|
Hopefully, this page is exactly what you are looking for, but if not, you can always find further assistance on Unix/Linux Forum!
User Commands ssh-keygen(1)
NAME
ssh-keygen - authentication key generation
SYNOPSIS
ssh-keygen [-q] [-b bits ] -t type [-N new_passphrase] [-C
comment] [-f output_keyfile]
ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f
keyfile]
ssh-keygen -i [-f input_keyfile]
ssh-keygen -e [-f input_keyfile]
ssh-keygen -y [-f input_keyfile]
ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]
ssh-keygen -l [-f input_keyfile]
ssh-keygen -B [-f input_keyfile]
DESCRIPTION
The ssh-keygen utility generates, manages, and converts
authentication keys for ssh(1). ssh-keygen can create RSA
keys for use by SSH protocol version 1 and RSA or DSA keys
for use by SSH protocol version 2. The type of key to be
generated is specified with the -t option.
Normally, each user wishing to use SSH with RSA or DSA
authentication runs this once to create the authentication
key in $HOME/.ssh/identity, $HOME/.ssh/id_dsa, or
$HOME/.ssh/id_rsa. The system administrator can also use
this to generate host keys..
Ordinarily, this program generates the key and asks for a
file in which to store the private key. The public key is
stored in a file with the same name but with the ``.pub''
extension appended. The program also asks for a passphrase.
The passphrase can be empty to indicate no passphrase (host
keys must have empty passphrases), or it can be a string of
arbitrary length. Good passphrases are 10-30 characters
long, are not simple sentences or otherwise easy to guess,
and contain a mix of uppercase and lowercase letters,
numbers, and non-alphanumeric characters. (English prose has
only 1-2 bits of entropy per word and provides very poor
passphrases.)
The passphrase can be changed later by using the -p option.
There is no way to recover a lost passphrase. If the
passphrase is lost or forgotten, you have to generate a new
SunOS 5.10 Last change: 9 Nov 2004 1
User Commands ssh-keygen(1)
key and copy the corresponding public key to other machines.
For RSA, there is also a comment field in the key file that
is only for convenience to the user to help identify the
key. The comment can tell what the key is for, or whatever
is useful. The comment is initialized to ``user@host'' when
the key is created, but can be changed using the -c option.
After a key is generated, instructions below detail where to
place the keys to activate them.
OPTIONS
The following options are supported:
-b bits Specifies the number of bits in the
key to create. The minimum number is
512 bits. Generally, 1024 bits is
considered sufficient. Key sizes
above that no longer improve secu-
rity but make things slower. The
default is 1024 bits.
-B Shows the bubblebabble digest of the
specified private or public key
file.
-c Requests changing the comment in the
private and public key files. The
program prompts for the file con-
taining the private keys, for the
passphrase if the key has one, and
for the new comment.
This option only applies to rsa1
(SSHv1) keys.
-C comment Provides the new comment.
-e This option reads a private or pub-
lic OpenSSH key file and prints the
key in a "SECSH" Public Key File
Format to stdout. This option allows
exporting keys for use by several
other SSH implementations.
SunOS 5.10 Last change: 9 Nov 2004 2
User Commands ssh-keygen(1)
-f Specifies the filename of the key
file.
-i This option reads an unencrypted
private (or public) key file in
SSH2-compatible format and prints an
OpenSSH compatible private (or pub-
lic) key to stdout. ssh-keygen also
reads the "SECSH" Public Key File
Format. This option allows import-
ing keys from several other SSH
implementations.
-l Shows the fingerprint of the speci-
fied private or public key file.
-N new_passphrase Provides the new passphrase.
-p Requests changing the passphrase of
a private key file instead of creat-
ing a new private key. The program
prompts for the file containing the
private key, for the old passphrase,
and prompts twice for the new
passphrase.
-P passphrase Provides the (old) passphrase.
-q Silences ssh-keygen.
-t type Specifies the algorithm used for the
key, where type is one of rsa, dsa,
and rsa1. Type rsa1 is used only for
the SSHv1 protocol.
SunOS 5.10 Last change: 9 Nov 2004 3
User Commands ssh-keygen(1)
-x Obsolete. Replaced by the -e option.
-X Obsolete. Replaced by the -i option.
-y This option reads a private OpenSSH
format file and prints an OpenSSH
public key to stdout.
EXIT STATUS
The following exit values are returned:
0 Successful completion.
1 An error occurred.
FILES
$HOME/.ssh/identity
This file contains the RSA private key for the SSHv1
protocol. This file should not be readable by anyone but
the user. It is possible to specify a passphrase when
generating the key; that passphrase is used to encrypt
the private part of this file using 3DES. This file is
not automatically accessed by ssh-keygen, but it is
offered as the default file for the private key.
sshd(1M) reads this file when a login attempt is made.
$HOME/.ssh/identity.pub
This file contains the RSA public key for the SSHv1 pro-
tocol. The contents of this file should be added to
$HOME/.ssh/authorized_keys on all machines where you
wish to log in using RSA authentication. There is no
need to keep the contents of this file secret.
$HOME/.ssh/id_dsa
$HOME/.ssh/id_rsa
SunOS 5.10 Last change: 9 Nov 2004 4
User Commands ssh-keygen(1)
These files contain, respectively, the DSA or RSA
private key for the SSHv2 protocol. These files should
not be readable by anyone but the user. It is possible
to specify a passphrase when generating the key; that
passphrase is used to encrypt the private part of the
file using 3DES. Neither of these files is automatically
accessed by ssh-keygen but is offered as the default
file for the private key. sshd(1M) reads this file when
a login attempt is made.
$HOME/.ssh/id_dsa.pub
$HOME/.ssh/id_rsa.pub
These files contain, respectively, the DSA or RSA public
key for the SSHv2 protocol. The contents of these files
should be added, respectively, to
$HOME/.ssh/authorized_keys on all machines where you
wish to log in using DSA or RSA authentication. There is
no need to keep the contents of these files secret.
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | SUNWsshcu |
|_____________________________|_____________________________|
| Interface Stability | Evolving |
|_____________________________|_____________________________|
SEE ALSO
ssh(1), ssh-add(1), ssh-agent(1), sshd(1M), attributes(5)
To view license terms, attribution, and copyright for
OpenSSH, the default path is
/var/sadm/pkg/SUNWsshdr/install/copyright. If the Solaris
operating environment has been installed anywhere other than
the default, modify the given path to access the file at the
installed location.
SunOS 5.10 Last change: 9 Nov 2004 5
Man(1) output converted with
man2html and wrapped by fishsponge
This page was generated on Wed Sep 12 11:25:29 GMT 2007
|
Your favourite pages:
No pages logged yet.
Trying to save cookie... Top 10 most popular pages:
CPAN man page (4333 hits)
(Suse Linux 10.1)
ssh man page (4186 hits)
(Suse Linux 10.1)
adv_cap_autoneg man page (4147 hits)
(Solaris 10 11_06)
sqlite3 man page (4070 hits)
(openSUSE 10.2)
svn man page (3249 hits)
(FreeBSD 6.2)
startproc man page (1908 hits)
(Suse Linux 10.1)
pprosetup man page (1666 hits)
(Solaris 10 11_06)
netcat man page (1613 hits)
(Suse Linux 10.1)
signal man page (1592 hits)
(Suse Linux 10.1)
ssh-socks5-proxy-connect man page (1558 hits)
(Solaris 10 11_06)
|
Man Pages 
