ssh-keygen(1) 맨 페이지 - 윈디하나의 솔라나라

개요

섹션
맨 페이지 이름
검색(S)

ssh-keygen(1)

ssh-keygen(1)                    User Commands                   ssh-keygen(1)



NAME
       ssh-keygen - authentication key generation

SYNOPSIS
       ssh-keygen [-q] [-b bits ] -t type [-N new_passphrase]
            [-C comment] [-f output_keyfile]


       ssh-keygen -p [-P old_passphrase] [-N new_passphrase]
            [-f keyfile]


       ssh-keygen -i [-f input_keyfile | PKCS#11-URI]


       ssh-keygen -e [-f input_keyfile]


       ssh-keygen -y [-f input_keyfile]


       ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]


       ssh-keygen -l [-f input_keyfile | PKCS#11-URI]


       ssh-keygen -B [-f input_keyfile]


       ssh-keygen -F hostname [-f known_hosts_file]


       ssh-keygen -H [-f known_hosts_file]


       ssh-keygen -R hostname [-f known_hosts_file]


DESCRIPTION
       The  ssh-keygen utility generates, manages, and converts authentication
       keys for ssh(1). ssh-keygen can create RSA keys for use by SSH protocol
       version  1  and  RSA or DSA keys for use by SSH protocol version 2. The
       type of key to be generated is specified with the -t option. ssh-keygen
       can  also  generate  fingerprints  or  convert the public keys from the
       X.509v3 certificates specified as PKCS#11 URIs.


       Normally, each user wishing to use SSH with RSA or  DSA  authentication
       runs this once to create the authentication key in $HOME/.ssh/identity,
       $HOME/.ssh/id_dsa, or $HOME/.ssh/id_rsa. The system  administrator  can
       also use this to generate host keys..


       Ordinarily, this program generates the key and asks for a file in which
       to store the private key. The public key is stored in a file  with  the
       same  name  but  with the ``.pub'' extension appended. The program also
       asks for a passphrase. The passphrase  can  be  empty  to  indicate  no
       passphrase  (host  keys  must  have  empty passphrases), or it can be a
       string of arbitrary length. Good passphrases are 10-30 characters long,
       are  not simple sentences or otherwise easy to guess, and contain a mix
       of uppercase and lowercase letters, numbers, and non-alphanumeric char‐
       acters.  (English  prose has only 1-2 bits of entropy per word and pro‐
       vides very poor passphrases.) If a passphrase is set,  it  must  be  at
       least 4 characters long.


       The passphrase can be changed later by using the -p option.


       There is no way to recover a lost passphrase. If the passphrase is lost
       or forgotten, you have to generate a new key and copy the corresponding
       public key to other machines.


       For RSA, there is also a comment field in the key file that is only for
       convenience to the user to help identify the key. The comment can  tell
       what  the key is for, or whatever is useful. The comment is initialized
       to ``user@host'' when the key is created, but can be changed using  the
       -c option.


       After  a key is generated, instructions below detail where to place the
       keys to activate them.

OPTIONS
       The following options are supported:

       -b bits

           Specifies the number of bits in the key to create. The minimum num‐
           ber is 512 bits. Generally, 2048 bits is considered sufficient. Key
           sizes above that no longer improve security but make things slower.
           The default is 2048 bits.


       -B

           Shows  the  bubblebabble  digest of the specified private or public
           key file.


       -c

           Requests changing the comment in the private and public key  files.
           The  program  prompts for the file containing the private keys, for
           the passphrase if the key has one, and for the new comment.

           This option only applies to rsa1 (SSHv1) keys.


       -C comment

           Provides the new comment.


       -e

           This option reads a private or public OpenSSH key file  and  prints
           the  key in a "SECSH" Public Key File Format to stdout. This option
           allows exporting keys for use by several other SSH implementations.


       -f

           Specifies the filename of the key file.


       -F

           Search for the specified hostname in a  known_hosts  file,  listing
           any  occurrences  found.  This option is useful to find hashed host
           names or addresses and can also be used in conjunction with the  -H
           option to print found keys in a hashed format.


       -H

           Hash a known_hosts file. This replaces all host names and addresses
           with hashed representations within the specified file. The original
           content  is moved to a file with a .old suffix. These hashes may be
           used normally by ssh and sshd, but they do not  reveal  identifying
           information  should  the  file's contents be disclosed. This option
           does not modify existing hashed host names and is therefore safe to
           use on files that mix hashed and non-hashed names.


       -i

           This  option  reads  an unencrypted private (or public) key file in
           SSH2-compatible format and prints an OpenSSH compatible private (or
           public) key to stdout. ssh-keygen also reads the "SECSH" Public Key
           File Format. This option allows importing keys from  several  other
           SSH implementations.


       -l

           Shows the fingerprint of the specified private or public key file.


       -N new_passphrase

           Provides the new passphrase.


       -p

           Requests  changing  the passphrase of a private key file instead of
           creating a new private key. The program prompts for the  file  con‐
           taining  the private key, for the old passphrase, and prompts twice
           for the new passphrase.


       -P passphrase

           Provides the (old) passphrase.


       -q

           Silences ssh-keygen.


       -t type

           Specifies the algorithm used for the key, where type is one of rsa,
           dsa, and rsa1. Type rsa1 is used only for the SSHv1 protocol.


       -R hostname

           Removes  all  keys  belonging  to hostname from a known_hosts file.
           This option is useful to delete hashed hosts. See -H.


       -x

           Obsolete. Replaced by the -e option.


       -X

           Obsolete. Replaced by the -i option.


       -y

           This option reads a private  OpenSSH  format  file  and  prints  an
           OpenSSH public key to stdout.


       -8

           Specifies  that ssh-keygen will generate the keys in PKCS#8 format.
           The supported type of key to be generated is rsa or dsa.


EXIT STATUS
       The following exit values are returned:

       0

           Successful completion.


       1

           An error occurred.


FILES
       $HOME/.ssh/identity

           This file contains the RSA private key for the SSHv1 protocol. This
           file  should not be readable by anyone but the user. It is possible
           to specify a passphrase when generating the key; that passphrase is
           used to encrypt the private part of this file using 3DES. This file
           is not automatically accessed by ssh-keygen, but it is  offered  as
           the default file for the private key. sshd(1M) reads this file when
           a login attempt is made.


       $HOME/.ssh/identity.pub

           This file contains the RSA public key for the SSHv1  protocol.  The
           contents of this file should be added to $HOME/.ssh/authorized_keys
           on all machines where you wish to log in using RSA  authentication.
           There is no need to keep the contents of this file secret.


       $HOME/.ssh/id_dsa
       $HOME/.ssh/id_rsa

           These  files  contain, respectively, the DSA or RSA private key for
           the SSHv2 protocol. These files should not be  readable  by  anyone
           but  the user. It is possible to specify a passphrase when generat‐
           ing the key; that passphrase is used to encrypt the private part of
           the file using 128-bit AES. Neither of these files is automatically
           accessed by ssh-keygen but is offered as the default file  for  the
           private key. sshd(1M) reads this file when a login attempt is made.


       $HOME/.ssh/id_dsa.pub
       $HOME/.ssh/id_rsa.pub

           These  files  contain,  respectively, the DSA or RSA public key for
           the SSHv2 protocol. The contents of these files  should  be  added,
           respectively,  to  $HOME/.ssh/authorized_keys on all machines where
           you wish to log in using DSA or RSA  authentication.  There  is  no
           need to keep the contents of these files secret.


ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:




       tab()   box;   cw(2.75i)  |cw(2.75i)  lw(2.75i)  |lw(2.75i)  ATTRIBUTE
       TYPEATTRIBUTE VALUE  _  Availabilitynetwork/ssh/ssh-key  _  Interface
       StabilityCommitted


SEE ALSO
       ssh(1), ssh-add(1), ssh-agent(1), sshd(1M), attributes(5)



SunOS 5.11                        6 Mar 2015                     ssh-keygen(1)
맨 페이지 내용의 저작권은 맨 페이지 작성자에게 있습니다.
RSS ATOM XHTML 5 CSS3