ssh-keygen2, ssh-keygen - On a Secure Shell server, generates the host key
pair. On a Secure Shell client, generates the authentication key pair for
users who are using public key authentication.
ssh-keygen2 [-b bits] [-t key_algorithm] [-c comment] [-e file] [-p
passphrase] [-P] [-h | -\?] [-q] [-l file] [-i file] [-D file] [-B number]
[-V] [-r file] [-x file] [-k file] [-7 file] [-F file] [key1 key2 . . .]
Specifies the length of the key in bits; for example, 1024 bits. The
default is 2048.
Specifies the algorithm used in key generation. Supported algorithms
are Digital Signature Algorithm (DSA) and Rivest, Shamir, and Adleman
Specifies the key's comment string.
Edits the specified key. Makes the ssh-keygen2 command interactive. You
can change the key's passphrase or comment.
Specifies the passphrase used.
-P Specifies that the key will be saved with an empty passphrase.
-h | -\?
Prints a summary of ssh-keygen2 commands.
-q Hides the progress indicator..
Converts the key from ssh1 format to ssh2 format.
Display all information about a key.
Derives the public key from the private key file.
Specifies the number base for displaying key information. The default
-V Displays version information.
Adds entropy from a file to the random pool $HOME/.ssh2/random_seed.
If the file contains relatively random data (i.e., data unpredictable
by a potential attacker), the randomness of the pool is increased.
Good randomness is essential for security of the generated keys.
Converts a private key from X.509 format to SSH2 format. The converted
key is written to file_ssh2. This feature is only available in commer-
cial distributions with certificate support.
Converts a PKCS 12 file to an SSH2 format private key and certificate
pair. This feature is only available in commercial distributions with
Exports certificates from a PKCS 7 file. This feature is only avail-
able in commercial distributions with certificate support.
Dumps the fingerprint of given public key. The fingerprint is given in
the Bubble Babble format, which makes the fingerprint look like a
string of words.
On a Secure Shell server, the ssh-keygen2 command generates and manages the
host key pair. On a Secure Shell client, the ssh-keygen2 command generates
the authentication key pair necessary for public key user authentication.
The system administrator also can use this command to generate host keys
for the sshd2 daemon.
See Security Administration for more information about Secure Shell host
keys and user authentication.
Generating the authentication key pair is only part of the configuration
necessary to use public key user authentication. Users can use the ssh-
pubkeymgr command to configure public key user authentication, which
includes generating the authentication key pair. The ssh-pubkeymgr command
prompts the user for information necessary to configure public key user
authentication on a Secure Shell client.
Seeds the random number generator. This file should not be accessible
by anyone but the user. This file is created the first time the pro-
gram is run and is updated every time the program is run.
Contains the user's private key.
Contains the user's public key.
Contains the private part of the host key. The ssh-keygen2 command
creates this file. This file should only be owned by root, readable
only by root, and not accessible to others.
Contains the public part of the host key. The ssh-keygen2 command
creates this file. This file should be readable by world and writable
only by root.
SSH is a registered trademark of SSH Communication Security Ltd.
Commands: ssh2(1), ssh-add2(1), ssh-agent2(1), ssh-pubkeymgr(1), sshd2(8)
Guides: Security Administration