blob: ed17a08fab285f401431a5a887c74e0394864f0a [file] [log] [blame]
naddy@openbsd.org05291e52015-08-20 19:20:06 +00001.\" $OpenBSD: ssh-keygen.1,v 1.127 2015/08/20 19:20:06 naddy Exp $
Damien Miller32aa1441999-10-29 09:15:49 +10002.\"
Damien Miller32aa1441999-10-29 09:15:49 +10003.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
Damien Miller32aa1441999-10-29 09:15:49 +10004.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5.\" All rights reserved
6.\"
Damien Millere4340be2000-09-16 13:29:08 +11007.\" As far as I am concerned, the code I have written for this software
8.\" can be used freely for any purpose. Any derived versions of this
9.\" software must be clearly marked as such, and if the derived work is
10.\" incompatible with the protocol description in the RFC file, it must be
11.\" called by a name other than "ssh" or "Secure Shell".
Damien Miller32aa1441999-10-29 09:15:49 +100012.\"
Damien Millere4340be2000-09-16 13:29:08 +110013.\"
Ben Lindstrom92a2e382001-03-05 06:59:27 +000014.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
15.\" Copyright (c) 1999 Aaron Campbell. All rights reserved.
16.\" Copyright (c) 1999 Theo de Raadt. All rights reserved.
Damien Millere4340be2000-09-16 13:29:08 +110017.\"
18.\" Redistribution and use in source and binary forms, with or without
19.\" modification, are permitted provided that the following conditions
20.\" are met:
21.\" 1. Redistributions of source code must retain the above copyright
22.\" notice, this list of conditions and the following disclaimer.
23.\" 2. Redistributions in binary form must reproduce the above copyright
24.\" notice, this list of conditions and the following disclaimer in the
25.\" documentation and/or other materials provided with the distribution.
26.\"
27.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
28.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
29.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
30.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
31.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
32.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
33.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
34.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
35.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
36.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Damien Miller32aa1441999-10-29 09:15:49 +100037.\"
naddy@openbsd.org05291e52015-08-20 19:20:06 +000038.Dd $Mdocdate: August 20 2015 $
Damien Miller32aa1441999-10-29 09:15:49 +100039.Dt SSH-KEYGEN 1
40.Os
41.Sh NAME
42.Nm ssh-keygen
Ben Lindstrom5a707822001-04-22 17:15:46 +000043.Nd authentication key generation, management and conversion
Damien Miller32aa1441999-10-29 09:15:49 +100044.Sh SYNOPSIS
Damien Miller495dca32003-04-01 21:42:14 +100045.Bk -words
Damien Millerbad5e032010-07-16 13:59:59 +100046.Nm ssh-keygen
Damien Miller0bc1bd82000-11-13 22:57:25 +110047.Op Fl q
Damien Miller32aa1441999-10-29 09:15:49 +100048.Op Fl b Ar bits
Damien Millerf0858de2014-04-20 13:01:30 +100049.Op Fl t Cm dsa | ecdsa | ed25519 | rsa | rsa1
Damien Miller32aa1441999-10-29 09:15:49 +100050.Op Fl N Ar new_passphrase
51.Op Fl C Ar comment
Damien Miller1a425f32000-09-02 10:08:09 +110052.Op Fl f Ar output_keyfile
Damien Miller32aa1441999-10-29 09:15:49 +100053.Nm ssh-keygen
54.Fl p
55.Op Fl P Ar old_passphrase
56.Op Fl N Ar new_passphrase
Damien Miller10f6f6b1999-11-17 17:29:08 +110057.Op Fl f Ar keyfile
Damien Miller32aa1441999-10-29 09:15:49 +100058.Nm ssh-keygen
Ben Lindstrom5a707822001-04-22 17:15:46 +000059.Fl i
Damien Miller44b25042010-07-02 13:35:01 +100060.Op Fl m Ar key_format
Damien Miller1a425f32000-09-02 10:08:09 +110061.Op Fl f Ar input_keyfile
Damien Millere247cc42000-05-07 12:03:14 +100062.Nm ssh-keygen
Ben Lindstrom5a707822001-04-22 17:15:46 +000063.Fl e
Damien Miller44b25042010-07-02 13:35:01 +100064.Op Fl m Ar key_format
Damien Miller1a425f32000-09-02 10:08:09 +110065.Op Fl f Ar input_keyfile
Damien Millere247cc42000-05-07 12:03:14 +100066.Nm ssh-keygen
67.Fl y
Damien Miller1a425f32000-09-02 10:08:09 +110068.Op Fl f Ar input_keyfile
Damien Millere247cc42000-05-07 12:03:14 +100069.Nm ssh-keygen
Damien Miller32aa1441999-10-29 09:15:49 +100070.Fl c
71.Op Fl P Ar passphrase
72.Op Fl C Ar comment
Damien Miller10f6f6b1999-11-17 17:29:08 +110073.Op Fl f Ar keyfile
74.Nm ssh-keygen
75.Fl l
naddy@openbsd.org6288e3a2015-02-24 15:24:05 +000076.Op Fl v
djm@openbsd.org56d1c832014-12-21 22:27:55 +000077.Op Fl E Ar fingerprint_hash
Ben Lindstrom8fd372b2001-03-12 03:02:17 +000078.Op Fl f Ar input_keyfile
79.Nm ssh-keygen
80.Fl B
Damien Miller1a425f32000-09-02 10:08:09 +110081.Op Fl f Ar input_keyfile
Ben Lindstroma1ec4a92001-08-06 21:51:34 +000082.Nm ssh-keygen
Damien Miller048dc932010-02-12 09:22:04 +110083.Fl D Ar pkcs11
Ben Lindstroma1ec4a92001-08-06 21:51:34 +000084.Nm ssh-keygen
Damien Miller4b42d7f2005-03-01 21:48:35 +110085.Fl F Ar hostname
86.Op Fl f Ar known_hosts_file
Damien Miller718ed502008-11-03 19:15:20 +110087.Op Fl l
Damien Miller4b42d7f2005-03-01 21:48:35 +110088.Nm ssh-keygen
89.Fl H
90.Op Fl f Ar known_hosts_file
91.Nm ssh-keygen
92.Fl R Ar hostname
93.Op Fl f Ar known_hosts_file
94.Nm ssh-keygen
Damien Miller37876e92003-05-15 10:19:46 +100095.Fl r Ar hostname
96.Op Fl f Ar input_keyfile
97.Op Fl g
Darren Tucker019cefe2003-08-02 22:40:07 +100098.Nm ssh-keygen
99.Fl G Ar output_file
Darren Tucker06930c72003-12-31 11:34:51 +1100100.Op Fl v
Darren Tucker019cefe2003-08-02 22:40:07 +1000101.Op Fl b Ar bits
102.Op Fl M Ar memory
103.Op Fl S Ar start_point
104.Nm ssh-keygen
105.Fl T Ar output_file
106.Fl f Ar input_file
Darren Tucker06930c72003-12-31 11:34:51 +1100107.Op Fl v
Damien Miller4f752cf2013-12-18 17:45:35 +1100108.Op Fl a Ar rounds
Damien Millerdfceafe2012-07-06 13:44:19 +1000109.Op Fl J Ar num_lines
110.Op Fl j Ar start_line
Damien Miller390d0562011-10-18 16:05:19 +1100111.Op Fl K Ar checkpt
Darren Tucker019cefe2003-08-02 22:40:07 +1000112.Op Fl W Ar generator
Damien Miller0a80ca12010-02-27 07:55:05 +1100113.Nm ssh-keygen
114.Fl s Ar ca_key
115.Fl I Ar certificate_identity
116.Op Fl h
117.Op Fl n Ar principals
Damien Miller4e270b02010-04-16 15:56:21 +1000118.Op Fl O Ar option
Damien Miller0a80ca12010-02-27 07:55:05 +1100119.Op Fl V Ar validity_interval
Damien Miller4e270b02010-04-16 15:56:21 +1000120.Op Fl z Ar serial_number
Damien Miller0a80ca12010-02-27 07:55:05 +1100121.Ar
Damien Millerf2b70ca2010-03-05 07:39:35 +1100122.Nm ssh-keygen
Damien Millerf2b70ca2010-03-05 07:39:35 +1100123.Fl L
124.Op Fl f Ar input_keyfile
Damien Miller58f1baf2011-05-05 14:06:15 +1000125.Nm ssh-keygen
126.Fl A
Damien Millerf3747bf2013-01-18 11:44:04 +1100127.Nm ssh-keygen
128.Fl k
129.Fl f Ar krl_file
130.Op Fl u
Damien Millerac5542b2013-01-20 22:33:02 +1100131.Op Fl s Ar ca_public
132.Op Fl z Ar version_number
Damien Millerf3747bf2013-01-18 11:44:04 +1100133.Ar
134.Nm ssh-keygen
135.Fl Q
136.Fl f Ar krl_file
137.Ar
Damien Miller15f5b562010-03-03 10:25:21 +1100138.Ek
Damien Miller22c77262000-04-13 12:26:34 +1000139.Sh DESCRIPTION
Damien Miller32aa1441999-10-29 09:15:49 +1000140.Nm
Ben Lindstrom5a707822001-04-22 17:15:46 +0000141generates, manages and converts authentication keys for
Damien Miller32aa1441999-10-29 09:15:49 +1000142.Xr ssh 1 .
Damien Millere247cc42000-05-07 12:03:14 +1000143.Nm
Damien Miller8ba0ead2013-12-18 17:46:27 +1100144can create RSA keys for use by SSH protocol version 1 and
sobrado@openbsd.orgf70b22b2014-08-30 15:33:50 +0000145DSA, ECDSA, Ed25519 or RSA keys for use by SSH protocol version 2.
Damien Millerfbf486b2003-05-23 18:44:23 +1000146The type of key to be generated is specified with the
Damien Miller0bc1bd82000-11-13 22:57:25 +1100147.Fl t
Damien Millera41c8b12002-01-22 23:05:08 +1100148option.
Damien Millerf14be5c2005-11-05 15:15:49 +1100149If invoked without any arguments,
150.Nm
Damien Miller83d0d392005-11-05 15:16:27 +1100151will generate an RSA key for use in SSH protocol 2 connections.
Damien Millere247cc42000-05-07 12:03:14 +1000152.Pp
Darren Tucker019cefe2003-08-02 22:40:07 +1000153.Nm
154is also used to generate groups for use in Diffie-Hellman group
155exchange (DH-GEX).
156See the
157.Sx MODULI GENERATION
158section for details.
159.Pp
Damien Millerf3747bf2013-01-18 11:44:04 +1100160Finally,
161.Nm
162can be used to generate and update Key Revocation Lists, and to test whether
Damien Millerac5542b2013-01-20 22:33:02 +1100163given keys have been revoked by one.
164See the
Damien Millerf3747bf2013-01-18 11:44:04 +1100165.Sx KEY REVOCATION LISTS
166section for details.
167.Pp
Damien Miller32aa1441999-10-29 09:15:49 +1000168Normally each user wishing to use SSH
Damien Millereb8b60e2010-08-31 22:41:14 +1000169with public key authentication runs this once to create the authentication
Damien Miller32aa1441999-10-29 09:15:49 +1000170key in
Damien Miller167ea5d2005-05-26 12:04:02 +1000171.Pa ~/.ssh/identity ,
Damien Miller8ba0ead2013-12-18 17:46:27 +1100172.Pa ~/.ssh/id_dsa ,
Damien Millereb8b60e2010-08-31 22:41:14 +1000173.Pa ~/.ssh/id_ecdsa ,
Damien Miller8ba0ead2013-12-18 17:46:27 +1100174.Pa ~/.ssh/id_ed25519
Damien Millere247cc42000-05-07 12:03:14 +1000175or
Damien Miller167ea5d2005-05-26 12:04:02 +1000176.Pa ~/.ssh/id_rsa .
Damien Millere247cc42000-05-07 12:03:14 +1000177Additionally, the system administrator may use this to generate host keys,
178as seen in
179.Pa /etc/rc .
Damien Miller32aa1441999-10-29 09:15:49 +1000180.Pp
181Normally this program generates the key and asks for a file in which
Damien Miller450a7a12000-03-26 13:04:51 +1000182to store the private key.
183The public key is stored in a file with the same name but
Damien Miller32aa1441999-10-29 09:15:49 +1000184.Dq .pub
Damien Miller450a7a12000-03-26 13:04:51 +1000185appended.
186The program also asks for a passphrase.
187The passphrase may be empty to indicate no passphrase
Ben Lindstrombf555ba2001-01-18 02:04:35 +0000188(host keys must have an empty passphrase), or it may be a string of
Damien Miller450a7a12000-03-26 13:04:51 +1000189arbitrary length.
Ben Lindstrom4e366d52001-12-06 16:43:21 +0000190A passphrase is similar to a password, except it can be a phrase with a
191series of words, punctuation, numbers, whitespace, or any string of
192characters you want.
193Good passphrases are 10-30 characters long, are
Damien Miller32aa1441999-10-29 09:15:49 +1000194not simple sentences or otherwise easily guessable (English
Ben Lindstrom2a097a42001-06-09 01:13:40 +0000195prose has only 1-2 bits of entropy per character, and provides very bad
Ben Lindstrom4e366d52001-12-06 16:43:21 +0000196passphrases), and contain a mix of upper and lowercase letters,
197numbers, and non-alphanumeric characters.
Damien Miller450a7a12000-03-26 13:04:51 +1000198The passphrase can be changed later by using the
Damien Miller32aa1441999-10-29 09:15:49 +1000199.Fl p
200option.
201.Pp
Damien Miller450a7a12000-03-26 13:04:51 +1000202There is no way to recover a lost passphrase.
Damien Miller085c90f2011-05-05 14:15:33 +1000203If the passphrase is lost or forgotten, a new key must be generated
204and the corresponding public key copied to other machines.
Damien Miller32aa1441999-10-29 09:15:49 +1000205.Pp
Ben Lindstrom5a707822001-04-22 17:15:46 +0000206For RSA1 keys,
207there is also a comment field in the key file that is only for
Damien Miller450a7a12000-03-26 13:04:51 +1000208convenience to the user to help identify the key.
209The comment can tell what the key is for, or whatever is useful.
210The comment is initialized to
Damien Miller32aa1441999-10-29 09:15:49 +1000211.Dq user@host
212when the key is created, but can be changed using the
213.Fl c
214option.
215.Pp
Damien Millere247cc42000-05-07 12:03:14 +1000216After a key is generated, instructions below detail where the keys
217should be placed to be activated.
218.Pp
Damien Miller32aa1441999-10-29 09:15:49 +1000219The options are as follows:
220.Bl -tag -width Ds
Damien Miller58f1baf2011-05-05 14:06:15 +1000221.It Fl A
Damien Miller8ba0ead2013-12-18 17:46:27 +1100222For each of the key types (rsa1, rsa, dsa, ecdsa and ed25519)
223for which host keys
Damien Miller58f1baf2011-05-05 14:06:15 +1000224do not exist, generate the host keys with the default key file path,
225an empty passphrase, default bits for the key type, and default comment.
Damien Miller3ca1eb32011-05-05 14:13:50 +1000226This is used by
Damien Miller58f1baf2011-05-05 14:06:15 +1000227.Pa /etc/rc
228to generate new host keys.
Damien Miller4f752cf2013-12-18 17:45:35 +1100229.It Fl a Ar rounds
230When saving a new-format private key (i.e. an ed25519 key or any SSH protocol
2312 key when the
232.Fl o
233flag is set), this option specifies the number of KDF (key derivation function)
234rounds used.
235Higher numbers result in slower passphrase verification and increased
236resistance to brute-force password cracking (should the keys be stolen).
237.Pp
238When screening DH-GEX candidates (
239using the
Darren Tucker019cefe2003-08-02 22:40:07 +1000240.Fl T
Damien Miller4f752cf2013-12-18 17:45:35 +1100241command).
242This option specifies the number of primality tests to perform.
Damien Miller265d3092005-03-02 12:05:06 +1100243.It Fl B
244Show the bubblebabble digest of specified private or public key file.
Damien Miller32aa1441999-10-29 09:15:49 +1000245.It Fl b Ar bits
Damien Miller450a7a12000-03-26 13:04:51 +1000246Specifies the number of bits in the key to create.
djm@openbsd.org933935c2015-07-03 03:49:45 +0000247For RSA keys, the minimum size is 1024 bits and the default is 2048 bits.
Damien Millerac7ef6a2005-06-16 13:19:06 +1000248Generally, 2048 bits is considered sufficient.
Darren Tucker9f647332005-11-28 16:41:46 +1100249DSA keys must be exactly 1024 bits as specified by FIPS 186-2.
Damien Millerad210322011-05-05 14:15:54 +1000250For ECDSA keys, the
251.Fl b
Damien Miller6232a162011-09-22 21:36:00 +1000252flag determines the key length by selecting from one of three elliptic
Damien Millerad210322011-05-05 14:15:54 +1000253curve sizes: 256, 384 or 521 bits.
254Attempting to use bit lengths other than these three values for ECDSA keys
255will fail.
sobrado@openbsd.orgf70b22b2014-08-30 15:33:50 +0000256Ed25519 keys have a fixed length and the
Damien Miller8ba0ead2013-12-18 17:46:27 +1100257.Fl b
258flag will be ignored.
Damien Miller265d3092005-03-02 12:05:06 +1100259.It Fl C Ar comment
260Provides a new comment.
Damien Miller32aa1441999-10-29 09:15:49 +1000261.It Fl c
262Requests changing the comment in the private and public key files.
Damien Millereb5fec62001-11-12 10:52:44 +1100263This operation is only supported for RSA1 keys.
Damien Miller32aa1441999-10-29 09:15:49 +1000264The program will prompt for the file containing the private keys, for
Ben Lindstromaafff9c2001-05-06 03:01:02 +0000265the passphrase if the key has one, and for the new comment.
Damien Miller7ea845e2010-02-12 09:21:02 +1100266.It Fl D Ar pkcs11
Damien Millera7618442010-02-12 09:26:02 +1100267Download the RSA public keys provided by the PKCS#11 shared library
268.Ar pkcs11 .
Damien Miller757f34e2010-08-05 13:05:31 +1000269When used in combination with
270.Fl s ,
271this option indicates that a CA key resides in a PKCS#11 token (see the
272.Sx CERTIFICATES
273section for details).
djm@openbsd.org56d1c832014-12-21 22:27:55 +0000274.It Fl E Ar fingerprint_hash
275Specifies the hash algorithm used when displaying key fingerprints.
276Valid options are:
277.Dq md5
278and
279.Dq sha256 .
280The default is
281.Dq sha256 .
Ben Lindstrom5a707822001-04-22 17:15:46 +0000282.It Fl e
Ben Lindstrom46c264f2001-04-24 16:56:58 +0000283This option will read a private or public OpenSSH key file and
Damien Miller44b25042010-07-02 13:35:01 +1000284print to stdout the key in one of the formats specified by the
285.Fl m
286option.
287The default export format is
288.Dq RFC4716 .
Damien Millerea727282010-07-02 13:35:34 +1000289This option allows exporting OpenSSH keys for use by other programs, including
Damien Miller44b25042010-07-02 13:35:01 +1000290several commercial SSH implementations.
Damien Miller265d3092005-03-02 12:05:06 +1100291.It Fl F Ar hostname
292Search for the specified
293.Ar hostname
294in a
295.Pa known_hosts
296file, listing any occurrences found.
297This option is useful to find hashed host names or addresses and may also be
298used in conjunction with the
299.Fl H
300option to print found keys in a hashed format.
301.It Fl f Ar filename
302Specifies the filename of the key file.
303.It Fl G Ar output_file
304Generate candidate primes for DH-GEX.
305These primes must be screened for
306safety (using the
307.Fl T
308option) before use.
Damien Miller37876e92003-05-15 10:19:46 +1000309.It Fl g
Darren Tucker0b42e6d2004-08-13 21:22:40 +1000310Use generic DNS format when printing fingerprint resource records using the
Darren Tucker6e370372004-08-13 21:23:25 +1000311.Fl r
Darren Tucker0b42e6d2004-08-13 21:22:40 +1000312command.
Damien Miller265d3092005-03-02 12:05:06 +1100313.It Fl H
314Hash a
315.Pa known_hosts
Darren Tuckerda1adbc2005-03-14 23:15:58 +1100316file.
317This replaces all hostnames and addresses with hashed representations
318within the specified file; the original content is moved to a file with
319a .old suffix.
Damien Miller265d3092005-03-02 12:05:06 +1100320These hashes may be used normally by
321.Nm ssh
322and
323.Nm sshd ,
324but they do not reveal identifying information should the file's contents
325be disclosed.
326This option will not modify existing hashed hostnames and is therefore safe
327to use on files that mix hashed and non-hashed names.
Damien Miller0a80ca12010-02-27 07:55:05 +1100328.It Fl h
329When signing a key, create a host certificate instead of a user
330certificate.
331Please see the
332.Sx CERTIFICATES
333section for details.
Damien Miller15f5b562010-03-03 10:25:21 +1100334.It Fl I Ar certificate_identity
Damien Miller0a80ca12010-02-27 07:55:05 +1100335Specify the key identity when signing a public key.
336Please see the
337.Sx CERTIFICATES
338section for details.
Ben Lindstrom5a707822001-04-22 17:15:46 +0000339.It Fl i
340This option will read an unencrypted private (or public) key file
Damien Miller44b25042010-07-02 13:35:01 +1000341in the format specified by the
342.Fl m
343option and print an OpenSSH compatible private
Ben Lindstrom5a707822001-04-22 17:15:46 +0000344(or public) key to stdout.
Damien Miller43b156c2014-04-20 13:23:03 +1000345This option allows importing keys from other software, including several
346commercial SSH implementations.
347The default import format is
348.Dq RFC4716 .
Damien Millerdfceafe2012-07-06 13:44:19 +1000349.It Fl J Ar num_lines
350Exit after screening the specified number of lines
351while performing DH candidate screening using the
352.Fl T
353option.
354.It Fl j Ar start_line
355Start screening at the specified line number
356while performing DH candidate screening using the
357.Fl T
358option.
Damien Miller390d0562011-10-18 16:05:19 +1100359.It Fl K Ar checkpt
360Write the last line processed to the file
361.Ar checkpt
362while performing DH candidate screening using the
363.Fl T
364option.
365This will be used to skip lines in the input file that have already been
366processed if the job is restarted.
Damien Millerf3747bf2013-01-18 11:44:04 +1100367.It Fl k
368Generate a KRL file.
369In this mode,
370.Nm
371will generate a KRL file at the location specified via the
372.Fl f
Damien Miller881a7a22013-01-20 22:34:46 +1100373flag that revokes every key or certificate presented on the command line.
Damien Millerf3747bf2013-01-18 11:44:04 +1100374Keys/certificates to be revoked may be specified by public key file or
375using the format described in the
376.Sx KEY REVOCATION LISTS
377section.
Damien Millerf2b70ca2010-03-05 07:39:35 +1100378.It Fl L
379Prints the contents of a certificate.
Damien Miller10f6f6b1999-11-17 17:29:08 +1100380.It Fl l
Darren Tucker35c45532008-06-13 04:43:15 +1000381Show fingerprint of specified public key file.
Damien Millereb5fec62001-11-12 10:52:44 +1100382Private RSA1 keys are also supported.
383For RSA and DSA keys
384.Nm
Darren Tuckerf09e8252008-06-13 05:18:03 +1000385tries to find the matching public key file and prints its fingerprint.
386If combined with
387.Fl v ,
388an ASCII art representation of the key is supplied with the fingerprint.
Damien Millerea727282010-07-02 13:35:34 +1000389.It Fl M Ar memory
390Specify the amount of memory to use (in megabytes) when generating
391candidate moduli for DH-GEX.
Damien Miller44b25042010-07-02 13:35:01 +1000392.It Fl m Ar key_format
393Specify a key format for the
394.Fl i
395(import) or
396.Fl e
Damien Millerea727282010-07-02 13:35:34 +1000397(export) conversion options.
Damien Miller44b25042010-07-02 13:35:01 +1000398The supported key formats are:
399.Dq RFC4716
Damien Millerea727282010-07-02 13:35:34 +1000400(RFC 4716/SSH2 public or private key),
Damien Miller44b25042010-07-02 13:35:01 +1000401.Dq PKCS8
402(PEM PKCS8 public key)
403or
404.Dq PEM
405(PEM public key).
406The default conversion format is
407.Dq RFC4716 .
Damien Miller265d3092005-03-02 12:05:06 +1100408.It Fl N Ar new_passphrase
409Provides the new passphrase.
Damien Miller0a80ca12010-02-27 07:55:05 +1100410.It Fl n Ar principals
411Specify one or more principals (user or host names) to be included in
412a certificate when signing a key.
413Multiple principals may be specified, separated by commas.
414Please see the
415.Sx CERTIFICATES
416section for details.
Damien Miller4e270b02010-04-16 15:56:21 +1000417.It Fl O Ar option
418Specify a certificate option when signing a key.
Damien Miller0a80ca12010-02-27 07:55:05 +1100419This option may be specified multiple times.
420Please see the
421.Sx CERTIFICATES
422section for details.
Damien Miller4e270b02010-04-16 15:56:21 +1000423The options that are valid for user certificates are:
Damien Miller0a80ca12010-02-27 07:55:05 +1100424.Bl -tag -width Ds
Damien Millerc59e2442010-03-22 05:50:31 +1100425.It Ic clear
426Clear all enabled permissions.
427This is useful for clearing the default set of permissions so permissions may
428be added individually.
429.It Ic force-command Ns = Ns Ar command
430Forces the execution of
431.Ar command
432instead of any shell or command specified by the user when
433the certificate is used for authentication.
Damien Miller0a80ca12010-02-27 07:55:05 +1100434.It Ic no-agent-forwarding
435Disable
436.Xr ssh-agent 1
Damien Miller15f5b562010-03-03 10:25:21 +1100437forwarding (permitted by default).
Damien Miller0a80ca12010-02-27 07:55:05 +1100438.It Ic no-port-forwarding
Damien Miller15f5b562010-03-03 10:25:21 +1100439Disable port forwarding (permitted by default).
Damien Miller0a80ca12010-02-27 07:55:05 +1100440.It Ic no-pty
Damien Miller15f5b562010-03-03 10:25:21 +1100441Disable PTY allocation (permitted by default).
Damien Miller0a80ca12010-02-27 07:55:05 +1100442.It Ic no-user-rc
443Disable execution of
444.Pa ~/.ssh/rc
445by
Damien Miller15f5b562010-03-03 10:25:21 +1100446.Xr sshd 8
447(permitted by default).
Damien Millerc59e2442010-03-22 05:50:31 +1100448.It Ic no-x11-forwarding
449Disable X11 forwarding (permitted by default).
Damien Miller081c9762010-03-08 11:30:00 +1100450.It Ic permit-agent-forwarding
451Allows
452.Xr ssh-agent 1
453forwarding.
Damien Miller0a80ca12010-02-27 07:55:05 +1100454.It Ic permit-port-forwarding
455Allows port forwarding.
456.It Ic permit-pty
457Allows PTY allocation.
458.It Ic permit-user-rc
459Allows execution of
460.Pa ~/.ssh/rc
461by
462.Xr sshd 8 .
Damien Millerc59e2442010-03-22 05:50:31 +1100463.It Ic permit-x11-forwarding
464Allows X11 forwarding.
465.It Ic source-address Ns = Ns Ar address_list
Damien Miller77497e12010-03-22 05:50:51 +1100466Restrict the source addresses from which the certificate is considered valid.
Damien Miller0a80ca12010-02-27 07:55:05 +1100467The
468.Ar address_list
469is a comma-separated list of one or more address/netmask pairs in CIDR
470format.
471.El
472.Pp
Damien Miller4e270b02010-04-16 15:56:21 +1000473At present, no options are valid for host keys.
Damien Miller4f752cf2013-12-18 17:45:35 +1100474.It Fl o
475Causes
476.Nm
477to save SSH protocol 2 private keys using the new OpenSSH format rather than
478the more compatible PEM format.
479The new format has increased resistance to brute-force password cracking
480but is not supported by versions of OpenSSH prior to 6.5.
481Ed25519 keys always use the new private key format.
Damien Miller265d3092005-03-02 12:05:06 +1100482.It Fl P Ar passphrase
483Provides the (old) passphrase.
Damien Miller32aa1441999-10-29 09:15:49 +1000484.It Fl p
485Requests changing the passphrase of a private key file instead of
Damien Miller450a7a12000-03-26 13:04:51 +1000486creating a new private key.
487The program will prompt for the file
Damien Miller32aa1441999-10-29 09:15:49 +1000488containing the private key, for the old passphrase, and twice for the
489new passphrase.
Damien Miller072fdcd2013-01-20 22:34:04 +1100490.It Fl Q
491Test whether keys have been revoked in a KRL.
Damien Miller32aa1441999-10-29 09:15:49 +1000492.It Fl q
493Silence
494.Nm ssh-keygen .
Damien Miller4b42d7f2005-03-01 21:48:35 +1100495.It Fl R Ar hostname
496Removes all keys belonging to
497.Ar hostname
Damien Miller4c9c6fd2005-03-02 12:03:43 +1100498from a
Damien Miller4b42d7f2005-03-01 21:48:35 +1100499.Pa known_hosts
500file.
Damien Miller4c9c6fd2005-03-02 12:03:43 +1100501This option is useful to delete hashed hosts (see the
Damien Miller4b42d7f2005-03-01 21:48:35 +1100502.Fl H
503option above).
Damien Miller265d3092005-03-02 12:05:06 +1100504.It Fl r Ar hostname
505Print the SSHFP fingerprint resource record named
506.Ar hostname
507for the specified public key file.
Darren Tucker019cefe2003-08-02 22:40:07 +1000508.It Fl S Ar start
509Specify start point (in hex) when generating candidate moduli for DH-GEX.
Damien Miller0a80ca12010-02-27 07:55:05 +1100510.It Fl s Ar ca_key
511Certify (sign) a public key using the specified CA key.
512Please see the
513.Sx CERTIFICATES
514section for details.
Damien Millerf3747bf2013-01-18 11:44:04 +1100515.Pp
516When generating a KRL,
517.Fl s
Damien Millerac5542b2013-01-20 22:33:02 +1100518specifies a path to a CA public key file used to revoke certificates directly
Damien Millerf3747bf2013-01-18 11:44:04 +1100519by key ID or serial number.
520See the
521.Sx KEY REVOCATION LISTS
522section for details.
Darren Tucker019cefe2003-08-02 22:40:07 +1000523.It Fl T Ar output_file
524Test DH group exchange candidate primes (generated using the
525.Fl G
526option) for safety.
Damien Millerf0858de2014-04-20 13:01:30 +1000527.It Fl t Cm dsa | ecdsa | ed25519 | rsa | rsa1
Damien Miller265d3092005-03-02 12:05:06 +1100528Specifies the type of key to create.
529The possible values are
530.Dq rsa1
531for protocol version 1 and
Damien Miller6186bbc2010-09-24 22:00:54 +1000532.Dq dsa ,
Damien Miller8ba0ead2013-12-18 17:46:27 +1100533.Dq ecdsa ,
534.Dq ed25519 ,
Damien Miller265d3092005-03-02 12:05:06 +1100535or
Damien Miller6186bbc2010-09-24 22:00:54 +1000536.Dq rsa
Damien Miller265d3092005-03-02 12:05:06 +1100537for protocol version 2.
Damien Millerac5542b2013-01-20 22:33:02 +1100538.It Fl u
539Update a KRL.
540When specified with
541.Fl k ,
Damien Miller881a7a22013-01-20 22:34:46 +1100542keys listed via the command line are added to the existing KRL rather than
Damien Millerac5542b2013-01-20 22:33:02 +1100543a new KRL being created.
Damien Miller0a80ca12010-02-27 07:55:05 +1100544.It Fl V Ar validity_interval
545Specify a validity interval when signing a certificate.
546A validity interval may consist of a single time, indicating that the
547certificate is valid beginning now and expiring at that time, or may consist
548of two times separated by a colon to indicate an explicit time interval.
549The start time may be specified as a date in YYYYMMDD format, a time
550in YYYYMMDDHHMMSS format or a relative time (to the current time) consisting
551of a minus sign followed by a relative time in the format described in the
Damien Millerfecfd112013-07-18 16:11:50 +1000552TIME FORMATS section of
Damien Miller77497e12010-03-22 05:50:51 +1100553.Xr sshd_config 5 .
Damien Miller0a80ca12010-02-27 07:55:05 +1100554The end time may be specified as a YYYYMMDD date, a YYYYMMDDHHMMSS time or
555a relative time starting with a plus character.
556.Pp
557For example:
558.Dq +52w1d
559(valid from now to 52 weeks and one day from now),
560.Dq -4w:+4w
561(valid from four weeks ago to four weeks from now),
562.Dq 20100101123000:20110101123000
563(valid from 12:30 PM, January 1st, 2010 to 12:30 PM, January 1st, 2011),
564.Dq -1d:20110101
565(valid from yesterday to midnight, January 1st, 2011).
Darren Tucker06930c72003-12-31 11:34:51 +1100566.It Fl v
567Verbose mode.
568Causes
569.Nm
570to print debugging messages about its progress.
571This is helpful for debugging moduli generation.
572Multiple
573.Fl v
574options increase the verbosity.
575The maximum is 3.
Damien Miller265d3092005-03-02 12:05:06 +1100576.It Fl W Ar generator
577Specify desired generator when testing candidate moduli for DH-GEX.
578.It Fl y
579This option will read a private
580OpenSSH format file and print an OpenSSH public key to stdout.
Damien Miller4e270b02010-04-16 15:56:21 +1000581.It Fl z Ar serial_number
582Specifies a serial number to be embedded in the certificate to distinguish
583this certificate from others from the same CA.
584The default serial number is zero.
Damien Millerf3747bf2013-01-18 11:44:04 +1100585.Pp
586When generating a KRL, the
587.Fl z
588flag is used to specify a KRL version number.
Damien Miller32aa1441999-10-29 09:15:49 +1000589.El
Darren Tucker019cefe2003-08-02 22:40:07 +1000590.Sh MODULI GENERATION
591.Nm
592may be used to generate groups for the Diffie-Hellman Group Exchange
593(DH-GEX) protocol.
594Generating these groups is a two-step process: first, candidate
595primes are generated using a fast, but memory intensive process.
596These candidate primes are then tested for suitability (a CPU-intensive
597process).
598.Pp
599Generation of primes is performed using the
600.Fl G
601option.
602The desired length of the primes may be specified by the
603.Fl b
604option.
605For example:
606.Pp
Damien Miller265d3092005-03-02 12:05:06 +1100607.Dl # ssh-keygen -G moduli-2048.candidates -b 2048
Darren Tucker019cefe2003-08-02 22:40:07 +1000608.Pp
609By default, the search for primes begins at a random point in the
610desired length range.
611This may be overridden using the
612.Fl S
613option, which specifies a different start point (in hex).
614.Pp
Damien Millerdfceafe2012-07-06 13:44:19 +1000615Once a set of candidates have been generated, they must be screened for
Darren Tucker019cefe2003-08-02 22:40:07 +1000616suitability.
617This may be performed using the
618.Fl T
619option.
620In this mode
621.Nm
622will read candidates from standard input (or a file specified using the
623.Fl f
624option).
625For example:
626.Pp
Damien Miller265d3092005-03-02 12:05:06 +1100627.Dl # ssh-keygen -T moduli-2048 -f moduli-2048.candidates
Darren Tucker019cefe2003-08-02 22:40:07 +1000628.Pp
629By default, each candidate will be subjected to 100 primality tests.
630This may be overridden using the
631.Fl a
632option.
633The DH generator value will be chosen automatically for the
634prime under consideration.
635If a specific generator is desired, it may be requested using the
636.Fl W
637option.
Damien Miller265d3092005-03-02 12:05:06 +1100638Valid generator values are 2, 3, and 5.
Darren Tucker019cefe2003-08-02 22:40:07 +1000639.Pp
640Screened DH groups may be installed in
641.Pa /etc/moduli .
642It is important that this file contains moduli of a range of bit lengths and
643that both ends of a connection share common moduli.
Damien Miller0a80ca12010-02-27 07:55:05 +1100644.Sh CERTIFICATES
645.Nm
646supports signing of keys to produce certificates that may be used for
647user or host authentication.
648Certificates consist of a public key, some identity information, zero or
Damien Miller1f181422010-04-18 08:08:03 +1000649more principal (user or host) names and a set of options that
Damien Miller0a80ca12010-02-27 07:55:05 +1100650are signed by a Certification Authority (CA) key.
651Clients or servers may then trust only the CA key and verify its signature
652on a certificate rather than trusting many user/host keys.
653Note that OpenSSH certificates are a different, and much simpler, format to
654the X.509 certificates used in
655.Xr ssl 8 .
656.Pp
657.Nm
658supports two types of certificates: user and host.
659User certificates authenticate users to servers, whereas host certificates
Damien Miller15f5b562010-03-03 10:25:21 +1100660authenticate server hosts to users.
661To generate a user certificate:
Damien Miller0a80ca12010-02-27 07:55:05 +1100662.Pp
663.Dl $ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub
664.Pp
665The resultant certificate will be placed in
Damien Miller1b61a282010-03-22 05:55:06 +1100666.Pa /path/to/user_key-cert.pub .
Damien Miller0a80ca12010-02-27 07:55:05 +1100667A host certificate requires the
668.Fl h
669option:
670.Pp
671.Dl $ ssh-keygen -s /path/to/ca_key -I key_id -h /path/to/host_key.pub
672.Pp
673The host certificate will be output to
Damien Miller1b61a282010-03-22 05:55:06 +1100674.Pa /path/to/host_key-cert.pub .
Damien Miller757f34e2010-08-05 13:05:31 +1000675.Pp
676It is possible to sign using a CA key stored in a PKCS#11 token by
677providing the token library using
678.Fl D
679and identifying the CA key by providing its public half as an argument
680to
681.Fl s :
682.Pp
naddy@openbsd.org05291e52015-08-20 19:20:06 +0000683.Dl $ ssh-keygen -s ca_key.pub -D libpkcs11.so -I key_id user_key.pub
Damien Miller757f34e2010-08-05 13:05:31 +1000684.Pp
685In all cases,
Damien Miller0a80ca12010-02-27 07:55:05 +1100686.Ar key_id
687is a "key identifier" that is logged by the server when the certificate
688is used for authentication.
689.Pp
690Certificates may be limited to be valid for a set of principal (user/host)
691names.
692By default, generated certificates are valid for all users or hosts.
693To generate a certificate for a specified set of principals:
694.Pp
695.Dl $ ssh-keygen -s ca_key -I key_id -n user1,user2 user_key.pub
naddy@openbsd.org05291e52015-08-20 19:20:06 +0000696.Dl "$ ssh-keygen -s ca_key -I key_id -h -n host.domain host_key.pub"
Damien Miller0a80ca12010-02-27 07:55:05 +1100697.Pp
698Additional limitations on the validity and use of user certificates may
Damien Miller1f181422010-04-18 08:08:03 +1000699be specified through certificate options.
Damien Miller4e270b02010-04-16 15:56:21 +1000700A certificate option may disable features of the SSH session, may be
Damien Miller0a80ca12010-02-27 07:55:05 +1100701valid only when presented from particular source addresses or may
702force the use of a specific command.
Damien Miller4e270b02010-04-16 15:56:21 +1000703For a list of valid certificate options, see the documentation for the
Damien Miller0a80ca12010-02-27 07:55:05 +1100704.Fl O
705option above.
706.Pp
707Finally, certificates may be defined with a validity lifetime.
708The
709.Fl V
710option allows specification of certificate start and end times.
711A certificate that is presented at a time outside this range will not be
712considered valid.
Darren Tucker3ee50c52012-09-06 21:18:11 +1000713By default, certificates are valid from
714.Ux
715Epoch to the distant future.
Damien Miller0a80ca12010-02-27 07:55:05 +1100716.Pp
717For certificates to be used for user or host authentication, the CA
718public key must be trusted by
719.Xr sshd 8
720or
721.Xr ssh 1 .
722Please refer to those manual pages for details.
Damien Millerf3747bf2013-01-18 11:44:04 +1100723.Sh KEY REVOCATION LISTS
724.Nm
725is able to manage OpenSSH format Key Revocation Lists (KRLs).
726These binary files specify keys or certificates to be revoked using a
Damien Miller13797712013-12-29 17:47:14 +1100727compact format, taking as little as one bit per certificate if they are being
Damien Millerf3747bf2013-01-18 11:44:04 +1100728revoked by serial number.
729.Pp
730KRLs may be generated using the
731.Fl k
732flag.
Damien Miller881a7a22013-01-20 22:34:46 +1100733This option reads one or more files from the command line and generates a new
Damien Millerf3747bf2013-01-18 11:44:04 +1100734KRL.
735The files may either contain a KRL specification (see below) or public keys,
736listed one per line.
737Plain public keys are revoked by listing their hash or contents in the KRL and
738certificates revoked by serial number or key ID (if the serial is zero or
739not available).
740.Pp
741Revoking keys using a KRL specification offers explicit control over the
742types of record used to revoke keys and may be used to directly revoke
743certificates by serial number or key ID without having the complete original
744certificate on hand.
745A KRL specification consists of lines containing one of the following directives
746followed by a colon and some directive-specific information.
747.Bl -tag -width Ds
Damien Millera0a7ee82013-01-20 22:35:06 +1100748.It Cm serial : Ar serial_number Ns Op - Ns Ar serial_number
Damien Millerf3747bf2013-01-18 11:44:04 +1100749Revokes a certificate with the specified serial number.
Damien Millerac5542b2013-01-20 22:33:02 +1100750Serial numbers are 64-bit values, not including zero and may be expressed
Damien Millerf3747bf2013-01-18 11:44:04 +1100751in decimal, hex or octal.
752If two serial numbers are specified separated by a hyphen, then the range
753of serial numbers including and between each is revoked.
754The CA key must have been specified on the
755.Nm
Damien Miller881a7a22013-01-20 22:34:46 +1100756command line using the
Damien Millerf3747bf2013-01-18 11:44:04 +1100757.Fl s
758option.
759.It Cm id : Ar key_id
760Revokes a certificate with the specified key ID string.
761The CA key must have been specified on the
762.Nm
Damien Miller881a7a22013-01-20 22:34:46 +1100763command line using the
Damien Millerf3747bf2013-01-18 11:44:04 +1100764.Fl s
765option.
766.It Cm key : Ar public_key
767Revokes the specified key.
Damien Millerac5542b2013-01-20 22:33:02 +1100768If a certificate is listed, then it is revoked as a plain public key.
Damien Millerf3747bf2013-01-18 11:44:04 +1100769.It Cm sha1 : Ar public_key
770Revokes the specified key by its SHA1 hash.
771.El
772.Pp
773KRLs may be updated using the
774.Fl u
775flag in addition to
776.Fl k .
Damien Miller881a7a22013-01-20 22:34:46 +1100777When this option is specified, keys listed via the command line are merged into
Damien Millerf3747bf2013-01-18 11:44:04 +1100778the KRL, adding to those already there.
779.Pp
780It is also possible, given a KRL, to test whether it revokes a particular key
781(or keys).
782The
783.Fl Q
784flag will query an existing KRL, testing each key specified on the commandline.
Damien Miller881a7a22013-01-20 22:34:46 +1100785If any key listed on the command line has been revoked (or an error encountered)
Damien Millerf3747bf2013-01-18 11:44:04 +1100786then
787.Nm
788will exit with a non-zero exit status.
789A zero exit status will only be returned if no key was revoked.
Damien Miller32aa1441999-10-29 09:15:49 +1000790.Sh FILES
Damien Miller6186bbc2010-09-24 22:00:54 +1000791.Bl -tag -width Ds -compact
Damien Miller167ea5d2005-05-26 12:04:02 +1000792.It Pa ~/.ssh/identity
Ben Lindstrom18a82ac2001-04-11 15:59:35 +0000793Contains the protocol version 1 RSA authentication identity of the user.
Damien Miller450a7a12000-03-26 13:04:51 +1000794This file should not be readable by anyone but the user.
795It is possible to
Damien Miller32aa1441999-10-29 09:15:49 +1000796specify a passphrase when generating the key; that passphrase will be
Damien Miller6186bbc2010-09-24 22:00:54 +1000797used to encrypt the private part of this file using 3DES.
Damien Miller450a7a12000-03-26 13:04:51 +1000798This file is not automatically accessed by
Damien Miller32aa1441999-10-29 09:15:49 +1000799.Nm
800but it is offered as the default file for the private key.
Ben Lindstrombda98b02001-07-04 03:35:24 +0000801.Xr ssh 1
Damien Millere247cc42000-05-07 12:03:14 +1000802will read this file when a login attempt is made.
Damien Miller6186bbc2010-09-24 22:00:54 +1000803.Pp
Damien Miller167ea5d2005-05-26 12:04:02 +1000804.It Pa ~/.ssh/identity.pub
Ben Lindstrom18a82ac2001-04-11 15:59:35 +0000805Contains the protocol version 1 RSA public key for authentication.
Damien Miller450a7a12000-03-26 13:04:51 +1000806The contents of this file should be added to
Damien Miller167ea5d2005-05-26 12:04:02 +1000807.Pa ~/.ssh/authorized_keys
Damien Miller32aa1441999-10-29 09:15:49 +1000808on all machines
Ben Lindstrom594e2032001-09-12 18:35:30 +0000809where the user wishes to log in using RSA authentication.
Damien Miller450a7a12000-03-26 13:04:51 +1000810There is no need to keep the contents of this file secret.
Damien Miller6186bbc2010-09-24 22:00:54 +1000811.Pp
Damien Miller167ea5d2005-05-26 12:04:02 +1000812.It Pa ~/.ssh/id_dsa
Damien Miller6186bbc2010-09-24 22:00:54 +1000813.It Pa ~/.ssh/id_ecdsa
Damien Miller8ba0ead2013-12-18 17:46:27 +1100814.It Pa ~/.ssh/id_ed25519
Damien Miller167ea5d2005-05-26 12:04:02 +1000815.It Pa ~/.ssh/id_rsa
sobrado@openbsd.orgf70b22b2014-08-30 15:33:50 +0000816Contains the protocol version 2 DSA, ECDSA, Ed25519 or RSA
Damien Miller8ba0ead2013-12-18 17:46:27 +1100817authentication identity of the user.
Ben Lindstrom18a82ac2001-04-11 15:59:35 +0000818This file should not be readable by anyone but the user.
819It is possible to
820specify a passphrase when generating the key; that passphrase will be
Darren Tucker199ee6f2009-10-24 11:50:17 +1100821used to encrypt the private part of this file using 128-bit AES.
Ben Lindstrom18a82ac2001-04-11 15:59:35 +0000822This file is not automatically accessed by
823.Nm
824but it is offered as the default file for the private key.
Ben Lindstrombda98b02001-07-04 03:35:24 +0000825.Xr ssh 1
Ben Lindstrom18a82ac2001-04-11 15:59:35 +0000826will read this file when a login attempt is made.
Damien Miller6186bbc2010-09-24 22:00:54 +1000827.Pp
828.It Pa ~/.ssh/id_dsa.pub
829.It Pa ~/.ssh/id_ecdsa.pub
Damien Miller8ba0ead2013-12-18 17:46:27 +1100830.It Pa ~/.ssh/id_ed25519.pub
Damien Miller167ea5d2005-05-26 12:04:02 +1000831.It Pa ~/.ssh/id_rsa.pub
sobrado@openbsd.orgf70b22b2014-08-30 15:33:50 +0000832Contains the protocol version 2 DSA, ECDSA, Ed25519 or RSA
Damien Miller8ba0ead2013-12-18 17:46:27 +1100833public key for authentication.
Damien Millere247cc42000-05-07 12:03:14 +1000834The contents of this file should be added to
Damien Miller167ea5d2005-05-26 12:04:02 +1000835.Pa ~/.ssh/authorized_keys
Damien Millere247cc42000-05-07 12:03:14 +1000836on all machines
Ben Lindstrom594e2032001-09-12 18:35:30 +0000837where the user wishes to log in using public key authentication.
Damien Millere247cc42000-05-07 12:03:14 +1000838There is no need to keep the contents of this file secret.
Damien Miller6186bbc2010-09-24 22:00:54 +1000839.Pp
Darren Tucker019cefe2003-08-02 22:40:07 +1000840.It Pa /etc/moduli
841Contains Diffie-Hellman groups used for DH-GEX.
842The file format is described in
843.Xr moduli 5 .
Damien Miller37023962000-07-11 17:31:38 +1000844.El
Damien Miller32aa1441999-10-29 09:15:49 +1000845.Sh SEE ALSO
846.Xr ssh 1 ,
847.Xr ssh-add 1 ,
Damien Miller2e8b1c81999-11-15 23:33:56 +1100848.Xr ssh-agent 1 ,
Darren Tucker019cefe2003-08-02 22:40:07 +1000849.Xr moduli 5 ,
Ben Lindstrom77788dc2001-02-10 23:10:33 +0000850.Xr sshd 8
Ben Lindstrom5a707822001-04-22 17:15:46 +0000851.Rs
Damien Millerc0367fb2007-01-05 16:25:46 +1100852.%R RFC 4716
853.%T "The Secure Shell (SSH) Public Key File Format"
854.%D 2006
Ben Lindstrom5a707822001-04-22 17:15:46 +0000855.Re
Damien Millerf1ce5052003-06-11 22:04:39 +1000856.Sh AUTHORS
857OpenSSH is a derivative of the original and free
858ssh 1.2.12 release by Tatu Ylonen.
859Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
860Theo de Raadt and Dug Song
861removed many bugs, re-added newer features and
862created OpenSSH.
863Markus Friedl contributed the support for SSH
864protocol versions 1.5 and 2.0.