2292 key when the
230.Fl o
231flag is set), this option specifies the number of KDF (key derivation function)
232rounds used.
233Higher numbers result in slower passphrase verification and increased
234resistance to brute-force password cracking (should the keys be stolen).
235.Pp
236When screening DH-GEX candidates (
237using the
Darren Tucker019cefe2003-08-02 22:40:07 +1000238.Fl T
Damien Miller4f752cf2013-12-18 17:45:35 +1100239command).
240This option specifies the number of primality tests to perform.
Damien Miller265d3092005-03-02 12:05:06 +1100241.It Fl B
242Show the bubblebabble digest of specified private or public key file.
Damien Miller32aa1441999-10-29 09:15:49 +1000243.It Fl b Ar bits
Damien Miller450a7a12000-03-26 13:04:51 +1000244Specifies the number of bits in the key to create.
Darren Tucker9f647332005-11-28 16:41:46 +1100245For RSA keys, the minimum size is 768 bits and the default is 2048 bits.
Damien Millerac7ef6a2005-06-16 13:19:06 +1000246Generally, 2048 bits is considered sufficient.
Darren Tucker9f647332005-11-28 16:41:46 +1100247DSA keys must be exactly 1024 bits as specified by FIPS 186-2.
Damien Millerad210322011-05-05 14:15:54 +1000248For ECDSA keys, the
249.Fl b
Damien Miller6232a162011-09-22 21:36:00 +1000250flag determines the key length by selecting from one of three elliptic
Damien Millerad210322011-05-05 14:15:54 +1000251curve sizes: 256, 384 or 521 bits.
252Attempting to use bit lengths other than these three values for ECDSA keys
253will fail.
Damien Miller8ba0ead2013-12-18 17:46:27 +1100254ED25519 keys have a fixed length and the
255.Fl b
256flag will be ignored.
Damien Miller265d3092005-03-02 12:05:06 +1100257.It Fl C Ar comment
258Provides a new comment.
Damien Miller32aa1441999-10-29 09:15:49 +1000259.It Fl c
260Requests changing the comment in the private and public key files.
Damien Millereb5fec62001-11-12 10:52:44 +1100261This operation is only supported for RSA1 keys.
Damien Miller32aa1441999-10-29 09:15:49 +1000262The program will prompt for the file containing the private keys, for
Ben Lindstromaafff9c2001-05-06 03:01:02 +0000263the passphrase if the key has one, and for the new comment.
Damien Miller7ea845e2010-02-12 09:21:02 +1100264.It Fl D Ar pkcs11
Damien Millera7618442010-02-12 09:26:02 +1100265Download the RSA public keys provided by the PKCS#11 shared library
266.Ar pkcs11 .
Damien Miller757f34e2010-08-05 13:05:31 +1000267When used in combination with
268.Fl s ,
269this option indicates that a CA key resides in a PKCS#11 token (see the
270.Sx CERTIFICATES
271section for details).
Ben Lindstrom5a707822001-04-22 17:15:46 +0000272.It Fl e
Ben Lindstrom46c264f2001-04-24 16:56:58 +0000273This option will read a private or public OpenSSH key file and
Damien Miller44b25042010-07-02 13:35:01 +1000274print to stdout the key in one of the formats specified by the
275.Fl m
276option.
277The default export format is
278.Dq RFC4716 .
Damien Millerea727282010-07-02 13:35:34 +1000279This option allows exporting OpenSSH keys for use by other programs, including
Damien Miller44b25042010-07-02 13:35:01 +1000280several commercial SSH implementations.
Damien Miller265d3092005-03-02 12:05:06 +1100281.It Fl F Ar hostname
282Search for the specified
283.Ar hostname
284in a
285.Pa known_hosts
286file, listing any occurrences found.
287This option is useful to find hashed host names or addresses and may also be
288used in conjunction with the
289.Fl H
290option to print found keys in a hashed format.
291.It Fl f Ar filename
292Specifies the filename of the key file.
293.It Fl G Ar output_file
294Generate candidate primes for DH-GEX.
295These primes must be screened for
296safety (using the
297.Fl T
298option) before use.
Damien Miller37876e92003-05-15 10:19:46 +1000299.It Fl g
Darren Tucker0b42e6d2004-08-13 21:22:40 +1000300Use generic DNS format when printing fingerprint resource records using the
Darren Tucker6e370372004-08-13 21:23:25 +1000301.Fl r
Darren Tucker0b42e6d2004-08-13 21:22:40 +1000302command.
Damien Miller265d3092005-03-02 12:05:06 +1100303.It Fl H
304Hash a
305.Pa known_hosts
Darren Tuckerda1adbc2005-03-14 23:15:58 +1100306file.
307This replaces all hostnames and addresses with hashed representations
308within the specified file; the original content is moved to a file with
309a .old suffix.
Damien Miller265d3092005-03-02 12:05:06 +1100310These hashes may be used normally by
311.Nm ssh
312and
313.Nm sshd ,
314but they do not reveal identifying information should the file's contents
315be disclosed.
316This option will not modify existing hashed hostnames and is therefore safe
317to use on files that mix hashed and non-hashed names.
Damien Miller0a80ca12010-02-27 07:55:05 +1100318.It Fl h
319When signing a key, create a host certificate instead of a user
320certificate.
321Please see the
322.Sx CERTIFICATES
323section for details.
Damien Miller15f5b562010-03-03 10:25:21 +1100324.It Fl I Ar certificate_identity
Damien Miller0a80ca12010-02-27 07:55:05 +1100325Specify the key identity when signing a public key.
326Please see the
327.Sx CERTIFICATES
328section for details.
Ben Lindstrom5a707822001-04-22 17:15:46 +0000329.It Fl i
330This option will read an unencrypted private (or public) key file
Damien Miller44b25042010-07-02 13:35:01 +1000331in the format specified by the
332.Fl m
333option and print an OpenSSH compatible private
Ben Lindstrom5a707822001-04-22 17:15:46 +0000334(or public) key to stdout.
Damien Miller43b156c2014-04-20 13:23:03 +1000335This option allows importing keys from other software, including several
336commercial SSH implementations.
337The default import format is
338.Dq RFC4716 .
Damien Millerdfceafe2012-07-06 13:44:19 +1000339.It Fl J Ar num_lines
340Exit after screening the specified number of lines
341while performing DH candidate screening using the
342.Fl T
343option.
344.It Fl j Ar start_line
345Start screening at the specified line number
346while performing DH candidate screening using the
347.Fl T
348option.
Damien Miller390d0562011-10-18 16:05:19 +1100349.It Fl K Ar checkpt
350Write the last line processed to the file
351.Ar checkpt
352while performing DH candidate screening using the
353.Fl T
354option.
355This will be used to skip lines in the input file that have already been
356processed if the job is restarted.
Damien Millerf3747bf2013-01-18 11:44:04 +1100357.It Fl k
358Generate a KRL file.
359In this mode,
360.Nm
361will generate a KRL file at the location specified via the
362.Fl f
Damien Miller881a7a22013-01-20 22:34:46 +1100363flag that revokes every key or certificate presented on the command line.
Damien Millerf3747bf2013-01-18 11:44:04 +1100364Keys/certificates to be revoked may be specified by public key file or
365using the format described in the
366.Sx KEY REVOCATION LISTS
367section.
Damien Millerf2b70ca2010-03-05 07:39:35 +1100368.It Fl L
369Prints the contents of a certificate.
Damien Miller10f6f6b1999-11-17 17:29:08 +1100370.It Fl l
Darren Tucker35c45532008-06-13 04:43:15 +1000371Show fingerprint of specified public key file.
Damien Millereb5fec62001-11-12 10:52:44 +1100372Private RSA1 keys are also supported.
373For RSA and DSA keys
374.Nm
Darren Tuckerf09e8252008-06-13 05:18:03 +1000375tries to find the matching public key file and prints its fingerprint.
376If combined with
377.Fl v ,
378an ASCII art representation of the key is supplied with the fingerprint.
Damien Millerea727282010-07-02 13:35:34 +1000379.It Fl M Ar memory
380Specify the amount of memory to use (in megabytes) when generating
381candidate moduli for DH-GEX.
Damien Miller44b25042010-07-02 13:35:01 +1000382.It Fl m Ar key_format
383Specify a key format for the
384.Fl i
385(import) or
386.Fl e
Damien Millerea727282010-07-02 13:35:34 +1000387(export) conversion options.
Damien Miller44b25042010-07-02 13:35:01 +1000388The supported key formats are:
389.Dq RFC4716
Damien Millerea727282010-07-02 13:35:34 +1000390(RFC 4716/SSH2 public or private key),
Damien Miller44b25042010-07-02 13:35:01 +1000391.Dq PKCS8
392(PEM PKCS8 public key)
393or
394.Dq PEM
395(PEM public key).
396The default conversion format is
397.Dq RFC4716 .
Damien Miller265d3092005-03-02 12:05:06 +1100398.It Fl N Ar new_passphrase
399Provides the new passphrase.
Damien Miller0a80ca12010-02-27 07:55:05 +1100400.It Fl n Ar principals
401Specify one or more principals (user or host names) to be included in
402a certificate when signing a key.
403Multiple principals may be specified, separated by commas.
404Please see the
405.Sx CERTIFICATES
406section for details.
Damien Miller4e270b02010-04-16 15:56:21 +1000407.It Fl O Ar option
408Specify a certificate option when signing a key.
Damien Miller0a80ca12010-02-27 07:55:05 +1100409This option may be specified multiple times.
410Please see the
411.Sx CERTIFICATES
412section for details.
Damien Miller4e270b02010-04-16 15:56:21 +1000413The options that are valid for user certificates are:
Damien Miller0a80ca12010-02-27 07:55:05 +1100414.Bl -tag -width Ds
Damien Millerc59e2442010-03-22 05:50:31 +1100415.It Ic clear
416Clear all enabled permissions.
417This is useful for clearing the default set of permissions so permissions may
418be added individually.
419.It Ic force-command Ns = Ns Ar command
420Forces the execution of
421.Ar command
422instead of any shell or command specified by the user when
423the certificate is used for authentication.
Damien Miller0a80ca12010-02-27 07:55:05 +1100424.It Ic no-agent-forwarding
425Disable
426.Xr ssh-agent 1
Damien Miller15f5b562010-03-03 10:25:21 +1100427forwarding (permitted by default).
Damien Miller0a80ca12010-02-27 07:55:05 +1100428.It Ic no-port-forwarding
Damien Miller15f5b562010-03-03 10:25:21 +1100429Disable port forwarding (permitted by default).
Damien Miller0a80ca12010-02-27 07:55:05 +1100430.It Ic no-pty
Damien Miller15f5b562010-03-03 10:25:21 +1100431Disable PTY allocation (permitted by default).
Damien Miller0a80ca12010-02-27 07:55:05 +1100432.It Ic no-user-rc
433Disable execution of
434.Pa ~/.ssh/rc
435by
Damien Miller15f5b562010-03-03 10:25:21 +1100436.Xr sshd 8
437(permitted by default).
Damien Millerc59e2442010-03-22 05:50:31 +1100438.It Ic no-x11-forwarding
439Disable X11 forwarding (permitted by default).
Damien Miller081c9762010-03-08 11:30:00 +1100440.It Ic permit-agent-forwarding
441Allows
442.Xr ssh-agent 1
443forwarding.
Damien Miller0a80ca12010-02-27 07:55:05 +1100444.It Ic permit-port-forwarding
445Allows port forwarding.
446.It Ic permit-pty
447Allows PTY allocation.
448.It Ic permit-user-rc
449Allows execution of
450.Pa ~/.ssh/rc
451by
452.Xr sshd 8 .
Damien Millerc59e2442010-03-22 05:50:31 +1100453.It Ic permit-x11-forwarding
454Allows X11 forwarding.
455.It Ic source-address Ns = Ns Ar address_list
Damien Miller77497e12010-03-22 05:50:51 +1100456Restrict the source addresses from which the certificate is considered valid.
Damien Miller0a80ca12010-02-27 07:55:05 +1100457The
458.Ar address_list
459is a comma-separated list of one or more address/netmask pairs in CIDR
460format.
461.El
462.Pp
Damien Miller4e270b02010-04-16 15:56:21 +1000463At present, no options are valid for host keys.
Damien Miller4f752cf2013-12-18 17:45:35 +1100464.It Fl o
465Causes
466.Nm
467to save SSH protocol 2 private keys using the new OpenSSH format rather than
468the more compatible PEM format.
469The new format has increased resistance to brute-force password cracking
470but is not supported by versions of OpenSSH prior to 6.5.
471Ed25519 keys always use the new private key format.
Damien Miller265d3092005-03-02 12:05:06 +1100472.It Fl P Ar passphrase
473Provides the (old) passphrase.
Damien Miller32aa1441999-10-29 09:15:49 +1000474.It Fl p
475Requests changing the passphrase of a private key file instead of
Damien Miller450a7a12000-03-26 13:04:51 +1000476creating a new private key.
477The program will prompt for the file
Damien Miller32aa1441999-10-29 09:15:49 +1000478containing the private key, for the old passphrase, and twice for the
479new passphrase.
Damien Miller072fdcd2013-01-20 22:34:04 +1100480.It Fl Q
481Test whether keys have been revoked in a KRL.
Damien Miller32aa1441999-10-29 09:15:49 +1000482.It Fl q
483Silence
484.Nm ssh-keygen .
Damien Miller4b42d7f2005-03-01 21:48:35 +1100485.It Fl R Ar hostname
486Removes all keys belonging to
487.Ar hostname
Damien Miller4c9c6fd2005-03-02 12:03:43 +1100488from a
Damien Miller4b42d7f2005-03-01 21:48:35 +1100489.Pa known_hosts
490file.
Damien Miller4c9c6fd2005-03-02 12:03:43 +1100491This option is useful to delete hashed hosts (see the
Damien Miller4b42d7f2005-03-01 21:48:35 +1100492.Fl H
493option above).
Damien Miller265d3092005-03-02 12:05:06 +1100494.It Fl r Ar hostname
495Print the SSHFP fingerprint resource record named
496.Ar hostname
497for the specified public key file.
Darren Tucker019cefe2003-08-02 22:40:07 +1000498.It Fl S Ar start
499Specify start point (in hex) when generating candidate moduli for DH-GEX.
Damien Miller0a80ca12010-02-27 07:55:05 +1100500.It Fl s Ar ca_key
501Certify (sign) a public key using the specified CA key.
502Please see the
503.Sx CERTIFICATES
504section for details.
Damien Millerf3747bf2013-01-18 11:44:04 +1100505.Pp
506When generating a KRL,
507.Fl s
Damien Millerac5542b2013-01-20 22:33:02 +1100508specifies a path to a CA public key file used to revoke certificates directly
Damien Millerf3747bf2013-01-18 11:44:04 +1100509by key ID or serial number.
510See the
511.Sx KEY REVOCATION LISTS
512section for details.
Darren Tucker019cefe2003-08-02 22:40:07 +1000513.It Fl T Ar output_file
514Test DH group exchange candidate primes (generated using the
515.Fl G
516option) for safety.
Damien Millerf0858de2014-04-20 13:01:30 +1000517.It Fl t Cm dsa | ecdsa | ed25519 | rsa | rsa1
Damien Miller265d3092005-03-02 12:05:06 +1100518Specifies the type of key to create.
519The possible values are
520.Dq rsa1
521for protocol version 1 and
Damien Miller6186bbc2010-09-24 22:00:54 +1000522.Dq dsa ,
Damien Miller8ba0ead2013-12-18 17:46:27 +1100523.Dq ecdsa ,
524.Dq ed25519 ,
Damien Miller265d3092005-03-02 12:05:06 +1100525or
Damien Miller6186bbc2010-09-24 22:00:54 +1000526.Dq rsa
Damien Miller265d3092005-03-02 12:05:06 +1100527for protocol version 2.
Damien Millerac5542b2013-01-20 22:33:02 +1100528.It Fl u
529Update a KRL.
530When specified with
531.Fl k ,
Damien Miller881a7a22013-01-20 22:34:46 +1100532keys listed via the command line are added to the existing KRL rather than
Damien Millerac5542b2013-01-20 22:33:02 +1100533a new KRL being created.
Damien Miller0a80ca12010-02-27 07:55:05 +1100534.It Fl V Ar validity_interval
535Specify a validity interval when signing a certificate.
536A validity interval may consist of a single time, indicating that the
537certificate is valid beginning now and expiring at that time, or may consist
538of two times separated by a colon to indicate an explicit time interval.
539The start time may be specified as a date in YYYYMMDD format, a time
540in YYYYMMDDHHMMSS format or a relative time (to the current time) consisting
541of a minus sign followed by a relative time in the format described in the
Damien Millerfecfd112013-07-18 16:11:50 +1000542TIME FORMATS section of
Damien Miller77497e12010-03-22 05:50:51 +1100543.Xr sshd_config 5 .
Damien Miller0a80ca12010-02-27 07:55:05 +1100544The end time may be specified as a YYYYMMDD date, a YYYYMMDDHHMMSS time or
545a relative time starting with a plus character.
546.Pp
547For example:
548.Dq +52w1d
549(valid from now to 52 weeks and one day from now),
550.Dq -4w:+4w
551(valid from four weeks ago to four weeks from now),
552.Dq 20100101123000:20110101123000
553(valid from 12:30 PM, January 1st, 2010 to 12:30 PM, January 1st, 2011),
554.Dq -1d:20110101
555(valid from yesterday to midnight, January 1st, 2011).
Darren Tucker06930c72003-12-31 11:34:51 +1100556.It Fl v
557Verbose mode.
558Causes
559.Nm
560to print debugging messages about its progress.
561This is helpful for debugging moduli generation.
562Multiple
563.Fl v
564options increase the verbosity.
565The maximum is 3.
Damien Miller265d3092005-03-02 12:05:06 +1100566.It Fl W Ar generator
567Specify desired generator when testing candidate moduli for DH-GEX.
568.It Fl y
569This option will read a private
570OpenSSH format file and print an OpenSSH public key to stdout.
Damien Miller4e270b02010-04-16 15:56:21 +1000571.It Fl z Ar serial_number
572Specifies a serial number to be embedded in the certificate to distinguish
573this certificate from others from the same CA.
574The default serial number is zero.
Damien Millerf3747bf2013-01-18 11:44:04 +1100575.Pp
576When generating a KRL, the
577.Fl z
578flag is used to specify a KRL version number.
Damien Miller32aa1441999-10-29 09:15:49 +1000579.El
Darren Tucker019cefe2003-08-02 22:40:07 +1000580.Sh MODULI GENERATION
581.Nm
582may be used to generate groups for the Diffie-Hellman Group Exchange
583(DH-GEX) protocol.
584Generating these groups is a two-step process: first, candidate
585primes are generated using a fast, but memory intensive process.
586These candidate primes are then tested for suitability (a CPU-intensive
587process).
588.Pp
589Generation of primes is performed using the
590.Fl G
591option.
592The desired length of the primes may be specified by the
593.Fl b
594option.
595For example:
596.Pp
Damien Miller265d3092005-03-02 12:05:06 +1100597.Dl # ssh-keygen -G moduli-2048.candidates -b 2048
Darren Tucker019cefe2003-08-02 22:40:07 +1000598.Pp
599By default, the search for primes begins at a random point in the
600desired length range.
601This may be overridden using the
602.Fl S
603option, which specifies a different start point (in hex).
604.Pp
Damien Millerdfceafe2012-07-06 13:44:19 +1000605Once a set of candidates have been generated, they must be screened for
Darren Tucker019cefe2003-08-02 22:40:07 +1000606suitability.
607This may be performed using the
608.Fl T
609option.
610In this mode
611.Nm
612will read candidates from standard input (or a file specified using the
613.Fl f
614option).
615For example:
616.Pp
Damien Miller265d3092005-03-02 12:05:06 +1100617.Dl # ssh-keygen -T moduli-2048 -f moduli-2048.candidates
Darren Tucker019cefe2003-08-02 22:40:07 +1000618.Pp
619By default, each candidate will be subjected to 100 primality tests.
620This may be overridden using the
621.Fl a
622option.
623The DH generator value will be chosen automatically for the
624prime under consideration.
625If a specific generator is desired, it may be requested using the
626.Fl W
627option.
Damien Miller265d3092005-03-02 12:05:06 +1100628Valid generator values are 2, 3, and 5.
Darren Tucker019cefe2003-08-02 22:40:07 +1000629.Pp
630Screened DH groups may be installed in
631.Pa /etc/moduli .
632It is important that this file contains moduli of a range of bit lengths and
633that both ends of a connection share common moduli.
Damien Miller0a80ca12010-02-27 07:55:05 +1100634.Sh CERTIFICATES
635.Nm
636supports signing of keys to produce certificates that may be used for
637user or host authentication.
638Certificates consist of a public key, some identity information, zero or
Damien Miller1f181422010-04-18 08:08:03 +1000639more principal (user or host) names and a set of options that
Damien Miller0a80ca12010-02-27 07:55:05 +1100640are signed by a Certification Authority (CA) key.
641Clients or servers may then trust only the CA key and verify its signature
642on a certificate rather than trusting many user/host keys.
643Note that OpenSSH certificates are a different, and much simpler, format to
644the X.509 certificates used in
645.Xr ssl 8 .
646.Pp
647.Nm
648supports two types of certificates: user and host.
649User certificates authenticate users to servers, whereas host certificates
Damien Miller15f5b562010-03-03 10:25:21 +1100650authenticate server hosts to users.
651To generate a user certificate:
Damien Miller0a80ca12010-02-27 07:55:05 +1100652.Pp
653.Dl $ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub
654.Pp
655The resultant certificate will be placed in
Damien Miller1b61a282010-03-22 05:55:06 +1100656.Pa /path/to/user_key-cert.pub .
Damien Miller0a80ca12010-02-27 07:55:05 +1100657A host certificate requires the
658.Fl h
659option:
660.Pp
661.Dl $ ssh-keygen -s /path/to/ca_key -I key_id -h /path/to/host_key.pub
662.Pp
663The host certificate will be output to
Damien Miller1b61a282010-03-22 05:55:06 +1100664.Pa /path/to/host_key-cert.pub .
Damien Miller757f34e2010-08-05 13:05:31 +1000665.Pp
666It is possible to sign using a CA key stored in a PKCS#11 token by
667providing the token library using
668.Fl D
669and identifying the CA key by providing its public half as an argument
670to
671.Fl s :
672.Pp
673.Dl $ ssh-keygen -s ca_key.pub -D libpkcs11.so -I key_id host_key.pub
674.Pp
675In all cases,
Damien Miller0a80ca12010-02-27 07:55:05 +1100676.Ar key_id
677is a "key identifier" that is logged by the server when the certificate
678is used for authentication.
679.Pp
680Certificates may be limited to be valid for a set of principal (user/host)
681names.
682By default, generated certificates are valid for all users or hosts.
683To generate a certificate for a specified set of principals:
684.Pp
685.Dl $ ssh-keygen -s ca_key -I key_id -n user1,user2 user_key.pub
Damien Miller5a5d94b2010-03-22 05:57:49 +1100686.Dl "$ ssh-keygen -s ca_key -I key_id -h -n host.domain user_key.pub"
Damien Miller0a80ca12010-02-27 07:55:05 +1100687.Pp
688Additional limitations on the validity and use of user certificates may
Damien Miller1f181422010-04-18 08:08:03 +1000689be specified through certificate options.
Damien Miller4e270b02010-04-16 15:56:21 +1000690A certificate option may disable features of the SSH session, may be
Damien Miller0a80ca12010-02-27 07:55:05 +1100691valid only when presented from particular source addresses or may
692force the use of a specific command.
Damien Miller4e270b02010-04-16 15:56:21 +1000693For a list of valid certificate options, see the documentation for the
Damien Miller0a80ca12010-02-27 07:55:05 +1100694.Fl O
695option above.
696.Pp
697Finally, certificates may be defined with a validity lifetime.
698The
699.Fl V
700option allows specification of certificate start and end times.
701A certificate that is presented at a time outside this range will not be
702considered valid.
Darren Tucker3ee50c52012-09-06 21:18:11 +1000703By default, certificates are valid from
704.Ux
705Epoch to the distant future.
Damien Miller0a80ca12010-02-27 07:55:05 +1100706.Pp
707For certificates to be used for user or host authentication, the CA
708public key must be trusted by
709.Xr sshd 8
710or
711.Xr ssh 1 .
712Please refer to those manual pages for details.
Damien Millerf3747bf2013-01-18 11:44:04 +1100713.Sh KEY REVOCATION LISTS
714.Nm
715is able to manage OpenSSH format Key Revocation Lists (KRLs).
716These binary files specify keys or certificates to be revoked using a
Damien Miller13797712013-12-29 17:47:14 +1100717compact format, taking as little as one bit per certificate if they are being
Damien Millerf3747bf2013-01-18 11:44:04 +1100718revoked by serial number.
719.Pp
720KRLs may be generated using the
721.Fl k
722flag.
Damien Miller881a7a22013-01-20 22:34:46 +1100723This option reads one or more files from the command line and generates a new
Damien Millerf3747bf2013-01-18 11:44:04 +1100724KRL.
725The files may either contain a KRL specification (see below) or public keys,
726listed one per line.
727Plain public keys are revoked by listing their hash or contents in the KRL and
728certificates revoked by serial number or key ID (if the serial is zero or
729not available).
730.Pp
731Revoking keys using a KRL specification offers explicit control over the
732types of record used to revoke keys and may be used to directly revoke
733certificates by serial number or key ID without having the complete original
734certificate on hand.
735A KRL specification consists of lines containing one of the following directives
736followed by a colon and some directive-specific information.
737.Bl -tag -width Ds
Damien Millera0a7ee82013-01-20 22:35:06 +1100738.It Cm serial : Ar serial_number Ns Op - Ns Ar serial_number
Damien Millerf3747bf2013-01-18 11:44:04 +1100739Revokes a certificate with the specified serial number.
Damien Millerac5542b2013-01-20 22:33:02 +1100740Serial numbers are 64-bit values, not including zero and may be expressed
Damien Millerf3747bf2013-01-18 11:44:04 +1100741in decimal, hex or octal.
742If two serial numbers are specified separated by a hyphen, then the range
743of serial numbers including and between each is revoked.
744The CA key must have been specified on the
745.Nm
Damien Miller881a7a22013-01-20 22:34:46 +1100746command line using the
Damien Millerf3747bf2013-01-18 11:44:04 +1100747.Fl s
748option.
749.It Cm id : Ar key_id
750Revokes a certificate with the specified key ID string.
751The CA key must have been specified on the
752.Nm
Damien Miller881a7a22013-01-20 22:34:46 +1100753command line using the
Damien Millerf3747bf2013-01-18 11:44:04 +1100754.Fl s
755option.
756.It Cm key : Ar public_key
757Revokes the specified key.
Damien Millerac5542b2013-01-20 22:33:02 +1100758If a certificate is listed, then it is revoked as a plain public key.
Damien Millerf3747bf2013-01-18 11:44:04 +1100759.It Cm sha1 : Ar public_key
760Revokes the specified key by its SHA1 hash.
761.El
762.Pp
763KRLs may be updated using the
764.Fl u
765flag in addition to
766.Fl k .
Damien Miller881a7a22013-01-20 22:34:46 +1100767When this option is specified, keys listed via the command line are merged into
Damien Millerf3747bf2013-01-18 11:44:04 +1100768the KRL, adding to those already there.
769.Pp
770It is also possible, given a KRL, to test whether it revokes a particular key
771(or keys).
772The
773.Fl Q
774flag will query an existing KRL, testing each key specified on the commandline.
Damien Miller881a7a22013-01-20 22:34:46 +1100775If any key listed on the command line has been revoked (or an error encountered)
Damien Millerf3747bf2013-01-18 11:44:04 +1100776then
777.Nm
778will exit with a non-zero exit status.
779A zero exit status will only be returned if no key was revoked.
Damien Miller32aa1441999-10-29 09:15:49 +1000780.Sh FILES
Damien Miller6186bbc2010-09-24 22:00:54 +1000781.Bl -tag -width Ds -compact
Damien Miller167ea5d2005-05-26 12:04:02 +1000782.It Pa ~/.ssh/identity
Ben Lindstrom18a82ac2001-04-11 15:59:35 +0000783Contains the protocol version 1 RSA authentication identity of the user.
Damien Miller450a7a12000-03-26 13:04:51 +1000784This file should not be readable by anyone but the user.
785It is possible to
Damien Miller32aa1441999-10-29 09:15:49 +1000786specify a passphrase when generating the key; that passphrase will be
Damien Miller6186bbc2010-09-24 22:00:54 +1000787used to encrypt the private part of this file using 3DES.
Damien Miller450a7a12000-03-26 13:04:51 +1000788This file is not automatically accessed by
Damien Miller32aa1441999-10-29 09:15:49 +1000789.Nm
790but it is offered as the default file for the private key.
Ben Lindstrombda98b02001-07-04 03:35:24 +0000791.Xr ssh 1
Damien Millere247cc42000-05-07 12:03:14 +1000792will read this file when a login attempt is made.
Damien Miller6186bbc2010-09-24 22:00:54 +1000793.Pp
Damien Miller167ea5d2005-05-26 12:04:02 +1000794.It Pa ~/.ssh/identity.pub
Ben Lindstrom18a82ac2001-04-11 15:59:35 +0000795Contains the protocol version 1 RSA public key for authentication.
Damien Miller450a7a12000-03-26 13:04:51 +1000796The contents of this file should be added to
Damien Miller167ea5d2005-05-26 12:04:02 +1000797.Pa ~/.ssh/authorized_keys
Damien Miller32aa1441999-10-29 09:15:49 +1000798on all machines
Ben Lindstrom594e2032001-09-12 18:35:30 +0000799where the user wishes to log in using RSA authentication.
Damien Miller450a7a12000-03-26 13:04:51 +1000800There is no need to keep the contents of this file secret.
Damien Miller6186bbc2010-09-24 22:00:54 +1000801.Pp
Damien Miller167ea5d2005-05-26 12:04:02 +1000802.It Pa ~/.ssh/id_dsa
Damien Miller6186bbc2010-09-24 22:00:54 +1000803.It Pa ~/.ssh/id_ecdsa
Damien Miller8ba0ead2013-12-18 17:46:27 +1100804.It Pa ~/.ssh/id_ed25519
Damien Miller167ea5d2005-05-26 12:04:02 +1000805.It Pa ~/.ssh/id_rsa
Damien Miller8ba0ead2013-12-18 17:46:27 +1100806Contains the protocol version 2 DSA, ECDSA, ED25519 or RSA
807authentication identity of the user.
Ben Lindstrom18a82ac2001-04-11 15:59:35 +0000808This file should not be readable by anyone but the user.
809It is possible to
810specify a passphrase when generating the key; that passphrase will be
Darren Tucker199ee6f2009-10-24 11:50:17 +1100811used to encrypt the private part of this file using 128-bit AES.
Ben Lindstrom18a82ac2001-04-11 15:59:35 +0000812This file is not automatically accessed by
813.Nm
814but it is offered as the default file for the private key.
Ben Lindstrombda98b02001-07-04 03:35:24 +0000815.Xr ssh 1
Ben Lindstrom18a82ac2001-04-11 15:59:35 +0000816will read this file when a login attempt is made.
Damien Miller6186bbc2010-09-24 22:00:54 +1000817.Pp
818.It Pa ~/.ssh/id_dsa.pub
819.It Pa ~/.ssh/id_ecdsa.pub
Damien Miller8ba0ead2013-12-18 17:46:27 +1100820.It Pa ~/.ssh/id_ed25519.pub
Damien Miller167ea5d2005-05-26 12:04:02 +1000821.It Pa ~/.ssh/id_rsa.pub
Damien Miller8ba0ead2013-12-18 17:46:27 +1100822Contains the protocol version 2 DSA, ECDSA, ED25519 or RSA
823public key for authentication.
Damien Millere247cc42000-05-07 12:03:14 +1000824The contents of this file should be added to
Damien Miller167ea5d2005-05-26 12:04:02 +1000825.Pa ~/.ssh/authorized_keys
Damien Millere247cc42000-05-07 12:03:14 +1000826on all machines
Ben Lindstrom594e2032001-09-12 18:35:30 +0000827where the user wishes to log in using public key authentication.
Damien Millere247cc42000-05-07 12:03:14 +1000828There is no need to keep the contents of this file secret.
Damien Miller6186bbc2010-09-24 22:00:54 +1000829.Pp
Darren Tucker019cefe2003-08-02 22:40:07 +1000830.It Pa /etc/moduli
831Contains Diffie-Hellman groups used for DH-GEX.
832The file format is described in
833.Xr moduli 5 .
Damien Miller37023962000-07-11 17:31:38 +1000834.El
Damien Miller32aa1441999-10-29 09:15:49 +1000835.Sh SEE ALSO
836.Xr ssh 1 ,
837.Xr ssh-add 1 ,
Damien Miller2e8b1c81999-11-15 23:33:56 +1100838.Xr ssh-agent 1 ,
Darren Tucker019cefe2003-08-02 22:40:07 +1000839.Xr moduli 5 ,
Ben Lindstrom77788dc2001-02-10 23:10:33 +0000840.Xr sshd 8
Ben Lindstrom5a707822001-04-22 17:15:46 +0000841.Rs
Damien Millerc0367fb2007-01-05 16:25:46 +1100842.%R RFC 4716
843.%T "The Secure Shell (SSH) Public Key File Format"
844.%D 2006
Ben Lindstrom5a707822001-04-22 17:15:46 +0000845.Re
Damien Millerf1ce5052003-06-11 22:04:39 +1000846.Sh AUTHORS
847OpenSSH is a derivative of the original and free
848ssh 1.2.12 release by Tatu Ylonen.
849Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
850Theo de Raadt and Dug Song
851removed many bugs, re-added newer features and
852created OpenSSH.
853Markus Friedl contributed the support for SSH
854protocol versions 1.5 and 2.0.