blob: 56815e272e769da98251967ab05e2bf634d3bef4 [file] [log] [blame]
djm@openbsd.orgc45616a2019-01-22 11:00:15 +00001.\" $OpenBSD: ssh-keygen.1,v 1.153 2019/01/22 11:00:15 djm Exp $
Damien Miller32aa1441999-10-29 09:15:49 +10002.\"
Damien Miller32aa1441999-10-29 09:15:49 +10003.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
Damien Miller32aa1441999-10-29 09:15:49 +10004.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
5.\" All rights reserved
6.\"
Damien Millere4340be2000-09-16 13:29:08 +11007.\" As far as I am concerned, the code I have written for this software
8.\" can be used freely for any purpose. Any derived versions of this
9.\" software must be clearly marked as such, and if the derived work is
10.\" incompatible with the protocol description in the RFC file, it must be
11.\" called by a name other than "ssh" or "Secure Shell".
Damien Miller32aa1441999-10-29 09:15:49 +100012.\"
Damien Millere4340be2000-09-16 13:29:08 +110013.\"
Ben Lindstrom92a2e382001-03-05 06:59:27 +000014.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
15.\" Copyright (c) 1999 Aaron Campbell. All rights reserved.
16.\" Copyright (c) 1999 Theo de Raadt. All rights reserved.
Damien Millere4340be2000-09-16 13:29:08 +110017.\"
18.\" Redistribution and use in source and binary forms, with or without
19.\" modification, are permitted provided that the following conditions
20.\" are met:
21.\" 1. Redistributions of source code must retain the above copyright
22.\" notice, this list of conditions and the following disclaimer.
23.\" 2. Redistributions in binary form must reproduce the above copyright
24.\" notice, this list of conditions and the following disclaimer in the
25.\" documentation and/or other materials provided with the distribution.
26.\"
27.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
28.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
29.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
30.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
31.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
32.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
33.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
34.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
35.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
36.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Damien Miller32aa1441999-10-29 09:15:49 +100037.\"
djm@openbsd.orgc45616a2019-01-22 11:00:15 +000038.Dd $Mdocdate: January 22 2019 $
Damien Miller32aa1441999-10-29 09:15:49 +100039.Dt SSH-KEYGEN 1
40.Os
41.Sh NAME
42.Nm ssh-keygen
Ben Lindstrom5a707822001-04-22 17:15:46 +000043.Nd authentication key generation, management and conversion
Damien Miller32aa1441999-10-29 09:15:49 +100044.Sh SYNOPSIS
Damien Miller495dca32003-04-01 21:42:14 +100045.Bk -words
Damien Millerbad5e032010-07-16 13:59:59 +100046.Nm ssh-keygen
Damien Miller0bc1bd82000-11-13 22:57:25 +110047.Op Fl q
Damien Miller32aa1441999-10-29 09:15:49 +100048.Op Fl b Ar bits
jmc@openbsd.orgf10c0d32017-05-02 17:04:09 +000049.Op Fl t Cm dsa | ecdsa | ed25519 | rsa
Damien Miller32aa1441999-10-29 09:15:49 +100050.Op Fl N Ar new_passphrase
51.Op Fl C Ar comment
Damien Miller1a425f32000-09-02 10:08:09 +110052.Op Fl f Ar output_keyfile
Damien Miller32aa1441999-10-29 09:15:49 +100053.Nm ssh-keygen
54.Fl p
55.Op Fl P Ar old_passphrase
56.Op Fl N Ar new_passphrase
Damien Miller10f6f6b1999-11-17 17:29:08 +110057.Op Fl f Ar keyfile
Damien Miller32aa1441999-10-29 09:15:49 +100058.Nm ssh-keygen
Ben Lindstrom5a707822001-04-22 17:15:46 +000059.Fl i
Damien Miller44b25042010-07-02 13:35:01 +100060.Op Fl m Ar key_format
Damien Miller1a425f32000-09-02 10:08:09 +110061.Op Fl f Ar input_keyfile
Damien Millere247cc42000-05-07 12:03:14 +100062.Nm ssh-keygen
Ben Lindstrom5a707822001-04-22 17:15:46 +000063.Fl e
Damien Miller44b25042010-07-02 13:35:01 +100064.Op Fl m Ar key_format
Damien Miller1a425f32000-09-02 10:08:09 +110065.Op Fl f Ar input_keyfile
Damien Millere247cc42000-05-07 12:03:14 +100066.Nm ssh-keygen
67.Fl y
Damien Miller1a425f32000-09-02 10:08:09 +110068.Op Fl f Ar input_keyfile
Damien Millere247cc42000-05-07 12:03:14 +100069.Nm ssh-keygen
Damien Miller32aa1441999-10-29 09:15:49 +100070.Fl c
71.Op Fl P Ar passphrase
72.Op Fl C Ar comment
Damien Miller10f6f6b1999-11-17 17:29:08 +110073.Op Fl f Ar keyfile
74.Nm ssh-keygen
75.Fl l
naddy@openbsd.org6288e3a2015-02-24 15:24:05 +000076.Op Fl v
djm@openbsd.org56d1c832014-12-21 22:27:55 +000077.Op Fl E Ar fingerprint_hash
Ben Lindstrom8fd372b2001-03-12 03:02:17 +000078.Op Fl f Ar input_keyfile
79.Nm ssh-keygen
80.Fl B
Damien Miller1a425f32000-09-02 10:08:09 +110081.Op Fl f Ar input_keyfile
Ben Lindstroma1ec4a92001-08-06 21:51:34 +000082.Nm ssh-keygen
Damien Miller048dc932010-02-12 09:22:04 +110083.Fl D Ar pkcs11
Ben Lindstroma1ec4a92001-08-06 21:51:34 +000084.Nm ssh-keygen
Damien Miller4b42d7f2005-03-01 21:48:35 +110085.Fl F Ar hostname
86.Op Fl f Ar known_hosts_file
Damien Miller718ed502008-11-03 19:15:20 +110087.Op Fl l
Damien Miller4b42d7f2005-03-01 21:48:35 +110088.Nm ssh-keygen
89.Fl H
90.Op Fl f Ar known_hosts_file
91.Nm ssh-keygen
92.Fl R Ar hostname
93.Op Fl f Ar known_hosts_file
94.Nm ssh-keygen
Damien Miller37876e92003-05-15 10:19:46 +100095.Fl r Ar hostname
96.Op Fl f Ar input_keyfile
97.Op Fl g
Darren Tucker019cefe2003-08-02 22:40:07 +100098.Nm ssh-keygen
99.Fl G Ar output_file
Darren Tucker06930c72003-12-31 11:34:51 +1100100.Op Fl v
Darren Tucker019cefe2003-08-02 22:40:07 +1000101.Op Fl b Ar bits
102.Op Fl M Ar memory
103.Op Fl S Ar start_point
104.Nm ssh-keygen
105.Fl T Ar output_file
106.Fl f Ar input_file
Darren Tucker06930c72003-12-31 11:34:51 +1100107.Op Fl v
Damien Miller4f752cf2013-12-18 17:45:35 +1100108.Op Fl a Ar rounds
Damien Millerdfceafe2012-07-06 13:44:19 +1000109.Op Fl J Ar num_lines
110.Op Fl j Ar start_line
Damien Miller390d0562011-10-18 16:05:19 +1100111.Op Fl K Ar checkpt
Darren Tucker019cefe2003-08-02 22:40:07 +1000112.Op Fl W Ar generator
Damien Miller0a80ca12010-02-27 07:55:05 +1100113.Nm ssh-keygen
114.Fl s Ar ca_key
115.Fl I Ar certificate_identity
116.Op Fl h
djm@openbsd.orga98339e2017-06-28 01:09:22 +0000117.Op Fl U
118.Op Fl D Ar pkcs11_provider
Damien Miller0a80ca12010-02-27 07:55:05 +1100119.Op Fl n Ar principals
Damien Miller4e270b02010-04-16 15:56:21 +1000120.Op Fl O Ar option
Damien Miller0a80ca12010-02-27 07:55:05 +1100121.Op Fl V Ar validity_interval
Damien Miller4e270b02010-04-16 15:56:21 +1000122.Op Fl z Ar serial_number
Damien Miller0a80ca12010-02-27 07:55:05 +1100123.Ar
Damien Millerf2b70ca2010-03-05 07:39:35 +1100124.Nm ssh-keygen
Damien Millerf2b70ca2010-03-05 07:39:35 +1100125.Fl L
126.Op Fl f Ar input_keyfile
Damien Miller58f1baf2011-05-05 14:06:15 +1000127.Nm ssh-keygen
128.Fl A
djm@openbsd.org853edbe2017-07-07 03:53:12 +0000129.Op Fl f Ar prefix_path
Damien Millerf3747bf2013-01-18 11:44:04 +1100130.Nm ssh-keygen
131.Fl k
132.Fl f Ar krl_file
133.Op Fl u
Damien Millerac5542b2013-01-20 22:33:02 +1100134.Op Fl s Ar ca_public
135.Op Fl z Ar version_number
Damien Millerf3747bf2013-01-18 11:44:04 +1100136.Ar
137.Nm ssh-keygen
138.Fl Q
139.Fl f Ar krl_file
140.Ar
Damien Miller15f5b562010-03-03 10:25:21 +1100141.Ek
Damien Miller22c77262000-04-13 12:26:34 +1000142.Sh DESCRIPTION
Damien Miller32aa1441999-10-29 09:15:49 +1000143.Nm
Ben Lindstrom5a707822001-04-22 17:15:46 +0000144generates, manages and converts authentication keys for
Damien Miller32aa1441999-10-29 09:15:49 +1000145.Xr ssh 1 .
Damien Millere247cc42000-05-07 12:03:14 +1000146.Nm
jmc@openbsd.org2b6f7992017-05-03 06:32:02 +0000147can create keys for use by SSH protocol version 2.
jmc@openbsd.orga685ae82016-02-17 07:38:19 +0000148.Pp
Damien Millerfbf486b2003-05-23 18:44:23 +1000149The type of key to be generated is specified with the
Damien Miller0bc1bd82000-11-13 22:57:25 +1100150.Fl t
Damien Millera41c8b12002-01-22 23:05:08 +1100151option.
Damien Millerf14be5c2005-11-05 15:15:49 +1100152If invoked without any arguments,
153.Nm
naddy@openbsd.org2e9c3242017-05-05 10:41:58 +0000154will generate an RSA key.
Damien Millere247cc42000-05-07 12:03:14 +1000155.Pp
Darren Tucker019cefe2003-08-02 22:40:07 +1000156.Nm
157is also used to generate groups for use in Diffie-Hellman group
158exchange (DH-GEX).
159See the
160.Sx MODULI GENERATION
161section for details.
162.Pp
Damien Millerf3747bf2013-01-18 11:44:04 +1100163Finally,
164.Nm
165can be used to generate and update Key Revocation Lists, and to test whether
Damien Millerac5542b2013-01-20 22:33:02 +1100166given keys have been revoked by one.
167See the
Damien Millerf3747bf2013-01-18 11:44:04 +1100168.Sx KEY REVOCATION LISTS
169section for details.
170.Pp
Damien Miller32aa1441999-10-29 09:15:49 +1000171Normally each user wishing to use SSH
Damien Millereb8b60e2010-08-31 22:41:14 +1000172with public key authentication runs this once to create the authentication
Damien Miller32aa1441999-10-29 09:15:49 +1000173key in
Damien Miller8ba0ead2013-12-18 17:46:27 +1100174.Pa ~/.ssh/id_dsa ,
Damien Millereb8b60e2010-08-31 22:41:14 +1000175.Pa ~/.ssh/id_ecdsa ,
Damien Miller8ba0ead2013-12-18 17:46:27 +1100176.Pa ~/.ssh/id_ed25519
Damien Millere247cc42000-05-07 12:03:14 +1000177or
Damien Miller167ea5d2005-05-26 12:04:02 +1000178.Pa ~/.ssh/id_rsa .
Damien Millere247cc42000-05-07 12:03:14 +1000179Additionally, the system administrator may use this to generate host keys,
180as seen in
181.Pa /etc/rc .
Damien Miller32aa1441999-10-29 09:15:49 +1000182.Pp
183Normally this program generates the key and asks for a file in which
Damien Miller450a7a12000-03-26 13:04:51 +1000184to store the private key.
185The public key is stored in a file with the same name but
Damien Miller32aa1441999-10-29 09:15:49 +1000186.Dq .pub
Damien Miller450a7a12000-03-26 13:04:51 +1000187appended.
188The program also asks for a passphrase.
189The passphrase may be empty to indicate no passphrase
Ben Lindstrombf555ba2001-01-18 02:04:35 +0000190(host keys must have an empty passphrase), or it may be a string of
Damien Miller450a7a12000-03-26 13:04:51 +1000191arbitrary length.
Ben Lindstrom4e366d52001-12-06 16:43:21 +0000192A passphrase is similar to a password, except it can be a phrase with a
193series of words, punctuation, numbers, whitespace, or any string of
194characters you want.
195Good passphrases are 10-30 characters long, are
Damien Miller32aa1441999-10-29 09:15:49 +1000196not simple sentences or otherwise easily guessable (English
Ben Lindstrom2a097a42001-06-09 01:13:40 +0000197prose has only 1-2 bits of entropy per character, and provides very bad
Ben Lindstrom4e366d52001-12-06 16:43:21 +0000198passphrases), and contain a mix of upper and lowercase letters,
199numbers, and non-alphanumeric characters.
Damien Miller450a7a12000-03-26 13:04:51 +1000200The passphrase can be changed later by using the
Damien Miller32aa1441999-10-29 09:15:49 +1000201.Fl p
202option.
203.Pp
Damien Miller450a7a12000-03-26 13:04:51 +1000204There is no way to recover a lost passphrase.
Damien Miller085c90f2011-05-05 14:15:33 +1000205If the passphrase is lost or forgotten, a new key must be generated
206and the corresponding public key copied to other machines.
Damien Miller32aa1441999-10-29 09:15:49 +1000207.Pp
djm@openbsd.orgc45616a2019-01-22 11:00:15 +0000208.Nm
209will by default write keys in an OpenSSH-specific format.
210This format is preferred as it offers better protection for
211keys at rest as well as allowing storage of key comments within
212the private key file itself.
213The key comment may be useful to help identify the key.
Damien Miller450a7a12000-03-26 13:04:51 +1000214The comment is initialized to
Damien Miller32aa1441999-10-29 09:15:49 +1000215.Dq user@host
216when the key is created, but can be changed using the
217.Fl c
218option.
219.Pp
djm@openbsd.orgc45616a2019-01-22 11:00:15 +0000220It is still possible for
221.Nm
222to write the previously-used PEM format private keys using the
223.Fl m
224flag.
225This may be used when generating new keys, and existing new-format
226keys may be converted using this option in conjunction with the
227.Fl p
228(change passphrase) flag.
229.Pp
Damien Millere247cc42000-05-07 12:03:14 +1000230After a key is generated, instructions below detail where the keys
231should be placed to be activated.
232.Pp
Damien Miller32aa1441999-10-29 09:15:49 +1000233The options are as follows:
234.Bl -tag -width Ds
Damien Miller58f1baf2011-05-05 14:06:15 +1000235.It Fl A
jmc@openbsd.orgf10c0d32017-05-02 17:04:09 +0000236For each of the key types (rsa, dsa, ecdsa and ed25519)
Damien Miller8ba0ead2013-12-18 17:46:27 +1100237for which host keys
Damien Miller58f1baf2011-05-05 14:06:15 +1000238do not exist, generate the host keys with the default key file path,
239an empty passphrase, default bits for the key type, and default comment.
jmc@openbsd.orgdc44dd32017-07-08 18:32:54 +0000240If
djm@openbsd.org853edbe2017-07-07 03:53:12 +0000241.Fl f
jmc@openbsd.orgdc44dd32017-07-08 18:32:54 +0000242has also been specified, its argument is used as a prefix to the
djm@openbsd.org853edbe2017-07-07 03:53:12 +0000243default path for the resulting host key files.
Damien Miller3ca1eb32011-05-05 14:13:50 +1000244This is used by
Damien Miller58f1baf2011-05-05 14:06:15 +1000245.Pa /etc/rc
246to generate new host keys.
Damien Miller4f752cf2013-12-18 17:45:35 +1100247.It Fl a Ar rounds
djm@openbsd.orged7bd5d2018-08-08 01:16:01 +0000248When saving a private key this option specifies the number of KDF
249(key derivation function) rounds used.
Damien Miller4f752cf2013-12-18 17:45:35 +1100250Higher numbers result in slower passphrase verification and increased
251resistance to brute-force password cracking (should the keys be stolen).
252.Pp
jmc@openbsd.org2b6f7992017-05-03 06:32:02 +0000253When screening DH-GEX candidates (using the
Darren Tucker019cefe2003-08-02 22:40:07 +1000254.Fl T
Damien Miller4f752cf2013-12-18 17:45:35 +1100255command).
256This option specifies the number of primality tests to perform.
Damien Miller265d3092005-03-02 12:05:06 +1100257.It Fl B
258Show the bubblebabble digest of specified private or public key file.
Damien Miller32aa1441999-10-29 09:15:49 +1000259.It Fl b Ar bits
Damien Miller450a7a12000-03-26 13:04:51 +1000260Specifies the number of bits in the key to create.
djm@openbsd.org933935c2015-07-03 03:49:45 +0000261For RSA keys, the minimum size is 1024 bits and the default is 2048 bits.
Damien Millerac7ef6a2005-06-16 13:19:06 +1000262Generally, 2048 bits is considered sufficient.
Darren Tucker9f647332005-11-28 16:41:46 +1100263DSA keys must be exactly 1024 bits as specified by FIPS 186-2.
Damien Millerad210322011-05-05 14:15:54 +1000264For ECDSA keys, the
265.Fl b
Damien Miller6232a162011-09-22 21:36:00 +1000266flag determines the key length by selecting from one of three elliptic
Damien Millerad210322011-05-05 14:15:54 +1000267curve sizes: 256, 384 or 521 bits.
268Attempting to use bit lengths other than these three values for ECDSA keys
269will fail.
sobrado@openbsd.orgf70b22b2014-08-30 15:33:50 +0000270Ed25519 keys have a fixed length and the
Damien Miller8ba0ead2013-12-18 17:46:27 +1100271.Fl b
272flag will be ignored.
Damien Miller265d3092005-03-02 12:05:06 +1100273.It Fl C Ar comment
274Provides a new comment.
Damien Miller32aa1441999-10-29 09:15:49 +1000275.It Fl c
276Requests changing the comment in the private and public key files.
277The program will prompt for the file containing the private keys, for
Ben Lindstromaafff9c2001-05-06 03:01:02 +0000278the passphrase if the key has one, and for the new comment.
Damien Miller7ea845e2010-02-12 09:21:02 +1100279.It Fl D Ar pkcs11
Damien Millera7618442010-02-12 09:26:02 +1100280Download the RSA public keys provided by the PKCS#11 shared library
281.Ar pkcs11 .
Damien Miller757f34e2010-08-05 13:05:31 +1000282When used in combination with
283.Fl s ,
284this option indicates that a CA key resides in a PKCS#11 token (see the
285.Sx CERTIFICATES
286section for details).
djm@openbsd.org56d1c832014-12-21 22:27:55 +0000287.It Fl E Ar fingerprint_hash
288Specifies the hash algorithm used when displaying key fingerprints.
289Valid options are:
290.Dq md5
291and
292.Dq sha256 .
293The default is
294.Dq sha256 .
Ben Lindstrom5a707822001-04-22 17:15:46 +0000295.It Fl e
Ben Lindstrom46c264f2001-04-24 16:56:58 +0000296This option will read a private or public OpenSSH key file and
Damien Miller44b25042010-07-02 13:35:01 +1000297print to stdout the key in one of the formats specified by the
298.Fl m
299option.
300The default export format is
301.Dq RFC4716 .
Damien Millerea727282010-07-02 13:35:34 +1000302This option allows exporting OpenSSH keys for use by other programs, including
Damien Miller44b25042010-07-02 13:35:01 +1000303several commercial SSH implementations.
djm@openbsd.org737e4ed2018-12-07 03:32:26 +0000304.It Fl F Ar hostname | [hostname]:port
Damien Miller265d3092005-03-02 12:05:06 +1100305Search for the specified
306.Ar hostname
djm@openbsd.org737e4ed2018-12-07 03:32:26 +0000307(with optional port number)
Damien Miller265d3092005-03-02 12:05:06 +1100308in a
309.Pa known_hosts
310file, listing any occurrences found.
311This option is useful to find hashed host names or addresses and may also be
312used in conjunction with the
313.Fl H
314option to print found keys in a hashed format.
315.It Fl f Ar filename
316Specifies the filename of the key file.
317.It Fl G Ar output_file
318Generate candidate primes for DH-GEX.
319These primes must be screened for
320safety (using the
321.Fl T
322option) before use.
Damien Miller37876e92003-05-15 10:19:46 +1000323.It Fl g
Darren Tucker0b42e6d2004-08-13 21:22:40 +1000324Use generic DNS format when printing fingerprint resource records using the
Darren Tucker6e370372004-08-13 21:23:25 +1000325.Fl r
Darren Tucker0b42e6d2004-08-13 21:22:40 +1000326command.
Damien Miller265d3092005-03-02 12:05:06 +1100327.It Fl H
328Hash a
329.Pa known_hosts
Darren Tuckerda1adbc2005-03-14 23:15:58 +1100330file.
331This replaces all hostnames and addresses with hashed representations
332within the specified file; the original content is moved to a file with
333a .old suffix.
Damien Miller265d3092005-03-02 12:05:06 +1100334These hashes may be used normally by
335.Nm ssh
336and
337.Nm sshd ,
338but they do not reveal identifying information should the file's contents
339be disclosed.
340This option will not modify existing hashed hostnames and is therefore safe
341to use on files that mix hashed and non-hashed names.
Damien Miller0a80ca12010-02-27 07:55:05 +1100342.It Fl h
343When signing a key, create a host certificate instead of a user
344certificate.
345Please see the
346.Sx CERTIFICATES
347section for details.
Damien Miller15f5b562010-03-03 10:25:21 +1100348.It Fl I Ar certificate_identity
Damien Miller0a80ca12010-02-27 07:55:05 +1100349Specify the key identity when signing a public key.
350Please see the
351.Sx CERTIFICATES
352section for details.
Ben Lindstrom5a707822001-04-22 17:15:46 +0000353.It Fl i
354This option will read an unencrypted private (or public) key file
Damien Miller44b25042010-07-02 13:35:01 +1000355in the format specified by the
356.Fl m
357option and print an OpenSSH compatible private
Ben Lindstrom5a707822001-04-22 17:15:46 +0000358(or public) key to stdout.
Damien Miller43b156c2014-04-20 13:23:03 +1000359This option allows importing keys from other software, including several
360commercial SSH implementations.
361The default import format is
362.Dq RFC4716 .
Damien Millerdfceafe2012-07-06 13:44:19 +1000363.It Fl J Ar num_lines
364Exit after screening the specified number of lines
365while performing DH candidate screening using the
366.Fl T
367option.
368.It Fl j Ar start_line
369Start screening at the specified line number
370while performing DH candidate screening using the
371.Fl T
372option.
Damien Miller390d0562011-10-18 16:05:19 +1100373.It Fl K Ar checkpt
374Write the last line processed to the file
375.Ar checkpt
376while performing DH candidate screening using the
377.Fl T
378option.
379This will be used to skip lines in the input file that have already been
380processed if the job is restarted.
Damien Millerf3747bf2013-01-18 11:44:04 +1100381.It Fl k
382Generate a KRL file.
383In this mode,
384.Nm
385will generate a KRL file at the location specified via the
386.Fl f
Damien Miller881a7a22013-01-20 22:34:46 +1100387flag that revokes every key or certificate presented on the command line.
Damien Millerf3747bf2013-01-18 11:44:04 +1100388Keys/certificates to be revoked may be specified by public key file or
389using the format described in the
390.Sx KEY REVOCATION LISTS
391section.
Damien Millerf2b70ca2010-03-05 07:39:35 +1100392.It Fl L
djm@openbsd.org94bc0b72015-11-13 04:34:15 +0000393Prints the contents of one or more certificates.
Damien Miller10f6f6b1999-11-17 17:29:08 +1100394.It Fl l
Darren Tucker35c45532008-06-13 04:43:15 +1000395Show fingerprint of specified public key file.
Damien Millereb5fec62001-11-12 10:52:44 +1100396For RSA and DSA keys
397.Nm
Darren Tuckerf09e8252008-06-13 05:18:03 +1000398tries to find the matching public key file and prints its fingerprint.
399If combined with
400.Fl v ,
jmc@openbsd.org92838842016-05-03 18:38:12 +0000401a visual ASCII art representation of the key is supplied with the
djm@openbsd.orgcdcd9412016-05-03 14:54:08 +0000402fingerprint.
Damien Millerea727282010-07-02 13:35:34 +1000403.It Fl M Ar memory
404Specify the amount of memory to use (in megabytes) when generating
405candidate moduli for DH-GEX.
Damien Miller44b25042010-07-02 13:35:01 +1000406.It Fl m Ar key_format
407Specify a key format for the
408.Fl i
409(import) or
410.Fl e
Damien Millerea727282010-07-02 13:35:34 +1000411(export) conversion options.
Damien Miller44b25042010-07-02 13:35:01 +1000412The supported key formats are:
413.Dq RFC4716
Damien Millerea727282010-07-02 13:35:34 +1000414(RFC 4716/SSH2 public or private key),
Damien Miller44b25042010-07-02 13:35:01 +1000415.Dq PKCS8
416(PEM PKCS8 public key)
417or
418.Dq PEM
419(PEM public key).
420The default conversion format is
421.Dq RFC4716 .
djm@openbsd.orged7bd5d2018-08-08 01:16:01 +0000422Setting a format of
423.Dq PEM
424when generating or updating a supported private key type will cause the
425key to be stored in the legacy PEM private key format.
Damien Miller265d3092005-03-02 12:05:06 +1100426.It Fl N Ar new_passphrase
427Provides the new passphrase.
Damien Miller0a80ca12010-02-27 07:55:05 +1100428.It Fl n Ar principals
429Specify one or more principals (user or host names) to be included in
430a certificate when signing a key.
431Multiple principals may be specified, separated by commas.
432Please see the
433.Sx CERTIFICATES
434section for details.
Damien Miller4e270b02010-04-16 15:56:21 +1000435.It Fl O Ar option
436Specify a certificate option when signing a key.
Damien Miller0a80ca12010-02-27 07:55:05 +1100437This option may be specified multiple times.
jmc@openbsd.org6b848972017-05-02 07:13:31 +0000438See also the
Damien Miller0a80ca12010-02-27 07:55:05 +1100439.Sx CERTIFICATES
jmc@openbsd.org6b848972017-05-02 07:13:31 +0000440section for further details.
djm@openbsd.org130283d2018-01-25 03:34:43 +0000441.Pp
442At present, no standard options are valid for host keys.
Damien Miller4e270b02010-04-16 15:56:21 +1000443The options that are valid for user certificates are:
jmc@openbsd.org6b848972017-05-02 07:13:31 +0000444.Pp
445.Bl -tag -width Ds -compact
Damien Millerc59e2442010-03-22 05:50:31 +1100446.It Ic clear
447Clear all enabled permissions.
448This is useful for clearing the default set of permissions so permissions may
449be added individually.
jmc@openbsd.org6b848972017-05-02 07:13:31 +0000450.Pp
jmc@openbsd.orgd4084cd2017-04-29 06:06:01 +0000451.It Ic critical : Ns Ar name Ns Op Ns = Ns Ar contents
jmc@openbsd.org6b848972017-05-02 07:13:31 +0000452.It Ic extension : Ns Ar name Ns Op Ns = Ns Ar contents
453Includes an arbitrary certificate critical option or extension.
454The specified
djm@openbsd.org249516e2017-04-29 04:12:25 +0000455.Ar name
jmc@openbsd.orgd4084cd2017-04-29 06:06:01 +0000456should include a domain suffix, e.g.\&
djm@openbsd.org249516e2017-04-29 04:12:25 +0000457.Dq name@example.com .
jmc@openbsd.orgd4084cd2017-04-29 06:06:01 +0000458If
djm@openbsd.org249516e2017-04-29 04:12:25 +0000459.Ar contents
460is specified then it is included as the contents of the extension/option
461encoded as a string, otherwise the extension/option is created with no
462contents (usually indicating a flag).
463Extensions may be ignored by a client or server that does not recognise them,
464whereas unknown critical options will cause the certificate to be refused.
jmc@openbsd.org6b848972017-05-02 07:13:31 +0000465.Pp
466.It Ic force-command Ns = Ns Ar command
467Forces the execution of
468.Ar command
469instead of any shell or command specified by the user when
470the certificate is used for authentication.
471.Pp
472.It Ic no-agent-forwarding
473Disable
474.Xr ssh-agent 1
475forwarding (permitted by default).
476.Pp
477.It Ic no-port-forwarding
478Disable port forwarding (permitted by default).
479.Pp
480.It Ic no-pty
481Disable PTY allocation (permitted by default).
482.Pp
483.It Ic no-user-rc
484Disable execution of
485.Pa ~/.ssh/rc
486by
487.Xr sshd 8
488(permitted by default).
489.Pp
490.It Ic no-x11-forwarding
491Disable X11 forwarding (permitted by default).
492.Pp
493.It Ic permit-agent-forwarding
494Allows
495.Xr ssh-agent 1
496forwarding.
497.Pp
498.It Ic permit-port-forwarding
499Allows port forwarding.
500.Pp
501.It Ic permit-pty
502Allows PTY allocation.
503.Pp
504.It Ic permit-user-rc
505Allows execution of
506.Pa ~/.ssh/rc
507by
508.Xr sshd 8 .
509.Pp
djm@openbsd.org130283d2018-01-25 03:34:43 +0000510.It Ic permit-X11-forwarding
jmc@openbsd.org6b848972017-05-02 07:13:31 +0000511Allows X11 forwarding.
512.Pp
513.It Ic source-address Ns = Ns Ar address_list
514Restrict the source addresses from which the certificate is considered valid.
515The
516.Ar address_list
517is a comma-separated list of one or more address/netmask pairs in CIDR
518format.
519.El
Damien Miller265d3092005-03-02 12:05:06 +1100520.It Fl P Ar passphrase
521Provides the (old) passphrase.
Damien Miller32aa1441999-10-29 09:15:49 +1000522.It Fl p
523Requests changing the passphrase of a private key file instead of
Damien Miller450a7a12000-03-26 13:04:51 +1000524creating a new private key.
525The program will prompt for the file
Damien Miller32aa1441999-10-29 09:15:49 +1000526containing the private key, for the old passphrase, and twice for the
527new passphrase.
Damien Miller072fdcd2013-01-20 22:34:04 +1100528.It Fl Q
529Test whether keys have been revoked in a KRL.
Damien Miller32aa1441999-10-29 09:15:49 +1000530.It Fl q
531Silence
532.Nm ssh-keygen .
djm@openbsd.org63bba572018-12-07 03:33:18 +0000533.It Fl R Ar hostname | [hostname]:port
djm@openbsd.org737e4ed2018-12-07 03:32:26 +0000534Removes all keys belonging to the specified
Damien Miller4b42d7f2005-03-01 21:48:35 +1100535.Ar hostname
djm@openbsd.org737e4ed2018-12-07 03:32:26 +0000536(with optional port number)
Damien Miller4c9c6fd2005-03-02 12:03:43 +1100537from a
Damien Miller4b42d7f2005-03-01 21:48:35 +1100538.Pa known_hosts
539file.
Damien Miller4c9c6fd2005-03-02 12:03:43 +1100540This option is useful to delete hashed hosts (see the
Damien Miller4b42d7f2005-03-01 21:48:35 +1100541.Fl H
542option above).
Damien Miller265d3092005-03-02 12:05:06 +1100543.It Fl r Ar hostname
544Print the SSHFP fingerprint resource record named
545.Ar hostname
546for the specified public key file.
Darren Tucker019cefe2003-08-02 22:40:07 +1000547.It Fl S Ar start
548Specify start point (in hex) when generating candidate moduli for DH-GEX.
Damien Miller0a80ca12010-02-27 07:55:05 +1100549.It Fl s Ar ca_key
550Certify (sign) a public key using the specified CA key.
551Please see the
552.Sx CERTIFICATES
553section for details.
Damien Millerf3747bf2013-01-18 11:44:04 +1100554.Pp
555When generating a KRL,
556.Fl s
Damien Millerac5542b2013-01-20 22:33:02 +1100557specifies a path to a CA public key file used to revoke certificates directly
Damien Millerf3747bf2013-01-18 11:44:04 +1100558by key ID or serial number.
559See the
560.Sx KEY REVOCATION LISTS
561section for details.
Darren Tucker019cefe2003-08-02 22:40:07 +1000562.It Fl T Ar output_file
563Test DH group exchange candidate primes (generated using the
564.Fl G
565option) for safety.
jmc@openbsd.orgf10c0d32017-05-02 17:04:09 +0000566.It Fl t Cm dsa | ecdsa | ed25519 | rsa
Damien Miller265d3092005-03-02 12:05:06 +1100567Specifies the type of key to create.
568The possible values are
Damien Miller6186bbc2010-09-24 22:00:54 +1000569.Dq dsa ,
Damien Miller8ba0ead2013-12-18 17:46:27 +1100570.Dq ecdsa ,
571.Dq ed25519 ,
Damien Miller265d3092005-03-02 12:05:06 +1100572or
jmc@openbsd.orgf10c0d32017-05-02 17:04:09 +0000573.Dq rsa .
djm@openbsd.orga98339e2017-06-28 01:09:22 +0000574.It Fl U
575When used in combination with
576.Fl s ,
577this option indicates that a CA key resides in a
578.Xr ssh-agent 1 .
579See the
580.Sx CERTIFICATES
581section for more information.
Damien Millerac5542b2013-01-20 22:33:02 +1100582.It Fl u
583Update a KRL.
584When specified with
585.Fl k ,
Damien Miller881a7a22013-01-20 22:34:46 +1100586keys listed via the command line are added to the existing KRL rather than
Damien Millerac5542b2013-01-20 22:33:02 +1100587a new KRL being created.
Damien Miller0a80ca12010-02-27 07:55:05 +1100588.It Fl V Ar validity_interval
589Specify a validity interval when signing a certificate.
590A validity interval may consist of a single time, indicating that the
591certificate is valid beginning now and expiring at that time, or may consist
592of two times separated by a colon to indicate an explicit time interval.
djm@openbsd.org@openbsd.orgd52131a2017-11-03 05:14:04 +0000593.Pp
594The start time may be specified as the string
595.Dq always
596to indicate the certificate has no specified start time,
djm@openbsd.orgbf0fbf22018-03-12 00:52:01 +0000597a date in YYYYMMDD format, a time in YYYYMMDDHHMM[SS] format,
djm@openbsd.org@openbsd.orgd52131a2017-11-03 05:14:04 +0000598a relative time (to the current time) consisting of a minus sign followed by
599an interval in the format described in the
Damien Millerfecfd112013-07-18 16:11:50 +1000600TIME FORMATS section of
Damien Miller77497e12010-03-22 05:50:51 +1100601.Xr sshd_config 5 .
djm@openbsd.org@openbsd.orgd52131a2017-11-03 05:14:04 +0000602.Pp
djm@openbsd.orgbf0fbf22018-03-12 00:52:01 +0000603The end time may be specified as a YYYYMMDD date, a YYYYMMDDHHMM[SS] time,
djm@openbsd.org@openbsd.orgd52131a2017-11-03 05:14:04 +0000604a relative time starting with a plus character or the string
605.Dq forever
606to indicate that the certificate has no expirty date.
Damien Miller0a80ca12010-02-27 07:55:05 +1100607.Pp
608For example:
609.Dq +52w1d
610(valid from now to 52 weeks and one day from now),
611.Dq -4w:+4w
612(valid from four weeks ago to four weeks from now),
613.Dq 20100101123000:20110101123000
614(valid from 12:30 PM, January 1st, 2010 to 12:30 PM, January 1st, 2011),
615.Dq -1d:20110101
616(valid from yesterday to midnight, January 1st, 2011).
djm@openbsd.org@openbsd.orgd52131a2017-11-03 05:14:04 +0000617.Dq -1m:forever
618(valid from one minute ago and never expiring).
Darren Tucker06930c72003-12-31 11:34:51 +1100619.It Fl v
620Verbose mode.
621Causes
622.Nm
623to print debugging messages about its progress.
624This is helpful for debugging moduli generation.
625Multiple
626.Fl v
627options increase the verbosity.
628The maximum is 3.
Damien Miller265d3092005-03-02 12:05:06 +1100629.It Fl W Ar generator
630Specify desired generator when testing candidate moduli for DH-GEX.
631.It Fl y
632This option will read a private
633OpenSSH format file and print an OpenSSH public key to stdout.
Damien Miller4e270b02010-04-16 15:56:21 +1000634.It Fl z Ar serial_number
635Specifies a serial number to be embedded in the certificate to distinguish
636this certificate from others from the same CA.
637The default serial number is zero.
Damien Millerf3747bf2013-01-18 11:44:04 +1100638.Pp
639When generating a KRL, the
640.Fl z
641flag is used to specify a KRL version number.
Damien Miller32aa1441999-10-29 09:15:49 +1000642.El
Darren Tucker019cefe2003-08-02 22:40:07 +1000643.Sh MODULI GENERATION
644.Nm
645may be used to generate groups for the Diffie-Hellman Group Exchange
646(DH-GEX) protocol.
647Generating these groups is a two-step process: first, candidate
648primes are generated using a fast, but memory intensive process.
649These candidate primes are then tested for suitability (a CPU-intensive
650process).
651.Pp
652Generation of primes is performed using the
653.Fl G
654option.
655The desired length of the primes may be specified by the
656.Fl b
657option.
658For example:
659.Pp
Damien Miller265d3092005-03-02 12:05:06 +1100660.Dl # ssh-keygen -G moduli-2048.candidates -b 2048
Darren Tucker019cefe2003-08-02 22:40:07 +1000661.Pp
662By default, the search for primes begins at a random point in the
663desired length range.
664This may be overridden using the
665.Fl S
666option, which specifies a different start point (in hex).
667.Pp
Damien Millerdfceafe2012-07-06 13:44:19 +1000668Once a set of candidates have been generated, they must be screened for
Darren Tucker019cefe2003-08-02 22:40:07 +1000669suitability.
670This may be performed using the
671.Fl T
672option.
673In this mode
674.Nm
675will read candidates from standard input (or a file specified using the
676.Fl f
677option).
678For example:
679.Pp
Damien Miller265d3092005-03-02 12:05:06 +1100680.Dl # ssh-keygen -T moduli-2048 -f moduli-2048.candidates
Darren Tucker019cefe2003-08-02 22:40:07 +1000681.Pp
682By default, each candidate will be subjected to 100 primality tests.
683This may be overridden using the
684.Fl a
685option.
686The DH generator value will be chosen automatically for the
687prime under consideration.
688If a specific generator is desired, it may be requested using the
689.Fl W
690option.
Damien Miller265d3092005-03-02 12:05:06 +1100691Valid generator values are 2, 3, and 5.
Darren Tucker019cefe2003-08-02 22:40:07 +1000692.Pp
693Screened DH groups may be installed in
694.Pa /etc/moduli .
695It is important that this file contains moduli of a range of bit lengths and
696that both ends of a connection share common moduli.
Damien Miller0a80ca12010-02-27 07:55:05 +1100697.Sh CERTIFICATES
698.Nm
699supports signing of keys to produce certificates that may be used for
700user or host authentication.
701Certificates consist of a public key, some identity information, zero or
Damien Miller1f181422010-04-18 08:08:03 +1000702more principal (user or host) names and a set of options that
Damien Miller0a80ca12010-02-27 07:55:05 +1100703are signed by a Certification Authority (CA) key.
704Clients or servers may then trust only the CA key and verify its signature
705on a certificate rather than trusting many user/host keys.
706Note that OpenSSH certificates are a different, and much simpler, format to
707the X.509 certificates used in
708.Xr ssl 8 .
709.Pp
710.Nm
711supports two types of certificates: user and host.
712User certificates authenticate users to servers, whereas host certificates
Damien Miller15f5b562010-03-03 10:25:21 +1100713authenticate server hosts to users.
714To generate a user certificate:
Damien Miller0a80ca12010-02-27 07:55:05 +1100715.Pp
716.Dl $ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub
717.Pp
718The resultant certificate will be placed in
Damien Miller1b61a282010-03-22 05:55:06 +1100719.Pa /path/to/user_key-cert.pub .
Damien Miller0a80ca12010-02-27 07:55:05 +1100720A host certificate requires the
721.Fl h
722option:
723.Pp
724.Dl $ ssh-keygen -s /path/to/ca_key -I key_id -h /path/to/host_key.pub
725.Pp
726The host certificate will be output to
Damien Miller1b61a282010-03-22 05:55:06 +1100727.Pa /path/to/host_key-cert.pub .
Damien Miller757f34e2010-08-05 13:05:31 +1000728.Pp
729It is possible to sign using a CA key stored in a PKCS#11 token by
730providing the token library using
731.Fl D
732and identifying the CA key by providing its public half as an argument
733to
734.Fl s :
735.Pp
naddy@openbsd.org05291e52015-08-20 19:20:06 +0000736.Dl $ ssh-keygen -s ca_key.pub -D libpkcs11.so -I key_id user_key.pub
Damien Miller757f34e2010-08-05 13:05:31 +1000737.Pp
djm@openbsd.orga98339e2017-06-28 01:09:22 +0000738Similarly, it is possible for the CA key to be hosted in a
739.Xr ssh-agent 1 .
740This is indicated by the
741.Fl U
742flag and, again, the CA key must be identified by its public half.
743.Pp
744.Dl $ ssh-keygen -Us ca_key.pub -I key_id user_key.pub
745.Pp
Damien Miller757f34e2010-08-05 13:05:31 +1000746In all cases,
Damien Miller0a80ca12010-02-27 07:55:05 +1100747.Ar key_id
748is a "key identifier" that is logged by the server when the certificate
749is used for authentication.
750.Pp
751Certificates may be limited to be valid for a set of principal (user/host)
752names.
753By default, generated certificates are valid for all users or hosts.
754To generate a certificate for a specified set of principals:
755.Pp
756.Dl $ ssh-keygen -s ca_key -I key_id -n user1,user2 user_key.pub
naddy@openbsd.org05291e52015-08-20 19:20:06 +0000757.Dl "$ ssh-keygen -s ca_key -I key_id -h -n host.domain host_key.pub"
Damien Miller0a80ca12010-02-27 07:55:05 +1100758.Pp
759Additional limitations on the validity and use of user certificates may
Damien Miller1f181422010-04-18 08:08:03 +1000760be specified through certificate options.
Damien Miller4e270b02010-04-16 15:56:21 +1000761A certificate option may disable features of the SSH session, may be
Damien Miller0a80ca12010-02-27 07:55:05 +1100762valid only when presented from particular source addresses or may
763force the use of a specific command.
Damien Miller4e270b02010-04-16 15:56:21 +1000764For a list of valid certificate options, see the documentation for the
Damien Miller0a80ca12010-02-27 07:55:05 +1100765.Fl O
766option above.
767.Pp
768Finally, certificates may be defined with a validity lifetime.
769The
770.Fl V
771option allows specification of certificate start and end times.
772A certificate that is presented at a time outside this range will not be
773considered valid.
Darren Tucker3ee50c52012-09-06 21:18:11 +1000774By default, certificates are valid from
775.Ux
776Epoch to the distant future.
Damien Miller0a80ca12010-02-27 07:55:05 +1100777.Pp
778For certificates to be used for user or host authentication, the CA
779public key must be trusted by
780.Xr sshd 8
781or
782.Xr ssh 1 .
783Please refer to those manual pages for details.
Damien Millerf3747bf2013-01-18 11:44:04 +1100784.Sh KEY REVOCATION LISTS
785.Nm
786is able to manage OpenSSH format Key Revocation Lists (KRLs).
787These binary files specify keys or certificates to be revoked using a
Damien Miller13797712013-12-29 17:47:14 +1100788compact format, taking as little as one bit per certificate if they are being
Damien Millerf3747bf2013-01-18 11:44:04 +1100789revoked by serial number.
790.Pp
791KRLs may be generated using the
792.Fl k
793flag.
Damien Miller881a7a22013-01-20 22:34:46 +1100794This option reads one or more files from the command line and generates a new
Damien Millerf3747bf2013-01-18 11:44:04 +1100795KRL.
796The files may either contain a KRL specification (see below) or public keys,
797listed one per line.
798Plain public keys are revoked by listing their hash or contents in the KRL and
799certificates revoked by serial number or key ID (if the serial is zero or
800not available).
801.Pp
802Revoking keys using a KRL specification offers explicit control over the
803types of record used to revoke keys and may be used to directly revoke
804certificates by serial number or key ID without having the complete original
805certificate on hand.
806A KRL specification consists of lines containing one of the following directives
807followed by a colon and some directive-specific information.
808.Bl -tag -width Ds
Damien Millera0a7ee82013-01-20 22:35:06 +1100809.It Cm serial : Ar serial_number Ns Op - Ns Ar serial_number
Damien Millerf3747bf2013-01-18 11:44:04 +1100810Revokes a certificate with the specified serial number.
Damien Millerac5542b2013-01-20 22:33:02 +1100811Serial numbers are 64-bit values, not including zero and may be expressed
Damien Millerf3747bf2013-01-18 11:44:04 +1100812in decimal, hex or octal.
813If two serial numbers are specified separated by a hyphen, then the range
814of serial numbers including and between each is revoked.
815The CA key must have been specified on the
816.Nm
Damien Miller881a7a22013-01-20 22:34:46 +1100817command line using the
Damien Millerf3747bf2013-01-18 11:44:04 +1100818.Fl s
819option.
820.It Cm id : Ar key_id
821Revokes a certificate with the specified key ID string.
822The CA key must have been specified on the
823.Nm
Damien Miller881a7a22013-01-20 22:34:46 +1100824command line using the
Damien Millerf3747bf2013-01-18 11:44:04 +1100825.Fl s
826option.
827.It Cm key : Ar public_key
828Revokes the specified key.
Damien Millerac5542b2013-01-20 22:33:02 +1100829If a certificate is listed, then it is revoked as a plain public key.
Damien Millerf3747bf2013-01-18 11:44:04 +1100830.It Cm sha1 : Ar public_key
djm@openbsd.org9405c622018-09-12 01:21:34 +0000831Revokes the specified key by including its SHA1 hash in the KRL.
832.It Cm sha256 : Ar public_key
833Revokes the specified key by including its SHA256 hash in the KRL.
834KRLs that revoke keys by SHA256 hash are not supported by OpenSSH versions
835prior to 7.9.
836.It Cm hash : Ar fingerprint
djm@openbsd.orgf0fcd7e2018-09-12 06:18:59 +0000837Revokes a key using a fingerprint hash, as obtained from a
djm@openbsd.org9405c622018-09-12 01:21:34 +0000838.Xr sshd 8
839authentication log message or the
840.Nm
841.Fl l
842flag.
843Only SHA256 fingerprints are supported here and resultant KRLs are
844not supported by OpenSSH versions prior to 7.9.
Damien Millerf3747bf2013-01-18 11:44:04 +1100845.El
846.Pp
847KRLs may be updated using the
848.Fl u
849flag in addition to
850.Fl k .
Damien Miller881a7a22013-01-20 22:34:46 +1100851When this option is specified, keys listed via the command line are merged into
Damien Millerf3747bf2013-01-18 11:44:04 +1100852the KRL, adding to those already there.
853.Pp
854It is also possible, given a KRL, to test whether it revokes a particular key
855(or keys).
856The
857.Fl Q
jmc@openbsd.org8b290082015-11-05 09:48:05 +0000858flag will query an existing KRL, testing each key specified on the command line.
Damien Miller881a7a22013-01-20 22:34:46 +1100859If any key listed on the command line has been revoked (or an error encountered)
Damien Millerf3747bf2013-01-18 11:44:04 +1100860then
861.Nm
862will exit with a non-zero exit status.
863A zero exit status will only be returned if no key was revoked.
Damien Miller32aa1441999-10-29 09:15:49 +1000864.Sh FILES
Damien Miller6186bbc2010-09-24 22:00:54 +1000865.Bl -tag -width Ds -compact
Damien Miller167ea5d2005-05-26 12:04:02 +1000866.It Pa ~/.ssh/id_dsa
Damien Miller6186bbc2010-09-24 22:00:54 +1000867.It Pa ~/.ssh/id_ecdsa
Damien Miller8ba0ead2013-12-18 17:46:27 +1100868.It Pa ~/.ssh/id_ed25519
Damien Miller167ea5d2005-05-26 12:04:02 +1000869.It Pa ~/.ssh/id_rsa
naddy@openbsd.org2e9c3242017-05-05 10:41:58 +0000870Contains the DSA, ECDSA, Ed25519 or RSA
Damien Miller8ba0ead2013-12-18 17:46:27 +1100871authentication identity of the user.
Ben Lindstrom18a82ac2001-04-11 15:59:35 +0000872This file should not be readable by anyone but the user.
873It is possible to
874specify a passphrase when generating the key; that passphrase will be
Darren Tucker199ee6f2009-10-24 11:50:17 +1100875used to encrypt the private part of this file using 128-bit AES.
Ben Lindstrom18a82ac2001-04-11 15:59:35 +0000876This file is not automatically accessed by
877.Nm
878but it is offered as the default file for the private key.
Ben Lindstrombda98b02001-07-04 03:35:24 +0000879.Xr ssh 1
Ben Lindstrom18a82ac2001-04-11 15:59:35 +0000880will read this file when a login attempt is made.
Damien Miller6186bbc2010-09-24 22:00:54 +1000881.Pp
882.It Pa ~/.ssh/id_dsa.pub
883.It Pa ~/.ssh/id_ecdsa.pub
Damien Miller8ba0ead2013-12-18 17:46:27 +1100884.It Pa ~/.ssh/id_ed25519.pub
Damien Miller167ea5d2005-05-26 12:04:02 +1000885.It Pa ~/.ssh/id_rsa.pub
naddy@openbsd.org2e9c3242017-05-05 10:41:58 +0000886Contains the DSA, ECDSA, Ed25519 or RSA
Damien Miller8ba0ead2013-12-18 17:46:27 +1100887public key for authentication.
Damien Millere247cc42000-05-07 12:03:14 +1000888The contents of this file should be added to
Damien Miller167ea5d2005-05-26 12:04:02 +1000889.Pa ~/.ssh/authorized_keys
Damien Millere247cc42000-05-07 12:03:14 +1000890on all machines
Ben Lindstrom594e2032001-09-12 18:35:30 +0000891where the user wishes to log in using public key authentication.
Damien Millere247cc42000-05-07 12:03:14 +1000892There is no need to keep the contents of this file secret.
Damien Miller6186bbc2010-09-24 22:00:54 +1000893.Pp
Darren Tucker019cefe2003-08-02 22:40:07 +1000894.It Pa /etc/moduli
895Contains Diffie-Hellman groups used for DH-GEX.
896The file format is described in
897.Xr moduli 5 .
Damien Miller37023962000-07-11 17:31:38 +1000898.El
Damien Miller32aa1441999-10-29 09:15:49 +1000899.Sh SEE ALSO
900.Xr ssh 1 ,
901.Xr ssh-add 1 ,
Damien Miller2e8b1c81999-11-15 23:33:56 +1100902.Xr ssh-agent 1 ,
Darren Tucker019cefe2003-08-02 22:40:07 +1000903.Xr moduli 5 ,
Ben Lindstrom77788dc2001-02-10 23:10:33 +0000904.Xr sshd 8
Ben Lindstrom5a707822001-04-22 17:15:46 +0000905.Rs
Damien Millerc0367fb2007-01-05 16:25:46 +1100906.%R RFC 4716
907.%T "The Secure Shell (SSH) Public Key File Format"
908.%D 2006
Ben Lindstrom5a707822001-04-22 17:15:46 +0000909.Re
Damien Millerf1ce5052003-06-11 22:04:39 +1000910.Sh AUTHORS
911OpenSSH is a derivative of the original and free
912ssh 1.2.12 release by Tatu Ylonen.
913Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
914Theo de Raadt and Dug Song
915removed many bugs, re-added newer features and
916created OpenSSH.
917Markus Friedl contributed the support for SSH
918protocol versions 1.5 and 2.0.