2001-11-12 07:52:44 +08:00
|
|
|
.\" $OpenBSD: ssh-keygen.1,v 1.50 2001/10/25 21:14:32 markus Exp $
|
2001-01-29 15:39:26 +08:00
|
|
|
.\"
|
1999-10-29 07:15:49 +08:00
|
|
|
.\" -*- nroff -*-
|
|
|
|
.\"
|
|
|
|
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
|
|
|
|
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
|
|
|
.\" All rights reserved
|
|
|
|
.\"
|
2000-09-16 10:29:08 +08:00
|
|
|
.\" As far as I am concerned, the code I have written for this software
|
|
|
|
.\" can be used freely for any purpose. Any derived versions of this
|
|
|
|
.\" software must be clearly marked as such, and if the derived work is
|
|
|
|
.\" incompatible with the protocol description in the RFC file, it must be
|
|
|
|
.\" called by a name other than "ssh" or "Secure Shell".
|
|
|
|
.\"
|
|
|
|
.\"
|
2001-03-05 14:59:27 +08:00
|
|
|
.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved.
|
|
|
|
.\" Copyright (c) 1999 Aaron Campbell. All rights reserved.
|
|
|
|
.\" Copyright (c) 1999 Theo de Raadt. All rights reserved.
|
2000-09-16 10:29:08 +08:00
|
|
|
.\"
|
|
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
|
|
.\" modification, are permitted provided that the following conditions
|
|
|
|
.\" are met:
|
|
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
|
|
.\" documentation and/or other materials provided with the distribution.
|
1999-10-29 07:15:49 +08:00
|
|
|
.\"
|
2000-09-16 10:29:08 +08:00
|
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
|
|
|
.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
|
|
.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
|
|
.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
|
|
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
|
|
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
|
|
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
|
|
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
|
|
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
|
|
|
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
1999-10-29 07:15:49 +08:00
|
|
|
.\"
|
|
|
|
.Dd September 25, 1999
|
|
|
|
.Dt SSH-KEYGEN 1
|
|
|
|
.Os
|
|
|
|
.Sh NAME
|
|
|
|
.Nm ssh-keygen
|
2001-04-23 01:15:46 +08:00
|
|
|
.Nd authentication key generation, management and conversion
|
1999-10-29 07:15:49 +08:00
|
|
|
.Sh SYNOPSIS
|
|
|
|
.Nm ssh-keygen
|
2000-11-13 19:57:25 +08:00
|
|
|
.Op Fl q
|
1999-10-29 07:15:49 +08:00
|
|
|
.Op Fl b Ar bits
|
2000-11-13 19:57:25 +08:00
|
|
|
.Op Fl t Ar type
|
1999-10-29 07:15:49 +08:00
|
|
|
.Op Fl N Ar new_passphrase
|
|
|
|
.Op Fl C Ar comment
|
2000-09-02 07:08:09 +08:00
|
|
|
.Op Fl f Ar output_keyfile
|
1999-10-29 07:15:49 +08:00
|
|
|
.Nm ssh-keygen
|
|
|
|
.Fl p
|
|
|
|
.Op Fl P Ar old_passphrase
|
|
|
|
.Op Fl N Ar new_passphrase
|
1999-11-17 14:29:08 +08:00
|
|
|
.Op Fl f Ar keyfile
|
1999-10-29 07:15:49 +08:00
|
|
|
.Nm ssh-keygen
|
2001-04-23 01:15:46 +08:00
|
|
|
.Fl i
|
2000-09-02 07:08:09 +08:00
|
|
|
.Op Fl f Ar input_keyfile
|
- Remove references to SSLeay.
- Big OpenBSD CVS update
- markus@cvs.openbsd.org
[clientloop.c]
- typo
[session.c]
- update proctitle on pty alloc/dealloc, e.g. w/ windows client
[session.c]
- update proctitle for proto 1, too
[channels.h nchan.c serverloop.c session.c sshd.c]
- use c-style comments
- deraadt@cvs.openbsd.org
[scp.c]
- more atomicio
- markus@cvs.openbsd.org
[channels.c]
- set O_NONBLOCK
[ssh.1]
- update AUTHOR
[readconf.c ssh-keygen.c ssh.h]
- default DSA key file ~/.ssh/id_dsa
[clientloop.c]
- typo, rm verbose debug
- deraadt@cvs.openbsd.org
[ssh-keygen.1]
- document DSA use of ssh-keygen
[sshd.8]
- a start at describing what i understand of the DSA side
[ssh-keygen.1]
- document -X and -x
[ssh-keygen.c]
- simplify usage
- markus@cvs.openbsd.org
[sshd.8]
- there is no rhosts_dsa
[ssh-keygen.1]
- document -y, update -X,-x
[nchan.c]
- fix close for non-open ssh1 channels
[servconf.c servconf.h ssh.h sshd.8 sshd.c ]
- s/DsaKey/HostDSAKey/, document option
[sshconnect2.c]
- respect number_of_password_prompts
[channels.c channels.h servconf.c servconf.h session.c sshd.8]
- GatewayPorts for sshd, ok deraadt@
[ssh-add.1 ssh-agent.1 ssh.1]
- more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
[ssh.1]
- more info on proto 2
[sshd.8]
- sync AUTHOR w/ ssh.1
[key.c key.h sshconnect.c]
- print key type when talking about host keys
[packet.c]
- clear padding in ssh2
[dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
- replace broken uuencode w/ libc b64_ntop
[auth2.c]
- log failure before sending the reply
[key.c radix.c uuencode.c]
- remote trailing comments before calling __b64_pton
[auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
[sshconnect2.c sshd.8]
- add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
- Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
2000-05-07 10:03:14 +08:00
|
|
|
.Nm ssh-keygen
|
2001-04-23 01:15:46 +08:00
|
|
|
.Fl e
|
2000-09-02 07:08:09 +08:00
|
|
|
.Op Fl f Ar input_keyfile
|
- Remove references to SSLeay.
- Big OpenBSD CVS update
- markus@cvs.openbsd.org
[clientloop.c]
- typo
[session.c]
- update proctitle on pty alloc/dealloc, e.g. w/ windows client
[session.c]
- update proctitle for proto 1, too
[channels.h nchan.c serverloop.c session.c sshd.c]
- use c-style comments
- deraadt@cvs.openbsd.org
[scp.c]
- more atomicio
- markus@cvs.openbsd.org
[channels.c]
- set O_NONBLOCK
[ssh.1]
- update AUTHOR
[readconf.c ssh-keygen.c ssh.h]
- default DSA key file ~/.ssh/id_dsa
[clientloop.c]
- typo, rm verbose debug
- deraadt@cvs.openbsd.org
[ssh-keygen.1]
- document DSA use of ssh-keygen
[sshd.8]
- a start at describing what i understand of the DSA side
[ssh-keygen.1]
- document -X and -x
[ssh-keygen.c]
- simplify usage
- markus@cvs.openbsd.org
[sshd.8]
- there is no rhosts_dsa
[ssh-keygen.1]
- document -y, update -X,-x
[nchan.c]
- fix close for non-open ssh1 channels
[servconf.c servconf.h ssh.h sshd.8 sshd.c ]
- s/DsaKey/HostDSAKey/, document option
[sshconnect2.c]
- respect number_of_password_prompts
[channels.c channels.h servconf.c servconf.h session.c sshd.8]
- GatewayPorts for sshd, ok deraadt@
[ssh-add.1 ssh-agent.1 ssh.1]
- more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
[ssh.1]
- more info on proto 2
[sshd.8]
- sync AUTHOR w/ ssh.1
[key.c key.h sshconnect.c]
- print key type when talking about host keys
[packet.c]
- clear padding in ssh2
[dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
- replace broken uuencode w/ libc b64_ntop
[auth2.c]
- log failure before sending the reply
[key.c radix.c uuencode.c]
- remote trailing comments before calling __b64_pton
[auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
[sshconnect2.c sshd.8]
- add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
- Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
2000-05-07 10:03:14 +08:00
|
|
|
.Nm ssh-keygen
|
|
|
|
.Fl y
|
2000-09-02 07:08:09 +08:00
|
|
|
.Op Fl f Ar input_keyfile
|
- Remove references to SSLeay.
- Big OpenBSD CVS update
- markus@cvs.openbsd.org
[clientloop.c]
- typo
[session.c]
- update proctitle on pty alloc/dealloc, e.g. w/ windows client
[session.c]
- update proctitle for proto 1, too
[channels.h nchan.c serverloop.c session.c sshd.c]
- use c-style comments
- deraadt@cvs.openbsd.org
[scp.c]
- more atomicio
- markus@cvs.openbsd.org
[channels.c]
- set O_NONBLOCK
[ssh.1]
- update AUTHOR
[readconf.c ssh-keygen.c ssh.h]
- default DSA key file ~/.ssh/id_dsa
[clientloop.c]
- typo, rm verbose debug
- deraadt@cvs.openbsd.org
[ssh-keygen.1]
- document DSA use of ssh-keygen
[sshd.8]
- a start at describing what i understand of the DSA side
[ssh-keygen.1]
- document -X and -x
[ssh-keygen.c]
- simplify usage
- markus@cvs.openbsd.org
[sshd.8]
- there is no rhosts_dsa
[ssh-keygen.1]
- document -y, update -X,-x
[nchan.c]
- fix close for non-open ssh1 channels
[servconf.c servconf.h ssh.h sshd.8 sshd.c ]
- s/DsaKey/HostDSAKey/, document option
[sshconnect2.c]
- respect number_of_password_prompts
[channels.c channels.h servconf.c servconf.h session.c sshd.8]
- GatewayPorts for sshd, ok deraadt@
[ssh-add.1 ssh-agent.1 ssh.1]
- more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
[ssh.1]
- more info on proto 2
[sshd.8]
- sync AUTHOR w/ ssh.1
[key.c key.h sshconnect.c]
- print key type when talking about host keys
[packet.c]
- clear padding in ssh2
[dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
- replace broken uuencode w/ libc b64_ntop
[auth2.c]
- log failure before sending the reply
[key.c radix.c uuencode.c]
- remote trailing comments before calling __b64_pton
[auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
[sshconnect2.c sshd.8]
- add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
- Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
2000-05-07 10:03:14 +08:00
|
|
|
.Nm ssh-keygen
|
1999-10-29 07:15:49 +08:00
|
|
|
.Fl c
|
|
|
|
.Op Fl P Ar passphrase
|
|
|
|
.Op Fl C Ar comment
|
1999-11-17 14:29:08 +08:00
|
|
|
.Op Fl f Ar keyfile
|
|
|
|
.Nm ssh-keygen
|
|
|
|
.Fl l
|
2001-03-12 11:02:17 +08:00
|
|
|
.Op Fl f Ar input_keyfile
|
|
|
|
.Nm ssh-keygen
|
|
|
|
.Fl B
|
2000-09-02 07:08:09 +08:00
|
|
|
.Op Fl f Ar input_keyfile
|
2001-08-07 05:51:34 +08:00
|
|
|
.Nm ssh-keygen
|
|
|
|
.Fl D Ar reader
|
|
|
|
.Nm ssh-keygen
|
|
|
|
.Fl U Ar reader
|
|
|
|
.Op Fl f Ar input_keyfile
|
2000-04-13 10:26:34 +08:00
|
|
|
.Sh DESCRIPTION
|
1999-10-29 07:15:49 +08:00
|
|
|
.Nm
|
2001-04-23 01:15:46 +08:00
|
|
|
generates, manages and converts authentication keys for
|
1999-10-29 07:15:49 +08:00
|
|
|
.Xr ssh 1 .
|
- Remove references to SSLeay.
- Big OpenBSD CVS update
- markus@cvs.openbsd.org
[clientloop.c]
- typo
[session.c]
- update proctitle on pty alloc/dealloc, e.g. w/ windows client
[session.c]
- update proctitle for proto 1, too
[channels.h nchan.c serverloop.c session.c sshd.c]
- use c-style comments
- deraadt@cvs.openbsd.org
[scp.c]
- more atomicio
- markus@cvs.openbsd.org
[channels.c]
- set O_NONBLOCK
[ssh.1]
- update AUTHOR
[readconf.c ssh-keygen.c ssh.h]
- default DSA key file ~/.ssh/id_dsa
[clientloop.c]
- typo, rm verbose debug
- deraadt@cvs.openbsd.org
[ssh-keygen.1]
- document DSA use of ssh-keygen
[sshd.8]
- a start at describing what i understand of the DSA side
[ssh-keygen.1]
- document -X and -x
[ssh-keygen.c]
- simplify usage
- markus@cvs.openbsd.org
[sshd.8]
- there is no rhosts_dsa
[ssh-keygen.1]
- document -y, update -X,-x
[nchan.c]
- fix close for non-open ssh1 channels
[servconf.c servconf.h ssh.h sshd.8 sshd.c ]
- s/DsaKey/HostDSAKey/, document option
[sshconnect2.c]
- respect number_of_password_prompts
[channels.c channels.h servconf.c servconf.h session.c sshd.8]
- GatewayPorts for sshd, ok deraadt@
[ssh-add.1 ssh-agent.1 ssh.1]
- more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
[ssh.1]
- more info on proto 2
[sshd.8]
- sync AUTHOR w/ ssh.1
[key.c key.h sshconnect.c]
- print key type when talking about host keys
[packet.c]
- clear padding in ssh2
[dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
- replace broken uuencode w/ libc b64_ntop
[auth2.c]
- log failure before sending the reply
[key.c radix.c uuencode.c]
- remote trailing comments before calling __b64_pton
[auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
[sshconnect2.c sshd.8]
- add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
- Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
2000-05-07 10:03:14 +08:00
|
|
|
.Nm
|
2001-04-23 21:02:16 +08:00
|
|
|
defaults to generating a RSA1 key for use by SSH protocol version 1.
|
2001-08-07 05:00:27 +08:00
|
|
|
Specifying the
|
2000-11-13 19:57:25 +08:00
|
|
|
.Fl t
|
2001-09-13 02:35:30 +08:00
|
|
|
option instead creates a key for use by SSH protocol version 2.
|
- Remove references to SSLeay.
- Big OpenBSD CVS update
- markus@cvs.openbsd.org
[clientloop.c]
- typo
[session.c]
- update proctitle on pty alloc/dealloc, e.g. w/ windows client
[session.c]
- update proctitle for proto 1, too
[channels.h nchan.c serverloop.c session.c sshd.c]
- use c-style comments
- deraadt@cvs.openbsd.org
[scp.c]
- more atomicio
- markus@cvs.openbsd.org
[channels.c]
- set O_NONBLOCK
[ssh.1]
- update AUTHOR
[readconf.c ssh-keygen.c ssh.h]
- default DSA key file ~/.ssh/id_dsa
[clientloop.c]
- typo, rm verbose debug
- deraadt@cvs.openbsd.org
[ssh-keygen.1]
- document DSA use of ssh-keygen
[sshd.8]
- a start at describing what i understand of the DSA side
[ssh-keygen.1]
- document -X and -x
[ssh-keygen.c]
- simplify usage
- markus@cvs.openbsd.org
[sshd.8]
- there is no rhosts_dsa
[ssh-keygen.1]
- document -y, update -X,-x
[nchan.c]
- fix close for non-open ssh1 channels
[servconf.c servconf.h ssh.h sshd.8 sshd.c ]
- s/DsaKey/HostDSAKey/, document option
[sshconnect2.c]
- respect number_of_password_prompts
[channels.c channels.h servconf.c servconf.h session.c sshd.8]
- GatewayPorts for sshd, ok deraadt@
[ssh-add.1 ssh-agent.1 ssh.1]
- more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
[ssh.1]
- more info on proto 2
[sshd.8]
- sync AUTHOR w/ ssh.1
[key.c key.h sshconnect.c]
- print key type when talking about host keys
[packet.c]
- clear padding in ssh2
[dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
- replace broken uuencode w/ libc b64_ntop
[auth2.c]
- log failure before sending the reply
[key.c radix.c uuencode.c]
- remote trailing comments before calling __b64_pton
[auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
[sshconnect2.c sshd.8]
- add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
- Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
2000-05-07 10:03:14 +08:00
|
|
|
.Pp
|
1999-10-29 07:15:49 +08:00
|
|
|
Normally each user wishing to use SSH
|
- Remove references to SSLeay.
- Big OpenBSD CVS update
- markus@cvs.openbsd.org
[clientloop.c]
- typo
[session.c]
- update proctitle on pty alloc/dealloc, e.g. w/ windows client
[session.c]
- update proctitle for proto 1, too
[channels.h nchan.c serverloop.c session.c sshd.c]
- use c-style comments
- deraadt@cvs.openbsd.org
[scp.c]
- more atomicio
- markus@cvs.openbsd.org
[channels.c]
- set O_NONBLOCK
[ssh.1]
- update AUTHOR
[readconf.c ssh-keygen.c ssh.h]
- default DSA key file ~/.ssh/id_dsa
[clientloop.c]
- typo, rm verbose debug
- deraadt@cvs.openbsd.org
[ssh-keygen.1]
- document DSA use of ssh-keygen
[sshd.8]
- a start at describing what i understand of the DSA side
[ssh-keygen.1]
- document -X and -x
[ssh-keygen.c]
- simplify usage
- markus@cvs.openbsd.org
[sshd.8]
- there is no rhosts_dsa
[ssh-keygen.1]
- document -y, update -X,-x
[nchan.c]
- fix close for non-open ssh1 channels
[servconf.c servconf.h ssh.h sshd.8 sshd.c ]
- s/DsaKey/HostDSAKey/, document option
[sshconnect2.c]
- respect number_of_password_prompts
[channels.c channels.h servconf.c servconf.h session.c sshd.8]
- GatewayPorts for sshd, ok deraadt@
[ssh-add.1 ssh-agent.1 ssh.1]
- more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
[ssh.1]
- more info on proto 2
[sshd.8]
- sync AUTHOR w/ ssh.1
[key.c key.h sshconnect.c]
- print key type when talking about host keys
[packet.c]
- clear padding in ssh2
[dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
- replace broken uuencode w/ libc b64_ntop
[auth2.c]
- log failure before sending the reply
[key.c radix.c uuencode.c]
- remote trailing comments before calling __b64_pton
[auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
[sshconnect2.c sshd.8]
- add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
- Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
2000-05-07 10:03:14 +08:00
|
|
|
with RSA or DSA authentication runs this once to create the authentication
|
1999-10-29 07:15:49 +08:00
|
|
|
key in
|
2001-04-11 23:59:35 +08:00
|
|
|
.Pa $HOME/.ssh/identity ,
|
|
|
|
.Pa $HOME/.ssh/id_dsa
|
- Remove references to SSLeay.
- Big OpenBSD CVS update
- markus@cvs.openbsd.org
[clientloop.c]
- typo
[session.c]
- update proctitle on pty alloc/dealloc, e.g. w/ windows client
[session.c]
- update proctitle for proto 1, too
[channels.h nchan.c serverloop.c session.c sshd.c]
- use c-style comments
- deraadt@cvs.openbsd.org
[scp.c]
- more atomicio
- markus@cvs.openbsd.org
[channels.c]
- set O_NONBLOCK
[ssh.1]
- update AUTHOR
[readconf.c ssh-keygen.c ssh.h]
- default DSA key file ~/.ssh/id_dsa
[clientloop.c]
- typo, rm verbose debug
- deraadt@cvs.openbsd.org
[ssh-keygen.1]
- document DSA use of ssh-keygen
[sshd.8]
- a start at describing what i understand of the DSA side
[ssh-keygen.1]
- document -X and -x
[ssh-keygen.c]
- simplify usage
- markus@cvs.openbsd.org
[sshd.8]
- there is no rhosts_dsa
[ssh-keygen.1]
- document -y, update -X,-x
[nchan.c]
- fix close for non-open ssh1 channels
[servconf.c servconf.h ssh.h sshd.8 sshd.c ]
- s/DsaKey/HostDSAKey/, document option
[sshconnect2.c]
- respect number_of_password_prompts
[channels.c channels.h servconf.c servconf.h session.c sshd.8]
- GatewayPorts for sshd, ok deraadt@
[ssh-add.1 ssh-agent.1 ssh.1]
- more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
[ssh.1]
- more info on proto 2
[sshd.8]
- sync AUTHOR w/ ssh.1
[key.c key.h sshconnect.c]
- print key type when talking about host keys
[packet.c]
- clear padding in ssh2
[dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
- replace broken uuencode w/ libc b64_ntop
[auth2.c]
- log failure before sending the reply
[key.c radix.c uuencode.c]
- remote trailing comments before calling __b64_pton
[auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
[sshconnect2.c sshd.8]
- add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
- Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
2000-05-07 10:03:14 +08:00
|
|
|
or
|
2001-04-11 23:59:35 +08:00
|
|
|
.Pa $HOME/.ssh/id_rsa .
|
- Remove references to SSLeay.
- Big OpenBSD CVS update
- markus@cvs.openbsd.org
[clientloop.c]
- typo
[session.c]
- update proctitle on pty alloc/dealloc, e.g. w/ windows client
[session.c]
- update proctitle for proto 1, too
[channels.h nchan.c serverloop.c session.c sshd.c]
- use c-style comments
- deraadt@cvs.openbsd.org
[scp.c]
- more atomicio
- markus@cvs.openbsd.org
[channels.c]
- set O_NONBLOCK
[ssh.1]
- update AUTHOR
[readconf.c ssh-keygen.c ssh.h]
- default DSA key file ~/.ssh/id_dsa
[clientloop.c]
- typo, rm verbose debug
- deraadt@cvs.openbsd.org
[ssh-keygen.1]
- document DSA use of ssh-keygen
[sshd.8]
- a start at describing what i understand of the DSA side
[ssh-keygen.1]
- document -X and -x
[ssh-keygen.c]
- simplify usage
- markus@cvs.openbsd.org
[sshd.8]
- there is no rhosts_dsa
[ssh-keygen.1]
- document -y, update -X,-x
[nchan.c]
- fix close for non-open ssh1 channels
[servconf.c servconf.h ssh.h sshd.8 sshd.c ]
- s/DsaKey/HostDSAKey/, document option
[sshconnect2.c]
- respect number_of_password_prompts
[channels.c channels.h servconf.c servconf.h session.c sshd.8]
- GatewayPorts for sshd, ok deraadt@
[ssh-add.1 ssh-agent.1 ssh.1]
- more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
[ssh.1]
- more info on proto 2
[sshd.8]
- sync AUTHOR w/ ssh.1
[key.c key.h sshconnect.c]
- print key type when talking about host keys
[packet.c]
- clear padding in ssh2
[dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
- replace broken uuencode w/ libc b64_ntop
[auth2.c]
- log failure before sending the reply
[key.c radix.c uuencode.c]
- remote trailing comments before calling __b64_pton
[auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
[sshconnect2.c sshd.8]
- add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
- Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
2000-05-07 10:03:14 +08:00
|
|
|
Additionally, the system administrator may use this to generate host keys,
|
|
|
|
as seen in
|
|
|
|
.Pa /etc/rc .
|
1999-10-29 07:15:49 +08:00
|
|
|
.Pp
|
|
|
|
Normally this program generates the key and asks for a file in which
|
2000-03-26 11:04:51 +08:00
|
|
|
to store the private key.
|
|
|
|
The public key is stored in a file with the same name but
|
1999-10-29 07:15:49 +08:00
|
|
|
.Dq .pub
|
2000-03-26 11:04:51 +08:00
|
|
|
appended.
|
|
|
|
The program also asks for a passphrase.
|
|
|
|
The passphrase may be empty to indicate no passphrase
|
2001-01-18 10:04:35 +08:00
|
|
|
(host keys must have an empty passphrase), or it may be a string of
|
2000-03-26 11:04:51 +08:00
|
|
|
arbitrary length.
|
|
|
|
Good passphrases are 10-30 characters long and are
|
1999-10-29 07:15:49 +08:00
|
|
|
not simple sentences or otherwise easily guessable (English
|
2001-06-09 09:13:40 +08:00
|
|
|
prose has only 1-2 bits of entropy per character, and provides very bad
|
2000-03-26 11:04:51 +08:00
|
|
|
passphrases).
|
|
|
|
The passphrase can be changed later by using the
|
1999-10-29 07:15:49 +08:00
|
|
|
.Fl p
|
|
|
|
option.
|
|
|
|
.Pp
|
2000-03-26 11:04:51 +08:00
|
|
|
There is no way to recover a lost passphrase.
|
|
|
|
If the passphrase is
|
2001-09-13 02:35:30 +08:00
|
|
|
lost or forgotten, a new key must be generated and copied to the
|
1999-10-29 07:15:49 +08:00
|
|
|
corresponding public key to other machines.
|
|
|
|
.Pp
|
2001-04-23 01:15:46 +08:00
|
|
|
For RSA1 keys,
|
|
|
|
there is also a comment field in the key file that is only for
|
2000-03-26 11:04:51 +08:00
|
|
|
convenience to the user to help identify the key.
|
|
|
|
The comment can tell what the key is for, or whatever is useful.
|
|
|
|
The comment is initialized to
|
1999-10-29 07:15:49 +08:00
|
|
|
.Dq user@host
|
|
|
|
when the key is created, but can be changed using the
|
|
|
|
.Fl c
|
|
|
|
option.
|
|
|
|
.Pp
|
- Remove references to SSLeay.
- Big OpenBSD CVS update
- markus@cvs.openbsd.org
[clientloop.c]
- typo
[session.c]
- update proctitle on pty alloc/dealloc, e.g. w/ windows client
[session.c]
- update proctitle for proto 1, too
[channels.h nchan.c serverloop.c session.c sshd.c]
- use c-style comments
- deraadt@cvs.openbsd.org
[scp.c]
- more atomicio
- markus@cvs.openbsd.org
[channels.c]
- set O_NONBLOCK
[ssh.1]
- update AUTHOR
[readconf.c ssh-keygen.c ssh.h]
- default DSA key file ~/.ssh/id_dsa
[clientloop.c]
- typo, rm verbose debug
- deraadt@cvs.openbsd.org
[ssh-keygen.1]
- document DSA use of ssh-keygen
[sshd.8]
- a start at describing what i understand of the DSA side
[ssh-keygen.1]
- document -X and -x
[ssh-keygen.c]
- simplify usage
- markus@cvs.openbsd.org
[sshd.8]
- there is no rhosts_dsa
[ssh-keygen.1]
- document -y, update -X,-x
[nchan.c]
- fix close for non-open ssh1 channels
[servconf.c servconf.h ssh.h sshd.8 sshd.c ]
- s/DsaKey/HostDSAKey/, document option
[sshconnect2.c]
- respect number_of_password_prompts
[channels.c channels.h servconf.c servconf.h session.c sshd.8]
- GatewayPorts for sshd, ok deraadt@
[ssh-add.1 ssh-agent.1 ssh.1]
- more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
[ssh.1]
- more info on proto 2
[sshd.8]
- sync AUTHOR w/ ssh.1
[key.c key.h sshconnect.c]
- print key type when talking about host keys
[packet.c]
- clear padding in ssh2
[dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
- replace broken uuencode w/ libc b64_ntop
[auth2.c]
- log failure before sending the reply
[key.c radix.c uuencode.c]
- remote trailing comments before calling __b64_pton
[auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
[sshconnect2.c sshd.8]
- add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
- Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
2000-05-07 10:03:14 +08:00
|
|
|
After a key is generated, instructions below detail where the keys
|
|
|
|
should be placed to be activated.
|
|
|
|
.Pp
|
1999-10-29 07:15:49 +08:00
|
|
|
The options are as follows:
|
|
|
|
.Bl -tag -width Ds
|
|
|
|
.It Fl b Ar bits
|
2000-03-26 11:04:51 +08:00
|
|
|
Specifies the number of bits in the key to create.
|
|
|
|
Minimum is 512 bits.
|
|
|
|
Generally 1024 bits is considered sufficient, and key sizes
|
|
|
|
above that no longer improve security but make things slower.
|
|
|
|
The default is 1024 bits.
|
1999-10-29 07:15:49 +08:00
|
|
|
.It Fl c
|
|
|
|
Requests changing the comment in the private and public key files.
|
2001-11-12 07:52:44 +08:00
|
|
|
This operation is only supported for RSA1 keys.
|
1999-10-29 07:15:49 +08:00
|
|
|
The program will prompt for the file containing the private keys, for
|
2001-05-06 11:01:02 +08:00
|
|
|
the passphrase if the key has one, and for the new comment.
|
2001-04-23 01:15:46 +08:00
|
|
|
.It Fl e
|
2001-04-25 00:56:58 +08:00
|
|
|
This option will read a private or public OpenSSH key file and
|
|
|
|
print the key in a
|
2001-04-23 01:15:46 +08:00
|
|
|
.Sq SECSH Public Key File Format
|
|
|
|
to stdout.
|
|
|
|
This option allows exporting keys for use by several commercial
|
|
|
|
SSH implementations.
|
2001-08-07 05:51:34 +08:00
|
|
|
.It Fl f Ar filename
|
1999-11-17 14:29:08 +08:00
|
|
|
Specifies the filename of the key file.
|
2001-04-23 01:15:46 +08:00
|
|
|
.It Fl i
|
|
|
|
This option will read an unencrypted private (or public) key file
|
|
|
|
in SSH2-compatible format and print an OpenSSH compatible private
|
|
|
|
(or public) key to stdout.
|
|
|
|
.Nm
|
2001-04-23 01:19:46 +08:00
|
|
|
also reads the
|
2001-04-23 01:15:46 +08:00
|
|
|
.Sq SECSH Public Key File Format .
|
|
|
|
This option allows importing keys from several commercial
|
|
|
|
SSH implementations.
|
1999-11-17 14:29:08 +08:00
|
|
|
.It Fl l
|
2001-11-12 07:52:44 +08:00
|
|
|
Show fingerprint of specified public key file.
|
|
|
|
Private RSA1 keys are also supported.
|
|
|
|
For RSA and DSA keys
|
|
|
|
.Nm
|
|
|
|
tries to find the matching public key file and prints its fingerprint.
|
1999-10-29 07:15:49 +08:00
|
|
|
.It Fl p
|
|
|
|
Requests changing the passphrase of a private key file instead of
|
2000-03-26 11:04:51 +08:00
|
|
|
creating a new private key.
|
|
|
|
The program will prompt for the file
|
1999-10-29 07:15:49 +08:00
|
|
|
containing the private key, for the old passphrase, and twice for the
|
|
|
|
new passphrase.
|
|
|
|
.It Fl q
|
|
|
|
Silence
|
|
|
|
.Nm ssh-keygen .
|
|
|
|
Used by
|
|
|
|
.Pa /etc/rc
|
|
|
|
when creating a new key.
|
2001-04-23 01:15:46 +08:00
|
|
|
.It Fl y
|
|
|
|
This option will read a private
|
|
|
|
OpenSSH format file and print an OpenSSH public key to stdout.
|
2000-11-13 19:57:25 +08:00
|
|
|
.It Fl t Ar type
|
|
|
|
Specifies the type of the key to create.
|
|
|
|
The possible values are
|
|
|
|
.Dq rsa1
|
|
|
|
for protocol version 1 and
|
|
|
|
.Dq rsa
|
|
|
|
or
|
|
|
|
.Dq dsa
|
|
|
|
for protocol version 2.
|
|
|
|
The default is
|
2001-03-05 13:10:52 +08:00
|
|
|
.Dq rsa1 .
|
2001-03-12 11:02:17 +08:00
|
|
|
.It Fl B
|
|
|
|
Show the bubblebabble digest of specified private or public key file.
|
1999-10-29 07:15:49 +08:00
|
|
|
.It Fl C Ar comment
|
|
|
|
Provides the new comment.
|
2001-08-07 05:51:34 +08:00
|
|
|
.It Fl D Ar reader
|
|
|
|
Download the RSA public key stored in the smartcard in
|
|
|
|
.Ar reader .
|
1999-10-29 07:15:49 +08:00
|
|
|
.It Fl N Ar new_passphrase
|
|
|
|
Provides the new passphrase.
|
|
|
|
.It Fl P Ar passphrase
|
|
|
|
Provides the (old) passphrase.
|
2001-08-07 05:51:34 +08:00
|
|
|
.It Fl U Ar reader
|
|
|
|
Upload an existing RSA private key into the smartcard in
|
|
|
|
.Ar reader .
|
1999-10-29 07:15:49 +08:00
|
|
|
.El
|
|
|
|
.Sh FILES
|
|
|
|
.Bl -tag -width Ds
|
|
|
|
.It Pa $HOME/.ssh/identity
|
2001-04-11 23:59:35 +08:00
|
|
|
Contains the protocol version 1 RSA authentication identity of the user.
|
2000-03-26 11:04:51 +08:00
|
|
|
This file should not be readable by anyone but the user.
|
|
|
|
It is possible to
|
1999-10-29 07:15:49 +08:00
|
|
|
specify a passphrase when generating the key; that passphrase will be
|
2000-03-26 11:04:51 +08:00
|
|
|
used to encrypt the private part of this file using 3DES.
|
|
|
|
This file is not automatically accessed by
|
1999-10-29 07:15:49 +08:00
|
|
|
.Nm
|
|
|
|
but it is offered as the default file for the private key.
|
2001-07-04 11:35:24 +08:00
|
|
|
.Xr ssh 1
|
- Remove references to SSLeay.
- Big OpenBSD CVS update
- markus@cvs.openbsd.org
[clientloop.c]
- typo
[session.c]
- update proctitle on pty alloc/dealloc, e.g. w/ windows client
[session.c]
- update proctitle for proto 1, too
[channels.h nchan.c serverloop.c session.c sshd.c]
- use c-style comments
- deraadt@cvs.openbsd.org
[scp.c]
- more atomicio
- markus@cvs.openbsd.org
[channels.c]
- set O_NONBLOCK
[ssh.1]
- update AUTHOR
[readconf.c ssh-keygen.c ssh.h]
- default DSA key file ~/.ssh/id_dsa
[clientloop.c]
- typo, rm verbose debug
- deraadt@cvs.openbsd.org
[ssh-keygen.1]
- document DSA use of ssh-keygen
[sshd.8]
- a start at describing what i understand of the DSA side
[ssh-keygen.1]
- document -X and -x
[ssh-keygen.c]
- simplify usage
- markus@cvs.openbsd.org
[sshd.8]
- there is no rhosts_dsa
[ssh-keygen.1]
- document -y, update -X,-x
[nchan.c]
- fix close for non-open ssh1 channels
[servconf.c servconf.h ssh.h sshd.8 sshd.c ]
- s/DsaKey/HostDSAKey/, document option
[sshconnect2.c]
- respect number_of_password_prompts
[channels.c channels.h servconf.c servconf.h session.c sshd.8]
- GatewayPorts for sshd, ok deraadt@
[ssh-add.1 ssh-agent.1 ssh.1]
- more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
[ssh.1]
- more info on proto 2
[sshd.8]
- sync AUTHOR w/ ssh.1
[key.c key.h sshconnect.c]
- print key type when talking about host keys
[packet.c]
- clear padding in ssh2
[dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
- replace broken uuencode w/ libc b64_ntop
[auth2.c]
- log failure before sending the reply
[key.c radix.c uuencode.c]
- remote trailing comments before calling __b64_pton
[auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
[sshconnect2.c sshd.8]
- add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
- Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
2000-05-07 10:03:14 +08:00
|
|
|
will read this file when a login attempt is made.
|
1999-10-29 07:15:49 +08:00
|
|
|
.It Pa $HOME/.ssh/identity.pub
|
2001-04-11 23:59:35 +08:00
|
|
|
Contains the protocol version 1 RSA public key for authentication.
|
2000-03-26 11:04:51 +08:00
|
|
|
The contents of this file should be added to
|
1999-10-29 07:15:49 +08:00
|
|
|
.Pa $HOME/.ssh/authorized_keys
|
|
|
|
on all machines
|
2001-09-13 02:35:30 +08:00
|
|
|
where the user wishes to log in using RSA authentication.
|
2000-03-26 11:04:51 +08:00
|
|
|
There is no need to keep the contents of this file secret.
|
- Remove references to SSLeay.
- Big OpenBSD CVS update
- markus@cvs.openbsd.org
[clientloop.c]
- typo
[session.c]
- update proctitle on pty alloc/dealloc, e.g. w/ windows client
[session.c]
- update proctitle for proto 1, too
[channels.h nchan.c serverloop.c session.c sshd.c]
- use c-style comments
- deraadt@cvs.openbsd.org
[scp.c]
- more atomicio
- markus@cvs.openbsd.org
[channels.c]
- set O_NONBLOCK
[ssh.1]
- update AUTHOR
[readconf.c ssh-keygen.c ssh.h]
- default DSA key file ~/.ssh/id_dsa
[clientloop.c]
- typo, rm verbose debug
- deraadt@cvs.openbsd.org
[ssh-keygen.1]
- document DSA use of ssh-keygen
[sshd.8]
- a start at describing what i understand of the DSA side
[ssh-keygen.1]
- document -X and -x
[ssh-keygen.c]
- simplify usage
- markus@cvs.openbsd.org
[sshd.8]
- there is no rhosts_dsa
[ssh-keygen.1]
- document -y, update -X,-x
[nchan.c]
- fix close for non-open ssh1 channels
[servconf.c servconf.h ssh.h sshd.8 sshd.c ]
- s/DsaKey/HostDSAKey/, document option
[sshconnect2.c]
- respect number_of_password_prompts
[channels.c channels.h servconf.c servconf.h session.c sshd.8]
- GatewayPorts for sshd, ok deraadt@
[ssh-add.1 ssh-agent.1 ssh.1]
- more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
[ssh.1]
- more info on proto 2
[sshd.8]
- sync AUTHOR w/ ssh.1
[key.c key.h sshconnect.c]
- print key type when talking about host keys
[packet.c]
- clear padding in ssh2
[dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
- replace broken uuencode w/ libc b64_ntop
[auth2.c]
- log failure before sending the reply
[key.c radix.c uuencode.c]
- remote trailing comments before calling __b64_pton
[auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
[sshconnect2.c sshd.8]
- add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
- Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
2000-05-07 10:03:14 +08:00
|
|
|
.It Pa $HOME/.ssh/id_dsa
|
2001-04-11 23:59:35 +08:00
|
|
|
Contains the protocol version 2 DSA authentication identity of the user.
|
- Remove references to SSLeay.
- Big OpenBSD CVS update
- markus@cvs.openbsd.org
[clientloop.c]
- typo
[session.c]
- update proctitle on pty alloc/dealloc, e.g. w/ windows client
[session.c]
- update proctitle for proto 1, too
[channels.h nchan.c serverloop.c session.c sshd.c]
- use c-style comments
- deraadt@cvs.openbsd.org
[scp.c]
- more atomicio
- markus@cvs.openbsd.org
[channels.c]
- set O_NONBLOCK
[ssh.1]
- update AUTHOR
[readconf.c ssh-keygen.c ssh.h]
- default DSA key file ~/.ssh/id_dsa
[clientloop.c]
- typo, rm verbose debug
- deraadt@cvs.openbsd.org
[ssh-keygen.1]
- document DSA use of ssh-keygen
[sshd.8]
- a start at describing what i understand of the DSA side
[ssh-keygen.1]
- document -X and -x
[ssh-keygen.c]
- simplify usage
- markus@cvs.openbsd.org
[sshd.8]
- there is no rhosts_dsa
[ssh-keygen.1]
- document -y, update -X,-x
[nchan.c]
- fix close for non-open ssh1 channels
[servconf.c servconf.h ssh.h sshd.8 sshd.c ]
- s/DsaKey/HostDSAKey/, document option
[sshconnect2.c]
- respect number_of_password_prompts
[channels.c channels.h servconf.c servconf.h session.c sshd.8]
- GatewayPorts for sshd, ok deraadt@
[ssh-add.1 ssh-agent.1 ssh.1]
- more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
[ssh.1]
- more info on proto 2
[sshd.8]
- sync AUTHOR w/ ssh.1
[key.c key.h sshconnect.c]
- print key type when talking about host keys
[packet.c]
- clear padding in ssh2
[dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
- replace broken uuencode w/ libc b64_ntop
[auth2.c]
- log failure before sending the reply
[key.c radix.c uuencode.c]
- remote trailing comments before calling __b64_pton
[auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
[sshconnect2.c sshd.8]
- add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
- Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
2000-05-07 10:03:14 +08:00
|
|
|
This file should not be readable by anyone but the user.
|
|
|
|
It is possible to
|
|
|
|
specify a passphrase when generating the key; that passphrase will be
|
|
|
|
used to encrypt the private part of this file using 3DES.
|
|
|
|
This file is not automatically accessed by
|
|
|
|
.Nm
|
|
|
|
but it is offered as the default file for the private key.
|
2001-07-04 11:35:24 +08:00
|
|
|
.Xr ssh 1
|
- Remove references to SSLeay.
- Big OpenBSD CVS update
- markus@cvs.openbsd.org
[clientloop.c]
- typo
[session.c]
- update proctitle on pty alloc/dealloc, e.g. w/ windows client
[session.c]
- update proctitle for proto 1, too
[channels.h nchan.c serverloop.c session.c sshd.c]
- use c-style comments
- deraadt@cvs.openbsd.org
[scp.c]
- more atomicio
- markus@cvs.openbsd.org
[channels.c]
- set O_NONBLOCK
[ssh.1]
- update AUTHOR
[readconf.c ssh-keygen.c ssh.h]
- default DSA key file ~/.ssh/id_dsa
[clientloop.c]
- typo, rm verbose debug
- deraadt@cvs.openbsd.org
[ssh-keygen.1]
- document DSA use of ssh-keygen
[sshd.8]
- a start at describing what i understand of the DSA side
[ssh-keygen.1]
- document -X and -x
[ssh-keygen.c]
- simplify usage
- markus@cvs.openbsd.org
[sshd.8]
- there is no rhosts_dsa
[ssh-keygen.1]
- document -y, update -X,-x
[nchan.c]
- fix close for non-open ssh1 channels
[servconf.c servconf.h ssh.h sshd.8 sshd.c ]
- s/DsaKey/HostDSAKey/, document option
[sshconnect2.c]
- respect number_of_password_prompts
[channels.c channels.h servconf.c servconf.h session.c sshd.8]
- GatewayPorts for sshd, ok deraadt@
[ssh-add.1 ssh-agent.1 ssh.1]
- more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
[ssh.1]
- more info on proto 2
[sshd.8]
- sync AUTHOR w/ ssh.1
[key.c key.h sshconnect.c]
- print key type when talking about host keys
[packet.c]
- clear padding in ssh2
[dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
- replace broken uuencode w/ libc b64_ntop
[auth2.c]
- log failure before sending the reply
[key.c radix.c uuencode.c]
- remote trailing comments before calling __b64_pton
[auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
[sshconnect2.c sshd.8]
- add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
- Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
2000-05-07 10:03:14 +08:00
|
|
|
will read this file when a login attempt is made.
|
|
|
|
.It Pa $HOME/.ssh/id_dsa.pub
|
2001-04-11 23:59:35 +08:00
|
|
|
Contains the protocol version 2 DSA public key for authentication.
|
|
|
|
The contents of this file should be added to
|
2001-06-25 12:17:12 +08:00
|
|
|
.Pa $HOME/.ssh/authorized_keys
|
2001-04-11 23:59:35 +08:00
|
|
|
on all machines
|
2001-09-13 02:35:30 +08:00
|
|
|
where the user wishes to log in using public key authentication.
|
2001-04-11 23:59:35 +08:00
|
|
|
There is no need to keep the contents of this file secret.
|
|
|
|
.It Pa $HOME/.ssh/id_rsa
|
|
|
|
Contains the protocol version 2 RSA authentication identity of the user.
|
|
|
|
This file should not be readable by anyone but the user.
|
|
|
|
It is possible to
|
|
|
|
specify a passphrase when generating the key; that passphrase will be
|
|
|
|
used to encrypt the private part of this file using 3DES.
|
|
|
|
This file is not automatically accessed by
|
|
|
|
.Nm
|
|
|
|
but it is offered as the default file for the private key.
|
2001-07-04 11:35:24 +08:00
|
|
|
.Xr ssh 1
|
2001-04-11 23:59:35 +08:00
|
|
|
will read this file when a login attempt is made.
|
|
|
|
.It Pa $HOME/.ssh/id_rsa.pub
|
|
|
|
Contains the protocol version 2 RSA public key for authentication.
|
- Remove references to SSLeay.
- Big OpenBSD CVS update
- markus@cvs.openbsd.org
[clientloop.c]
- typo
[session.c]
- update proctitle on pty alloc/dealloc, e.g. w/ windows client
[session.c]
- update proctitle for proto 1, too
[channels.h nchan.c serverloop.c session.c sshd.c]
- use c-style comments
- deraadt@cvs.openbsd.org
[scp.c]
- more atomicio
- markus@cvs.openbsd.org
[channels.c]
- set O_NONBLOCK
[ssh.1]
- update AUTHOR
[readconf.c ssh-keygen.c ssh.h]
- default DSA key file ~/.ssh/id_dsa
[clientloop.c]
- typo, rm verbose debug
- deraadt@cvs.openbsd.org
[ssh-keygen.1]
- document DSA use of ssh-keygen
[sshd.8]
- a start at describing what i understand of the DSA side
[ssh-keygen.1]
- document -X and -x
[ssh-keygen.c]
- simplify usage
- markus@cvs.openbsd.org
[sshd.8]
- there is no rhosts_dsa
[ssh-keygen.1]
- document -y, update -X,-x
[nchan.c]
- fix close for non-open ssh1 channels
[servconf.c servconf.h ssh.h sshd.8 sshd.c ]
- s/DsaKey/HostDSAKey/, document option
[sshconnect2.c]
- respect number_of_password_prompts
[channels.c channels.h servconf.c servconf.h session.c sshd.8]
- GatewayPorts for sshd, ok deraadt@
[ssh-add.1 ssh-agent.1 ssh.1]
- more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
[ssh.1]
- more info on proto 2
[sshd.8]
- sync AUTHOR w/ ssh.1
[key.c key.h sshconnect.c]
- print key type when talking about host keys
[packet.c]
- clear padding in ssh2
[dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
- replace broken uuencode w/ libc b64_ntop
[auth2.c]
- log failure before sending the reply
[key.c radix.c uuencode.c]
- remote trailing comments before calling __b64_pton
[auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
[sshconnect2.c sshd.8]
- add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
- Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
2000-05-07 10:03:14 +08:00
|
|
|
The contents of this file should be added to
|
2001-06-25 12:17:12 +08:00
|
|
|
.Pa $HOME/.ssh/authorized_keys
|
- Remove references to SSLeay.
- Big OpenBSD CVS update
- markus@cvs.openbsd.org
[clientloop.c]
- typo
[session.c]
- update proctitle on pty alloc/dealloc, e.g. w/ windows client
[session.c]
- update proctitle for proto 1, too
[channels.h nchan.c serverloop.c session.c sshd.c]
- use c-style comments
- deraadt@cvs.openbsd.org
[scp.c]
- more atomicio
- markus@cvs.openbsd.org
[channels.c]
- set O_NONBLOCK
[ssh.1]
- update AUTHOR
[readconf.c ssh-keygen.c ssh.h]
- default DSA key file ~/.ssh/id_dsa
[clientloop.c]
- typo, rm verbose debug
- deraadt@cvs.openbsd.org
[ssh-keygen.1]
- document DSA use of ssh-keygen
[sshd.8]
- a start at describing what i understand of the DSA side
[ssh-keygen.1]
- document -X and -x
[ssh-keygen.c]
- simplify usage
- markus@cvs.openbsd.org
[sshd.8]
- there is no rhosts_dsa
[ssh-keygen.1]
- document -y, update -X,-x
[nchan.c]
- fix close for non-open ssh1 channels
[servconf.c servconf.h ssh.h sshd.8 sshd.c ]
- s/DsaKey/HostDSAKey/, document option
[sshconnect2.c]
- respect number_of_password_prompts
[channels.c channels.h servconf.c servconf.h session.c sshd.8]
- GatewayPorts for sshd, ok deraadt@
[ssh-add.1 ssh-agent.1 ssh.1]
- more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
[ssh.1]
- more info on proto 2
[sshd.8]
- sync AUTHOR w/ ssh.1
[key.c key.h sshconnect.c]
- print key type when talking about host keys
[packet.c]
- clear padding in ssh2
[dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
- replace broken uuencode w/ libc b64_ntop
[auth2.c]
- log failure before sending the reply
[key.c radix.c uuencode.c]
- remote trailing comments before calling __b64_pton
[auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
[sshconnect2.c sshd.8]
- add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
- Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
2000-05-07 10:03:14 +08:00
|
|
|
on all machines
|
2001-09-13 02:35:30 +08:00
|
|
|
where the user wishes to log in using public key authentication.
|
- Remove references to SSLeay.
- Big OpenBSD CVS update
- markus@cvs.openbsd.org
[clientloop.c]
- typo
[session.c]
- update proctitle on pty alloc/dealloc, e.g. w/ windows client
[session.c]
- update proctitle for proto 1, too
[channels.h nchan.c serverloop.c session.c sshd.c]
- use c-style comments
- deraadt@cvs.openbsd.org
[scp.c]
- more atomicio
- markus@cvs.openbsd.org
[channels.c]
- set O_NONBLOCK
[ssh.1]
- update AUTHOR
[readconf.c ssh-keygen.c ssh.h]
- default DSA key file ~/.ssh/id_dsa
[clientloop.c]
- typo, rm verbose debug
- deraadt@cvs.openbsd.org
[ssh-keygen.1]
- document DSA use of ssh-keygen
[sshd.8]
- a start at describing what i understand of the DSA side
[ssh-keygen.1]
- document -X and -x
[ssh-keygen.c]
- simplify usage
- markus@cvs.openbsd.org
[sshd.8]
- there is no rhosts_dsa
[ssh-keygen.1]
- document -y, update -X,-x
[nchan.c]
- fix close for non-open ssh1 channels
[servconf.c servconf.h ssh.h sshd.8 sshd.c ]
- s/DsaKey/HostDSAKey/, document option
[sshconnect2.c]
- respect number_of_password_prompts
[channels.c channels.h servconf.c servconf.h session.c sshd.8]
- GatewayPorts for sshd, ok deraadt@
[ssh-add.1 ssh-agent.1 ssh.1]
- more doc on: DSA, id_dsa, known_hosts2, authorized_keys2
[ssh.1]
- more info on proto 2
[sshd.8]
- sync AUTHOR w/ ssh.1
[key.c key.h sshconnect.c]
- print key type when talking about host keys
[packet.c]
- clear padding in ssh2
[dsa.c key.c radix.c ssh.h sshconnect1.c uuencode.c uuencode.h]
- replace broken uuencode w/ libc b64_ntop
[auth2.c]
- log failure before sending the reply
[key.c radix.c uuencode.c]
- remote trailing comments before calling __b64_pton
[auth2.c readconf.c readconf.h servconf.c servconf.h ssh.1]
[sshconnect2.c sshd.8]
- add DSAAuthetication option to ssh/sshd, document SSH2 in sshd.8
- Bring in b64_ntop and b64_pton from OpenBSD libc (bsd-base64.[ch])
2000-05-07 10:03:14 +08:00
|
|
|
There is no need to keep the contents of this file secret.
|
2000-07-11 15:31:38 +08:00
|
|
|
.El
|
2000-11-13 19:57:25 +08:00
|
|
|
.Sh AUTHORS
|
2001-01-29 16:34:16 +08:00
|
|
|
OpenSSH is a derivative of the original and free
|
|
|
|
ssh 1.2.12 release by Tatu Ylonen.
|
|
|
|
Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
|
|
|
|
Theo de Raadt and Dug Song
|
|
|
|
removed many bugs, re-added newer features and
|
|
|
|
created OpenSSH.
|
|
|
|
Markus Friedl contributed the support for SSH
|
|
|
|
protocol versions 1.5 and 2.0.
|
1999-10-29 07:15:49 +08:00
|
|
|
.Sh SEE ALSO
|
|
|
|
.Xr ssh 1 ,
|
|
|
|
.Xr ssh-add 1 ,
|
1999-11-15 20:33:56 +08:00
|
|
|
.Xr ssh-agent 1 ,
|
2001-02-11 07:10:33 +08:00
|
|
|
.Xr sshd 8
|
2001-04-23 01:15:46 +08:00
|
|
|
.Rs
|
2001-06-25 12:45:33 +08:00
|
|
|
.%A J. Galbraith
|
|
|
|
.%A R. Thayer
|
2001-04-23 01:15:46 +08:00
|
|
|
.%T "SECSH Public Key File Format"
|
|
|
|
.%N draft-ietf-secsh-publickeyfile-01.txt
|
|
|
|
.%D March 2001
|
|
|
|
.%O work in progress material
|
|
|
|
.Re
|