ssh-keygen(1) 맨 페이지 - 윈디하나의 솔라나라

개요

섹션
맨페이지이름
검색(S)

ssh-keygen

Name
     ssh-keygen - authentication key generation

Synopsis
     ssh-keygen [-q] [-b bits ] -t type [-N new_passphrase]
          [-C comment] [-f output_keyfile]


     ssh-keygen -p [-P old_passphrase] [-N new_passphrase]
          [-f keyfile]


     ssh-keygen -i [-f input_keyfile | PKCS#11-URI]


     ssh-keygen -e [-f input_keyfile]


     ssh-keygen -y [-f input_keyfile]


     ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]


     ssh-keygen -l [-f input_keyfile | PKCS#11-URI]


     ssh-keygen -B [-f input_keyfile]


     ssh-keygen -F hostname [-f known_hosts_file]


     ssh-keygen -H [-f known_hosts_file]


     ssh-keygen -R hostname [-f known_hosts_file]

Description
     The ssh-keygen  utility  generates,  manages,  and  converts
     authentication  keys  for  ssh(1). ssh-keygen can create RSA
     keys for use by SSH protocol version 1 and RSA or  DSA  keys
     for  use  by  SSH  protocol version 2. The type of key to be
     generated is specified with the -t  option.  ssh-keygen  can
     also  generate  fingerprints or convert the public keys from
     the X.509v3 certificates specified as PKCS#11 URIs.


     Normally, each user wishing to  use  SSH  with  RSA  or  DSA
     authentication  runs  this once to create the authentication
     key   in    $HOME/.ssh/identity,    $HOME/.ssh/id_dsa,    or
     $HOME/.ssh/id_rsa.  The  system  administrator  can also use
     this to generate host keys..


     Ordinarily, this program generates the key and  asks  for  a
     file  in  which  to store the private key. The public key is
     stored in a file with the same name but  with  the  ``.pub''
     extension  appended. The program also asks for a passphrase.
     The passphrase can be empty to indicate no passphrase  (host
     keys  must have empty passphrases), or it can be a string of
     arbitrary length.  Good  passphrases  are  10-30  characters
     long,  are  not simple sentences or otherwise easy to guess,
     and contain  a  mix  of  uppercase  and  lowercase  letters,
     numbers, and non-alphanumeric characters. (English prose has
     only 1-2 bits of entropy per word  and  provides  very  poor
     passphrases.)  If a passphrase is set, it must be at least 4
     characters long.


     The passphrase can be changed later by using the -p option.


     There is no  way  to  recover  a  lost  passphrase.  If  the
     passphrase  is lost or forgotten, you have to generate a new
     key and copy the corresponding public key to other machines.


     For RSA, there is also a comment field in the key file  that
     is  only  for  convenience  to the user to help identify the
     key. The comment can tell what the key is for,  or  whatever
     is  useful. The comment is initialized to ``user@host'' when
     the key is created, but can be changed using the -c option.


     After a key is generated, instructions below detail where to
     place the keys to activate them.

Options
     The following options are supported:

     -b bits
         Specifies the number of bits in the key to  create.  The
         minimum number is 512 bits. Generally, 2048 bits is con-
         sidered sufficient.  Key  sizes  above  that  no  longer
         improve  security but make things slower. The default is
         2048 bits.


     -B
         Shows the bubblebabble digest of the  specified  private
         or public key file.

     -c
         Requests changing the comment in the private and  public
         key  files.  The program prompts for the file containing
         the private keys, for the passphrase if the key has one,
         and for the new comment.

         This option only applies to rsa1 (SSHv1) keys.


     -C comment
         Provides the new comment.


     -e
         This option reads a private or public OpenSSH  key  file
         and  prints  the key in a "SECSH" Public Key File Format
         to stdout. This option allows exporting keys for use  by
         several other SSH implementations.


     -f
         Specifies the filename of the key file.


     -F
         Search for the specified hostname in a known_hosts file,
         listing  any occurrences found. This option is useful to
         find hashed host names or addresses and can also be used
         in conjunction with the -H option to print found keys in
         a hashed format.


     -H
         Hash a known_hosts file. This replaces  all  host  names
         and  addresses  with  hashed  representations within the
         specified file. The original content is moved to a  file
         with a .old suffix. These hashes may be used normally by
         ssh and sshd, but they do not reveal identifying  infor-
         mation  should  the  file's  contents be disclosed. This
         option does not modify existing hashed host names and is
         therefore  safe to use on files that mix hashed and non-
         hashed names.


     -i
         This option reads an unencrypted private (or public) key
         file  in  SSH2-compatible  format  and prints an OpenSSH
         compatible private (or public) key to stdout. ssh-keygen
         also  reads  the  "SECSH"  Public  Key File Format. This
         option allows importing  keys  from  several  other  SSH
         implementations.


     -l
         Shows the fingerprint of the specified private or public
         key file.


     -N new_passphrase
         Provides the new passphrase.


     -p
         Requests changing the passphrase of a private  key  file
         instead  of  creating  a  new  private  key. The program
         prompts for the file containing the private key, for the
         old   passphrase,   and   prompts   twice  for  the  new
         passphrase.


     -P passphrase
         Provides the (old) passphrase.


     -q
         Silences ssh-keygen.


     -t type
         Specifies the algorithm used for the key, where type  is
         one  of  rsa,  dsa, and rsa1. Type rsa1 is used only for
         the SSHv1 protocol.


     -R hostname
         Removes  all  keys  belonging   to   hostname   from   a
         known_hosts file. This option is useful to delete hashed
         hosts. See -H.


     -x
         Obsolete. Replaced by the -e option.


     -X
         Obsolete. Replaced by the -i option.

     -y
         This option reads a  private  OpenSSH  format  file  and
         prints an OpenSSH public key to stdout.


     -8
         Specifies that ssh-keygen  will  generate  the  keys  in
         PKCS#8 format. The supported type of key to be generated
         is rsa or dsa.

Exit Status
     The following exit values are returned:

     0
         Successful completion.


     1
         An error occurred.

Files
     $HOME/.ssh/identity
         This file contains the RSA private  key  for  the  SSHv1
         protocol. This file should not be readable by anyone but
         the user. It is possible to specify  a  passphrase  when
         generating  the  key; that passphrase is used to encrypt
         the private part of this file using 3DES. This  file  is
         not  automatically  accessed  by  ssh-keygen,  but it is
         offered  as  the  default  file  for  the  private  key.
         sshd(1M) reads this file when a login attempt is made.


     $HOME/.ssh/identity.pub
         This file contains the RSA public key for the SSHv1 pro-
         tocol.  The  contents  of  this  file should be added to
         $HOME/.ssh/authorized_keys on  all  machines  where  you
         wish  to  log  in  using RSA authentication. There is no
         need to keep the contents of this file secret.


     $HOME/.ssh/id_dsa
     $HOME/.ssh/id_rsa
         These  files  contain,  respectively,  the  DSA  or  RSA
         private  key  for the SSHv2 protocol. These files should
         not be readable by anyone but the user. It  is  possible
         to  specify  a  passphrase when generating the key; that
         passphrase is used to encrypt the private  part  of  the
         file  using  128-bit  AES.  Neither  of  these  files is
         automatically accessed by ssh-keygen but is  offered  as
         the  default  file  for  the private key. sshd(1M) reads
         this file when a login attempt is made.


     $HOME/.ssh/id_dsa.pub
     $HOME/.ssh/id_rsa.pub
         These files contain, respectively, the DSA or RSA public
         key  for the SSHv2 protocol. The contents of these files
         should      be       added,       respectively,       to
         $HOME/.ssh/authorized_keys  on  all  machines  where you
         wish to log in using DSA or RSA authentication. There is
         no need to keep the contents of these files secret.

Attributes
     See attributes(5) for descriptions of the  following  attri-
     butes:



     tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i)  ATTRI-
     BUTE TYPEATTRIBUTE VALUE _ Availabilitynetwork/ssh/ssh-key _
     Interface StabilityCommitted

See Also
     ssh(1), ssh-add(1), ssh-agent(1), sshd(1M), attributes(5)
맨 페이지 내용의 저작권은 맨 페이지 작성자에게 있습니다.
RSS ATOM XHTML 1.0 CSS3