Unix‎ > ‎Solaris‎ > ‎Solaris man pages‎ > ‎1‎ > ‎

ssh-keygen


NAME
     ssh-keygen - authentication key generation

SYNOPSIS
     ssh-keygen [-q] [-b bits ] -t type [-N new_passphrase]
          [-C comment] [-f output_keyfile]


     ssh-keygen -p [-P old_passphrase] [-N new_passphrase]
          [-f keyfile]


     ssh-keygen -i [-f input_keyfile]


     ssh-keygen -e [-f input_keyfile]


     ssh-keygen -y [-f input_keyfile]


     ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]


     ssh-keygen -l [-f input_keyfile]


     ssh-keygen -B [-f input_keyfile]


DESCRIPTION
     The ssh-keygen  utility  generates,  manages,  and  converts
     authentication  keys  for  ssh(1). ssh-keygen can create RSA
     keys for use by SSH protocol version 1 and RSA or  DSA  keys
     for  use  by  SSH  protocol version 2. The type of key to be
     generated is specified with the -t option.


     Normally, each user wishing to  use  SSH  with  RSA  or  DSA
     authentication  runs  this once to create the authentication
     key   in    $HOME/.ssh/identity,    $HOME/.ssh/id_dsa,    or
     $HOME/.ssh/id_rsa.  The  system  administrator  can also use
     this to generate host keys..


     Ordinarily, this program generates the key and  asks  for  a
     file  in  which  to store the private key. The public key is
     stored in a file with the same name but  with  the  ``.pub''
     extension  appended. The program also asks for a passphrase.
     The passphrase can be empty to indicate no passphrase  (host
     keys  must have empty passphrases), or it can be a string of
     arbitrary length.  Good  passphrases  are  10-30  characters
     long,  are  not simple sentences or otherwise easy to guess,
     and contain  a  mix  of  uppercase  and  lowercase  letters,
     numbers, and non-alphanumeric characters. (English prose has
     only 1-2 bits of entropy per word  and  provides  very  poor
     passphrases.)  If a passphrase is set, it must be at least 4
     characters long.


     The passphrase can be changed later by using the -p option.


     There is no  way  to  recover  a  lost  passphrase.  If  the
     passphrase  is lost or forgotten, you have to generate a new
     key and copy the corresponding public key to other machines.


     For RSA, there is also a comment field in the key file  that
     is  only  for  convenience  to the user to help identify the
     key. The comment can tell what the key is for,  or  whatever
     is  useful. The comment is initialized to ``user@host'' when
     the key is created, but can be changed using the -c option.


     After a key is generated, instructions below detail where to
     place the keys to activate them.

OPTIONS
     The following options are supported:

     -b bits              Specifies the number of bits in the key
                          to  create.  The  minimum number is 512
                          bits.  Generally,  1024  bits  is  con-
                          sidered  sufficient.  Key  sizes  above
                          that no  longer  improve  security  but
                          make things slower. The default is 1024
                          bits.


     -B                   Shows the bubblebabble  digest  of  the
                          specified private or public key file.


     -c                   Requests changing the  comment  in  the
                          private  and public key files. The pro-
                          gram prompts for  the  file  containing
                          the private keys, for the passphrase if
                          the key has one, and for the  new  com-
                          ment.

                          This  option  only  applies   to   rsa1
                          (SSHv1) keys.

     -C comment           Provides the new comment.


     -e                   This option reads a private  or  public
                          OpenSSH  key file and prints the key in
                          a "SECSH" Public  Key  File  Format  to
                          stdout.  This  option  allows exporting
                          keys  for  use  by  several  other  SSH
                          implementations.


     -f                   Specifies the filename of the key file.


     -i                   This  option   reads   an   unencrypted
                          private  (or  public) key file in SSH2-
                          compatible format and prints an OpenSSH
                          compatible  private  (or public) key to
                          stdout.  ssh-keygen  also   reads   the
                          "SECSH"  Public  Key  File Format. This
                          option  allows  importing   keys   from
                          several other SSH implementations.


     -l                   Shows the fingerprint of the  specified
                          private or public key file.


     -N new_passphrase    Provides the new passphrase.


     -p                   Requests changing the passphrase  of  a
                          private  key file instead of creating a
                          new private key.  The  program  prompts
                          for  the  file  containing  the private
                          key,  for  the  old   passphrase,   and
                          prompts twice for the new passphrase.


     -P passphrase        Provides the (old) passphrase.


     -q                   Silences ssh-keygen.


     -t type              Specifies the algorithm  used  for  the
                          key, where type is one of rsa, dsa, and
                          rsa1. Type rsa1 is used  only  for  the
                          SSHv1 protocol.



     -x                   Obsolete. Replaced by the -e option.


     -X                   Obsolete. Replaced by the -i option.


     -y                   This option  reads  a  private  OpenSSH
                          format  file and prints an OpenSSH pub-
                          lic key to stdout.


EXIT STATUS
     The following exit values are returned:

     0    Successful completion.


     1    An error occurred.


FILES
     $HOME/.ssh/identity        This  file   contains   the   RSA
                                private  key for the SSHv1 proto-
                                col.  This  file  should  not  be
                                readable  by anyone but the user.
                                It  is  possible  to  specify   a
                                passphrase  when  generating  the
                                key; that passphrase is  used  to
                                encrypt  the private part of this
                                file using 3DES. This file is not
                                automatically  accessed  by  ssh-
                                keygen, but it is offered as  the
                                default file for the private key.
                                sshd(1M) reads this file  when  a
                                login attempt is made.


     $HOME/.ssh/identity.pub    This file contains the RSA public
                                key  for  the SSHv1 protocol. The
                                contents of this file  should  be
                                added                          to
                                $HOME/.ssh/authorized_keys on all
                                machines where you wish to log in
                                using RSA  authentication.  There
                                is  no  need to keep the contents
                                of this file secret.


     $HOME/.ssh/id_dsa          These  files   contain,   respec-
     $HOME/.ssh/id_rsa          tively,  the  DSA  or RSA private
                                key for the SSHv2 protocol. These
                                files  should  not be readable by
                                anyone but the user. It is possi-
                                ble  to specify a passphrase when
                                generating    the    key;    that
                                passphrase is used to encrypt the
                                private part of  the  file  using
                                3DES.  Neither  of these files is
                                automatically  accessed  by  ssh-
                                keygen  but  is  offered  as  the
                                default file for the private key.
                                sshd(1M)  reads  this file when a
                                login attempt is made.


     $HOME/.ssh/id_dsa.pub      These  files   contain,   respec-
     $HOME/.ssh/id_rsa.pub      tively, the DSA or RSA public key
                                for the SSHv2 protocol. The  con-
                                tents  of  these  files should be
                                added,      respectively,      to
                                $HOME/.ssh/authorized_keys on all
                                machines where you wish to log in
                                using  DSA or RSA authentication.
                                There is no need to keep the con-
                                tents of these files secret.


ATTRIBUTES
     See attributes(5) for descriptions of the  following  attri-
     butes:



     ____________________________________________________________
    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    |_____________________________|_____________________________|
    | Availability                | SUNWsshcu                   |
    |_____________________________|_____________________________|
    | Interface Stability         | Evolving                    |
    |_____________________________|_____________________________|


SEE ALSO
     ssh(1), ssh-add(1), ssh-agent(1), sshd(1M), attributes(5)


     To  view  license  terms,  attribution,  and  copyright  for
     OpenSSH,         the         default         path         is
     /var/sadm/pkg/SUNWsshdr/install/copyright.  If  the  Solaris
     operating environment has been installed anywhere other than
     the default, modify the given path to access the file at the
     installed location.



Man pages from Solaris 10 Update 8. See docs.sun.com and www.oracle.com for further documentation and Solaris information.
Comments