1 .\" $OpenBSD: ssh-keygen.1,v 1.63 2004/08/13 00:01:43 jmc Exp $
5 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
6 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
7 .\" All rights reserved
9 .\" As far as I am concerned, the code I have written for this software
10 .\" can be used freely for any purpose. Any derived versions of this
11 .\" software must be clearly marked as such, and if the derived work is
12 .\" incompatible with the protocol description in the RFC file, it must be
13 .\" called by a name other than "ssh" or "Secure Shell".
16 .\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
17 .\" Copyright (c) 1999 Aaron Campbell. All rights reserved.
18 .\" Copyright (c) 1999 Theo de Raadt. All rights reserved.
20 .\" Redistribution and use in source and binary forms, with or without
21 .\" modification, are permitted provided that the following conditions
23 .\" 1. Redistributions of source code must retain the above copyright
24 .\" notice, this list of conditions and the following disclaimer.
25 .\" 2. Redistributions in binary form must reproduce the above copyright
26 .\" notice, this list of conditions and the following disclaimer in the
27 .\" documentation and/or other materials provided with the distribution.
29 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
30 .\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
31 .\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
32 .\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
33 .\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
34 .\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
35 .\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
36 .\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
37 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
38 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
40 .Dd September 25, 1999
45 .Nd authentication key generation, management and conversion
52 .Op Fl N Ar new_passphrase
54 .Op Fl f Ar output_keyfile
58 .Op Fl P Ar old_passphrase
59 .Op Fl N Ar new_passphrase
63 .Op Fl f Ar input_keyfile
66 .Op Fl f Ar input_keyfile
69 .Op Fl f Ar input_keyfile
72 .Op Fl P Ar passphrase
77 .Op Fl f Ar input_keyfile
80 .Op Fl f Ar input_keyfile
85 .Op Fl f Ar input_keyfile
88 .Op Fl f Ar input_keyfile
95 .Op Fl S Ar start_point
100 .Op Fl a Ar num_trials
101 .Op Fl W Ar generator
104 generates, manages and converts authentication keys for
107 can create RSA keys for use by SSH protocol version 1 and RSA or DSA
108 keys for use by SSH protocol version 2.
109 The type of key to be generated is specified with the
114 is also used to generate groups for use in Diffie-Hellman group
117 .Sx MODULI GENERATION
120 Normally each user wishing to use SSH
121 with RSA or DSA authentication runs this once to create the authentication
123 .Pa $HOME/.ssh/identity ,
124 .Pa $HOME/.ssh/id_dsa
126 .Pa $HOME/.ssh/id_rsa .
127 Additionally, the system administrator may use this to generate host keys,
131 Normally this program generates the key and asks for a file in which
132 to store the private key.
133 The public key is stored in a file with the same name but
136 The program also asks for a passphrase.
137 The passphrase may be empty to indicate no passphrase
138 (host keys must have an empty passphrase), or it may be a string of
140 A passphrase is similar to a password, except it can be a phrase with a
141 series of words, punctuation, numbers, whitespace, or any string of
143 Good passphrases are 10-30 characters long, are
144 not simple sentences or otherwise easily guessable (English
145 prose has only 1-2 bits of entropy per character, and provides very bad
146 passphrases), and contain a mix of upper and lowercase letters,
147 numbers, and non-alphanumeric characters.
148 The passphrase can be changed later by using the
152 There is no way to recover a lost passphrase.
154 lost or forgotten, a new key must be generated and copied to the
155 corresponding public key to other machines.
158 there is also a comment field in the key file that is only for
159 convenience to the user to help identify the key.
160 The comment can tell what the key is for, or whatever is useful.
161 The comment is initialized to
163 when the key is created, but can be changed using the
167 After a key is generated, instructions below detail where the keys
168 should be placed to be activated.
170 The options are as follows:
173 Specifies the number of primality tests to perform when screening DH-GEX
178 Specifies the number of bits in the key to create.
180 Generally, 1024 bits is considered sufficient.
181 The default is 1024 bits.
183 Requests changing the comment in the private and public key files.
184 This operation is only supported for RSA1 keys.
185 The program will prompt for the file containing the private keys, for
186 the passphrase if the key has one, and for the new comment.
188 This option will read a private or public OpenSSH key file and
190 .Sq SECSH Public Key File Format
192 This option allows exporting keys for use by several commercial
195 Use generic DNS format when printing fingerprint resource records using the
199 Specifies the filename of the key file.
201 This option will read an unencrypted private (or public) key file
202 in SSH2-compatible format and print an OpenSSH compatible private
203 (or public) key to stdout.
206 .Sq SECSH Public Key File Format .
207 This option allows importing keys from several commercial
210 Show fingerprint of specified public key file.
211 Private RSA1 keys are also supported.
214 tries to find the matching public key file and prints its fingerprint.
216 Requests changing the passphrase of a private key file instead of
217 creating a new private key.
218 The program will prompt for the file
219 containing the private key, for the old passphrase, and twice for the
226 when creating a new key.
228 This option will read a private
229 OpenSSH format file and print an OpenSSH public key to stdout.
231 Specifies the type of the key to create.
232 The possible values are
234 for protocol version 1 and
238 for protocol version 2.
240 Show the bubblebabble digest of specified private or public key file.
242 Provides the new comment.
244 Download the RSA public key stored in the smartcard in
246 .It Fl G Ar output_file
247 Generate candidate primes for DH-GEX.
248 These primes must be screened for
253 Specify the amount of memory to use (in megabytes) when generating
254 candidate moduli for DH-GEX.
255 .It Fl N Ar new_passphrase
256 Provides the new passphrase.
257 .It Fl P Ar passphrase
258 Provides the (old) passphrase.
260 Specify start point (in hex) when generating candidate moduli for DH-GEX.
261 .It Fl T Ar output_file
262 Test DH group exchange candidate primes (generated using the
265 .It Fl W Ar generator
266 Specify desired generator when testing candidate moduli for DH-GEX.
268 Upload an existing RSA private key into the smartcard in
274 to print debugging messages about its progress.
275 This is helpful for debugging moduli generation.
278 options increase the verbosity.
281 Print the SSHFP fingerprint resource record named
283 for the specified public key file.
285 .Sh MODULI GENERATION
287 may be used to generate groups for the Diffie-Hellman Group Exchange
289 Generating these groups is a two-step process: first, candidate
290 primes are generated using a fast, but memory intensive process.
291 These candidate primes are then tested for suitability (a CPU-intensive
294 Generation of primes is performed using the
297 The desired length of the primes may be specified by the
302 .Dl ssh-keygen -G moduli-2048.candidates -b 2048
304 By default, the search for primes begins at a random point in the
305 desired length range.
306 This may be overridden using the
308 option, which specifies a different start point (in hex).
310 Once a set of candidates have been generated, they must be tested for
312 This may be performed using the
317 will read candidates from standard input (or a file specified using the
322 .Dl ssh-keygen -T moduli-2048 -f moduli-2048.candidates
324 By default, each candidate will be subjected to 100 primality tests.
325 This may be overridden using the
328 The DH generator value will be chosen automatically for the
329 prime under consideration.
330 If a specific generator is desired, it may be requested using the
333 Valid generator values are 2, 3 and 5.
335 Screened DH groups may be installed in
337 It is important that this file contains moduli of a range of bit lengths and
338 that both ends of a connection share common moduli.
341 .It Pa $HOME/.ssh/identity
342 Contains the protocol version 1 RSA authentication identity of the user.
343 This file should not be readable by anyone but the user.
345 specify a passphrase when generating the key; that passphrase will be
346 used to encrypt the private part of this file using 3DES.
347 This file is not automatically accessed by
349 but it is offered as the default file for the private key.
351 will read this file when a login attempt is made.
352 .It Pa $HOME/.ssh/identity.pub
353 Contains the protocol version 1 RSA public key for authentication.
354 The contents of this file should be added to
355 .Pa $HOME/.ssh/authorized_keys
357 where the user wishes to log in using RSA authentication.
358 There is no need to keep the contents of this file secret.
359 .It Pa $HOME/.ssh/id_dsa
360 Contains the protocol version 2 DSA authentication identity of the user.
361 This file should not be readable by anyone but the user.
363 specify a passphrase when generating the key; that passphrase will be
364 used to encrypt the private part of this file using 3DES.
365 This file is not automatically accessed by
367 but it is offered as the default file for the private key.
369 will read this file when a login attempt is made.
370 .It Pa $HOME/.ssh/id_dsa.pub
371 Contains the protocol version 2 DSA public key for authentication.
372 The contents of this file should be added to
373 .Pa $HOME/.ssh/authorized_keys
375 where the user wishes to log in using public key authentication.
376 There is no need to keep the contents of this file secret.
377 .It Pa $HOME/.ssh/id_rsa
378 Contains the protocol version 2 RSA authentication identity of the user.
379 This file should not be readable by anyone but the user.
381 specify a passphrase when generating the key; that passphrase will be
382 used to encrypt the private part of this file using 3DES.
383 This file is not automatically accessed by
385 but it is offered as the default file for the private key.
387 will read this file when a login attempt is made.
388 .It Pa $HOME/.ssh/id_rsa.pub
389 Contains the protocol version 2 RSA public key for authentication.
390 The contents of this file should be added to
391 .Pa $HOME/.ssh/authorized_keys
393 where the user wishes to log in using public key authentication.
394 There is no need to keep the contents of this file secret.
396 Contains Diffie-Hellman groups used for DH-GEX.
397 The file format is described in
409 .%T "SECSH Public Key File Format"
410 .%N draft-ietf-secsh-publickeyfile-01.txt
412 .%O work in progress material
415 OpenSSH is a derivative of the original and free
416 ssh 1.2.12 release by Tatu Ylonen.
417 Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
418 Theo de Raadt and Dug Song
419 removed many bugs, re-added newer features and
421 Markus Friedl contributed the support for SSH
422 protocol versions 1.5 and 2.0.