unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (SunOS-5.10)
Page:
Section:
Apropos / Subsearch:
optional field

ssh-keygen(1)                    User Commands                   ssh-keygen(1)



NAME
       ssh-keygen - authentication key generation

SYNOPSIS
       ssh-keygen [-q] [-b bits ] -t type [-N new_passphrase] [-C comment] [-f
       output_keyfile]

       ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]

       ssh-keygen -i [-f input_keyfile]

       ssh-keygen -e [-f input_keyfile]

       ssh-keygen -y [-f input_keyfile]

       ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]

       ssh-keygen -l [-f input_keyfile]

       ssh-keygen -B [-f input_keyfile]

DESCRIPTION
       The ssh-keygen utility generates, manages, and converts  authentication
       keys for ssh(1). ssh-keygen can create RSA keys for use by SSH protocol
       version 1 and RSA or DSA keys for use by SSH protocol  version  2.  The
       type of key to be generated is specified with the -t option.

       Normally,  each  user wishing to use SSH with RSA or DSA authentication
       runs this once to create the authentication key in $HOME/.ssh/identity,
       $HOME/.ssh/id_dsa,  or $HOME/.ssh/id_rsa.  The system administrator can
       also use this to generate host keys..

       Ordinarily, this program generates the key and asks for a file in which
       to  store  the private key. The public key is stored in a file with the
       same name but with the ``.pub'' extension appended.  The  program  also
       asks  for  a  passphrase.  The  passphrase  can be empty to indicate no
       passphrase (host keys must have empty passphrases),  or  it  can  be  a
       string of arbitrary length. Good passphrases are 10-30 characters long,
       are not simple sentences or otherwise easy to guess, and contain a  mix
       of uppercase and lowercase letters, numbers, and non-alphanumeric char-
       acters. (English prose has only 1-2 bits of entropy per word  and  pro-
       vides very poor passphrases.)

       The passphrase can be changed later by using the -p option.

       There is no way to recover a lost passphrase. If the passphrase is lost
       or forgotten, you have to generate a new key and copy the corresponding
       public key to other machines.

       For RSA, there is also a comment field in the key file that is only for
       convenience to the user to help identify the key. The comment can  tell
       what  the key is for, or whatever is useful. The comment is initialized
       to ``user@host'' when the key is created, but can be changed using  the
       -c option.

       After  a key is generated, instructions below detail where to place the
       keys to activate them.

OPTIONS
       The following options are supported:

       -b bits                 Specifies the number of bits in the key to cre-
                               ate. The minimum number is 512 bits. Generally,
                               1024 bits is considered sufficient.  Key  sizes
                               above  that no longer improve security but make
                               things slower. The default is 1024 bits.



       -B                      Shows the bubblebabble digest of the  specified
                               private or public key file.



       -c                      Requests  changing  the  comment in the private
                               and public key files. The program  prompts  for
                               the  file  containing the private keys, for the
                               passphrase if the key has one, and for the  new
                               comment.

                               This option only applies to rsa1 (SSHv1) keys.



       -C comment              Provides the new comment.



       -e                      This  option  reads a private or public OpenSSH
                               key file and prints the key in a "SECSH" Public
                               Key  File  Format to stdout. This option allows
                               exporting keys for use  by  several  other  SSH
                               implementations.



       -f                      Specifies the filename of the key file.



       -i                      This  option  reads  an unencrypted private (or
                               public) key file in SSH2-compatible format  and
                               prints  an  OpenSSH compatible private (or pub-
                               lic) key to stdout. ssh-keygen also  reads  the
                               "SECSH"  Public  Key  File Format.  This option
                               allows importing keys from  several  other  SSH
                               implementations.



       -l                      Shows  the fingerprint of the specified private
                               or public key file.



       -N new_passphrase       Provides the new passphrase.



       -p                      Requests changing the passphrase of  a  private
                               key file instead of creating a new private key.
                               The program prompts for the file containing the
                               private   key,  for  the  old  passphrase,  and
                               prompts twice for the new passphrase.



       -P passphrase           Provides the (old) passphrase.



       -q                      Silences ssh-keygen.



       -t type                 Specifies the algorithm used for the key, where
                               type is one of rsa, dsa, and rsa1. Type rsa1 is
                               used only for the SSHv1 protocol.



       -x                      Obsolete. Replaced by the -e option.



       -X                      Obsolete. Replaced by the -i option.



       -y                      This option reads a private OpenSSH format file
                               and prints an OpenSSH public key to stdout.



EXIT STATUS
       The following exit values are returned:

       0        Successful completion.



       1        An error occurred.



FILES
       $HOME/.ssh/identity

           This file contains the RSA private key for the SSHv1 protocol. This
           file should not be readable by anyone but the user. It is  possible
           to specify a passphrase when generating the key; that passphrase is
           used to encrypt the private part of this file using 3DES. This file
           is  not  automatically accessed by ssh-keygen, but it is offered as
           the default file for the private key. sshd(1M) reads this file when
           a login attempt is made.



       $HOME/.ssh/identity.pub

           This  file  contains the RSA public key for the SSHv1 protocol. The
           contents of this file should be added to $HOME/.ssh/authorized_keys
           on  all machines where you wish to log in using RSA authentication.
           There is no need to keep the contents of this file secret.



       $HOME/.ssh/id_dsa
       $HOME/.ssh/id_rsa

           These files contain, respectively, the DSA or RSA private  key  for
           the  SSHv2  protocol.  These files should not be readable by anyone
           but the user. It is possible to specify a passphrase when  generat-
           ing the key; that passphrase is used to encrypt the private part of
           the file using  3DES.  Neither  of  these  files  is  automatically
           accessed  by  ssh-keygen but is offered as the default file for the
           private key. sshd(1M) reads this file when a login attempt is made.




       $HOME/.ssh/id_dsa.pub
       $HOME/.ssh/id_rsa.pub

           These files contain, respectively, the DSA or RSA  public  key  for
           the  SSHv2  protocol.  The contents of these files should be added,
           respectively, to $HOME/.ssh/authorized_keys on all  machines  where
           you  wish  to  log  in using DSA or RSA authentication. There is no
           need to keep the contents of these files secret.




ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:


       tab()    allbox;    cw(2.750000i)|     cw(2.750000i)     lw(2.750000i)|
       lw(2.750000i).   ATTRIBUTE  TYPEATTRIBUTE  VALUE  AvailabilitySUNWsshcu
       Interface StabilityEvolving


SEE ALSO
       ssh(1), ssh-add(1), ssh-agent(1), sshd(1M), attributes(5)

       To view license terms, attribution,  and  copyright  for  OpenSSH,  the
       default   path  is  /var/sadm/pkg/SUNWsshdr/install/copyright.  If  the
       Solaris operating environment has been installed  anywhere  other  than
       the  default, modify the given path to access the file at the installed
       location.



SunOS 5.10                        9 Nov 2004                     ssh-keygen(1)