1.\" $OpenBSD: ssh-keygen.1,v 1.115 2013/01/19 07:13:25 jmc Exp $ 2.\" $FreeBSD$ 3.\" 4.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 5.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 6.\" All rights reserved 7.\" 8.\" As far as I am concerned, the code I have written for this software 9.\" can be used freely for any purpose. Any derived versions of this 10.\" software must be clearly marked as such, and if the derived work is 11.\" incompatible with the protocol description in the RFC file, it must be 12.\" called by a name other than "ssh" or "Secure Shell". 13.\" 14.\" 15.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. 16.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. 17.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. 18.\" 19.\" Redistribution and use in source and binary forms, with or without 20.\" modification, are permitted provided that the following conditions 21.\" are met: 22.\" 1. Redistributions of source code must retain the above copyright 23.\" notice, this list of conditions and the following disclaimer. 24.\" 2. Redistributions in binary form must reproduce the above copyright 25.\" notice, this list of conditions and the following disclaimer in the 26.\" documentation and/or other materials provided with the distribution. 27.\" 28.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 29.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 30.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 31.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 32.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 33.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 34.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 35.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 36.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 37.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 38.\" 39.Dd January 19, 2013 40.Dt SSH-KEYGEN 1 41.Os 42.Sh NAME 43.Nm ssh-keygen 44.Nd authentication key generation, management and conversion 45.Sh SYNOPSIS 46.Bk -words 47.Nm ssh-keygen 48.Op Fl q 49.Op Fl b Ar bits 50.Fl t Ar type 51.Op Fl N Ar new_passphrase 52.Op Fl C Ar comment 53.Op Fl f Ar output_keyfile 54.Nm ssh-keygen 55.Fl p 56.Op Fl P Ar old_passphrase 57.Op Fl N Ar new_passphrase 58.Op Fl f Ar keyfile 59.Nm ssh-keygen 60.Fl i 61.Op Fl m Ar key_format 62.Op Fl f Ar input_keyfile 63.Nm ssh-keygen 64.Fl e 65.Op Fl m Ar key_format 66.Op Fl f Ar input_keyfile 67.Nm ssh-keygen 68.Fl y 69.Op Fl f Ar input_keyfile 70.Nm ssh-keygen 71.Fl c 72.Op Fl P Ar passphrase 73.Op Fl C Ar comment 74.Op Fl f Ar keyfile 75.Nm ssh-keygen 76.Fl l 77.Op Fl f Ar input_keyfile 78.Nm ssh-keygen 79.Fl B 80.Op Fl f Ar input_keyfile 81.Nm ssh-keygen 82.Fl D Ar pkcs11 83.Nm ssh-keygen 84.Fl F Ar hostname 85.Op Fl f Ar known_hosts_file 86.Op Fl l 87.Nm ssh-keygen 88.Fl H 89.Op Fl f Ar known_hosts_file 90.Nm ssh-keygen 91.Fl R Ar hostname 92.Op Fl f Ar known_hosts_file 93.Nm ssh-keygen 94.Fl r Ar hostname 95.Op Fl f Ar input_keyfile 96.Op Fl g 97.Nm ssh-keygen 98.Fl G Ar output_file 99.Op Fl v 100.Op Fl b Ar bits 101.Op Fl M Ar memory 102.Op Fl S Ar start_point 103.Nm ssh-keygen 104.Fl T Ar output_file 105.Fl f Ar input_file 106.Op Fl v 107.Op Fl a Ar num_trials 108.Op Fl J Ar num_lines 109.Op Fl j Ar start_line 110.Op Fl K Ar checkpt 111.Op Fl W Ar generator 112.Nm ssh-keygen 113.Fl s Ar ca_key 114.Fl I Ar certificate_identity 115.Op Fl h 116.Op Fl n Ar principals 117.Op Fl O Ar option 118.Op Fl V Ar validity_interval 119.Op Fl z Ar serial_number 120.Ar 121.Nm ssh-keygen 122.Fl L 123.Op Fl f Ar input_keyfile 124.Nm ssh-keygen 125.Fl A 126.Nm ssh-keygen 127.Fl k 128.Fl f Ar krl_file 129.Op Fl u 130.Op Fl s Ar ca_public 131.Op Fl z Ar version_number 132.Ar 133.Nm ssh-keygen 134.Fl Q 135.Fl f Ar krl_file 136.Ar 137.Ek 138.Sh DESCRIPTION 139.Nm 140generates, manages and converts authentication keys for 141.Xr ssh 1 . 142.Nm 143can create RSA keys for use by SSH protocol version 1 and DSA, ECDSA or RSA 144keys for use by SSH protocol version 2. 145The type of key to be generated is specified with the 146.Fl t 147option. 148If invoked without any arguments, 149.Nm 150will generate an RSA key for use in SSH protocol 2 connections. 151.Pp 152.Nm 153is also used to generate groups for use in Diffie-Hellman group 154exchange (DH-GEX). 155See the 156.Sx MODULI GENERATION 157section for details. 158.Pp 159Finally, 160.Nm 161can be used to generate and update Key Revocation Lists, and to test whether 162given keys have been revoked by one. 163See the 164.Sx KEY REVOCATION LISTS 165section for details. 166.Pp 167Normally each user wishing to use SSH 168with public key authentication runs this once to create the authentication 169key in 170.Pa ~/.ssh/identity , 171.Pa ~/.ssh/id_ecdsa , 172.Pa ~/.ssh/id_dsa 173or 174.Pa ~/.ssh/id_rsa . 175Additionally, the system administrator may use this to generate host keys, 176as seen in 177.Pa /etc/rc . 178.Pp 179Normally this program generates the key and asks for a file in which 180to store the private key. 181The public key is stored in a file with the same name but 182.Dq .pub 183appended. 184The program also asks for a passphrase. 185The passphrase may be empty to indicate no passphrase 186(host keys must have an empty passphrase), or it may be a string of 187arbitrary length. 188A passphrase is similar to a password, except it can be a phrase with a 189series of words, punctuation, numbers, whitespace, or any string of 190characters you want. 191Good passphrases are 10-30 characters long, are 192not simple sentences or otherwise easily guessable (English 193prose has only 1-2 bits of entropy per character, and provides very bad 194passphrases), and contain a mix of upper and lowercase letters, 195numbers, and non-alphanumeric characters. 196The passphrase can be changed later by using the 197.Fl p 198option. 199.Pp 200There is no way to recover a lost passphrase. 201If the passphrase is lost or forgotten, a new key must be generated 202and the corresponding public key copied to other machines. 203.Pp 204For RSA1 keys, 205there is also a comment field in the key file that is only for 206convenience to the user to help identify the key. 207The comment can tell what the key is for, or whatever is useful. 208The comment is initialized to 209.Dq user@host 210when the key is created, but can be changed using the 211.Fl c 212option. 213.Pp 214After a key is generated, instructions below detail where the keys 215should be placed to be activated. 216.Pp 217The options are as follows: 218.Bl -tag -width Ds 219.It Fl A 220For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys 221do not exist, generate the host keys with the default key file path, 222an empty passphrase, default bits for the key type, and default comment. 223This is used by 224.Pa /etc/rc 225to generate new host keys. 226.It Fl a Ar trials 227Specifies the number of primality tests to perform when screening DH-GEX 228candidates using the 229.Fl T 230command. 231.It Fl B 232Show the bubblebabble digest of specified private or public key file. 233.It Fl b Ar bits 234Specifies the number of bits in the key to create. 235For RSA keys, the minimum size is 768 bits and the default is 2048 bits. 236Generally, 2048 bits is considered sufficient. 237DSA keys must be exactly 1024 bits as specified by FIPS 186-2. 238For ECDSA keys, the 239.Fl b 240flag determines the key length by selecting from one of three elliptic 241curve sizes: 256, 384 or 521 bits. 242Attempting to use bit lengths other than these three values for ECDSA keys 243will fail. 244.It Fl C Ar comment 245Provides a new comment. 246.It Fl c 247Requests changing the comment in the private and public key files. 248This operation is only supported for RSA1 keys. 249The program will prompt for the file containing the private keys, for 250the passphrase if the key has one, and for the new comment. 251.It Fl D Ar pkcs11 252Download the RSA public keys provided by the PKCS#11 shared library 253.Ar pkcs11 . 254When used in combination with 255.Fl s , 256this option indicates that a CA key resides in a PKCS#11 token (see the 257.Sx CERTIFICATES 258section for details). 259.It Fl e 260This option will read a private or public OpenSSH key file and 261print to stdout the key in one of the formats specified by the 262.Fl m 263option. 264The default export format is 265.Dq RFC4716 . 266This option allows exporting OpenSSH keys for use by other programs, including 267several commercial SSH implementations. 268.It Fl F Ar hostname 269Search for the specified 270.Ar hostname 271in a 272.Pa known_hosts 273file, listing any occurrences found. 274This option is useful to find hashed host names or addresses and may also be 275used in conjunction with the 276.Fl H 277option to print found keys in a hashed format. 278.It Fl f Ar filename 279Specifies the filename of the key file. 280.It Fl G Ar output_file 281Generate candidate primes for DH-GEX. 282These primes must be screened for 283safety (using the 284.Fl T 285option) before use. 286.It Fl g 287Use generic DNS format when printing fingerprint resource records using the 288.Fl r 289command. 290.It Fl H 291Hash a 292.Pa known_hosts 293file. 294This replaces all hostnames and addresses with hashed representations 295within the specified file; the original content is moved to a file with 296a .old suffix. 297These hashes may be used normally by 298.Nm ssh 299and 300.Nm sshd , 301but they do not reveal identifying information should the file's contents 302be disclosed. 303This option will not modify existing hashed hostnames and is therefore safe 304to use on files that mix hashed and non-hashed names. 305.It Fl h 306When signing a key, create a host certificate instead of a user 307certificate. 308Please see the 309.Sx CERTIFICATES 310section for details. 311.It Fl I Ar certificate_identity 312Specify the key identity when signing a public key. 313Please see the 314.Sx CERTIFICATES 315section for details. 316.It Fl i 317This option will read an unencrypted private (or public) key file 318in the format specified by the 319.Fl m 320option and print an OpenSSH compatible private 321(or public) key to stdout. 322.It Fl J Ar num_lines 323Exit after screening the specified number of lines 324while performing DH candidate screening using the 325.Fl T 326option. 327.It Fl j Ar start_line 328Start screening at the specified line number 329while performing DH candidate screening using the 330.Fl T 331option. 332.It Fl K Ar checkpt 333Write the last line processed to the file 334.Ar checkpt 335while performing DH candidate screening using the 336.Fl T 337option. 338This will be used to skip lines in the input file that have already been 339processed if the job is restarted. 340This option allows importing keys from other software, including several 341commercial SSH implementations. 342The default import format is 343.Dq RFC4716 . 344.It Fl k 345Generate a KRL file. 346In this mode, 347.Nm 348will generate a KRL file at the location specified via the 349.Fl f 350flag that revokes every key or certificate presented on the command line. 351Keys/certificates to be revoked may be specified by public key file or 352using the format described in the 353.Sx KEY REVOCATION LISTS 354section. 355.It Fl L 356Prints the contents of a certificate. 357.It Fl l 358Show fingerprint of specified public key file. 359Private RSA1 keys are also supported. 360For RSA and DSA keys 361.Nm 362tries to find the matching public key file and prints its fingerprint. 363If combined with 364.Fl v , 365an ASCII art representation of the key is supplied with the fingerprint. 366.It Fl M Ar memory 367Specify the amount of memory to use (in megabytes) when generating 368candidate moduli for DH-GEX. 369.It Fl m Ar key_format 370Specify a key format for the 371.Fl i 372(import) or 373.Fl e 374(export) conversion options. 375The supported key formats are: 376.Dq RFC4716 377(RFC 4716/SSH2 public or private key), 378.Dq PKCS8 379(PEM PKCS8 public key) 380or 381.Dq PEM 382(PEM public key). 383The default conversion format is 384.Dq RFC4716 . 385.It Fl N Ar new_passphrase 386Provides the new passphrase. 387.It Fl n Ar principals 388Specify one or more principals (user or host names) to be included in 389a certificate when signing a key. 390Multiple principals may be specified, separated by commas. 391Please see the 392.Sx CERTIFICATES 393section for details. 394.It Fl O Ar option 395Specify a certificate option when signing a key. 396This option may be specified multiple times. 397Please see the 398.Sx CERTIFICATES 399section for details. 400The options that are valid for user certificates are: 401.Bl -tag -width Ds 402.It Ic clear 403Clear all enabled permissions. 404This is useful for clearing the default set of permissions so permissions may 405be added individually. 406.It Ic force-command Ns = Ns Ar command 407Forces the execution of 408.Ar command 409instead of any shell or command specified by the user when 410the certificate is used for authentication. 411.It Ic no-agent-forwarding 412Disable 413.Xr ssh-agent 1 414forwarding (permitted by default). 415.It Ic no-port-forwarding 416Disable port forwarding (permitted by default). 417.It Ic no-pty 418Disable PTY allocation (permitted by default). 419.It Ic no-user-rc 420Disable execution of 421.Pa ~/.ssh/rc 422by 423.Xr sshd 8 424(permitted by default). 425.It Ic no-x11-forwarding 426Disable X11 forwarding (permitted by default). 427.It Ic permit-agent-forwarding 428Allows 429.Xr ssh-agent 1 430forwarding. 431.It Ic permit-port-forwarding 432Allows port forwarding. 433.It Ic permit-pty 434Allows PTY allocation. 435.It Ic permit-user-rc 436Allows execution of 437.Pa ~/.ssh/rc 438by 439.Xr sshd 8 . 440.It Ic permit-x11-forwarding 441Allows X11 forwarding. 442.It Ic source-address Ns = Ns Ar address_list 443Restrict the source addresses from which the certificate is considered valid. 444The 445.Ar address_list 446is a comma-separated list of one or more address/netmask pairs in CIDR 447format. 448.El 449.Pp 450At present, no options are valid for host keys. 451.It Fl P Ar passphrase 452Provides the (old) passphrase. 453.It Fl p 454Requests changing the passphrase of a private key file instead of 455creating a new private key. 456The program will prompt for the file 457containing the private key, for the old passphrase, and twice for the 458new passphrase. 459.It Fl Q 460Test whether keys have been revoked in a KRL. 461.It Fl q 462Silence 463.Nm ssh-keygen . 464.It Fl R Ar hostname 465Removes all keys belonging to 466.Ar hostname 467from a 468.Pa known_hosts 469file. 470This option is useful to delete hashed hosts (see the 471.Fl H 472option above). 473.It Fl r Ar hostname 474Print the SSHFP fingerprint resource record named 475.Ar hostname 476for the specified public key file. 477.It Fl S Ar start 478Specify start point (in hex) when generating candidate moduli for DH-GEX. 479.It Fl s Ar ca_key 480Certify (sign) a public key using the specified CA key. 481Please see the 482.Sx CERTIFICATES 483section for details. 484.Pp 485When generating a KRL, 486.Fl s 487specifies a path to a CA public key file used to revoke certificates directly 488by key ID or serial number. 489See the 490.Sx KEY REVOCATION LISTS 491section for details. 492.It Fl T Ar output_file 493Test DH group exchange candidate primes (generated using the 494.Fl G 495option) for safety. 496.It Fl t Ar type 497Specifies the type of key to create. 498The possible values are 499.Dq rsa1 500for protocol version 1 and 501.Dq dsa , 502.Dq ecdsa 503or 504.Dq rsa 505for protocol version 2. 506.It Fl u 507Update a KRL. 508When specified with 509.Fl k , 510keys listed via the command line are added to the existing KRL rather than 511a new KRL being created. 512.It Fl V Ar validity_interval 513Specify a validity interval when signing a certificate. 514A validity interval may consist of a single time, indicating that the 515certificate is valid beginning now and expiring at that time, or may consist 516of two times separated by a colon to indicate an explicit time interval. 517The start time may be specified as a date in YYYYMMDD format, a time 518in YYYYMMDDHHMMSS format or a relative time (to the current time) consisting 519of a minus sign followed by a relative time in the format described in the 520.Sx TIME FORMATS 521section of 522.Xr sshd_config 5 . 523The end time may be specified as a YYYYMMDD date, a YYYYMMDDHHMMSS time or 524a relative time starting with a plus character. 525.Pp 526For example: 527.Dq +52w1d 528(valid from now to 52 weeks and one day from now), 529.Dq -4w:+4w 530(valid from four weeks ago to four weeks from now), 531.Dq 20100101123000:20110101123000 532(valid from 12:30 PM, January 1st, 2010 to 12:30 PM, January 1st, 2011), 533.Dq -1d:20110101 534(valid from yesterday to midnight, January 1st, 2011). 535.It Fl v 536Verbose mode. 537Causes 538.Nm 539to print debugging messages about its progress. 540This is helpful for debugging moduli generation. 541Multiple 542.Fl v 543options increase the verbosity. 544The maximum is 3. 545.It Fl W Ar generator 546Specify desired generator when testing candidate moduli for DH-GEX. 547.It Fl y 548This option will read a private 549OpenSSH format file and print an OpenSSH public key to stdout. 550.It Fl z Ar serial_number 551Specifies a serial number to be embedded in the certificate to distinguish 552this certificate from others from the same CA. 553The default serial number is zero. 554.Pp 555When generating a KRL, the 556.Fl z 557flag is used to specify a KRL version number. 558.El 559.Sh MODULI GENERATION 560.Nm 561may be used to generate groups for the Diffie-Hellman Group Exchange 562(DH-GEX) protocol. 563Generating these groups is a two-step process: first, candidate 564primes are generated using a fast, but memory intensive process. 565These candidate primes are then tested for suitability (a CPU-intensive 566process). 567.Pp 568Generation of primes is performed using the 569.Fl G 570option. 571The desired length of the primes may be specified by the 572.Fl b 573option. 574For example: 575.Pp 576.Dl # ssh-keygen -G moduli-2048.candidates -b 2048 577.Pp 578By default, the search for primes begins at a random point in the 579desired length range. 580This may be overridden using the 581.Fl S 582option, which specifies a different start point (in hex). 583.Pp 584Once a set of candidates have been generated, they must be screened for 585suitability. 586This may be performed using the 587.Fl T 588option. 589In this mode 590.Nm 591will read candidates from standard input (or a file specified using the 592.Fl f 593option). 594For example: 595.Pp 596.Dl # ssh-keygen -T moduli-2048 -f moduli-2048.candidates 597.Pp 598By default, each candidate will be subjected to 100 primality tests. 599This may be overridden using the 600.Fl a 601option. 602The DH generator value will be chosen automatically for the 603prime under consideration. 604If a specific generator is desired, it may be requested using the 605.Fl W 606option. 607Valid generator values are 2, 3, and 5. 608.Pp 609Screened DH groups may be installed in 610.Pa /etc/moduli . 611It is important that this file contains moduli of a range of bit lengths and 612that both ends of a connection share common moduli. 613.Sh CERTIFICATES 614.Nm 615supports signing of keys to produce certificates that may be used for 616user or host authentication. 617Certificates consist of a public key, some identity information, zero or 618more principal (user or host) names and a set of options that 619are signed by a Certification Authority (CA) key. 620Clients or servers may then trust only the CA key and verify its signature 621on a certificate rather than trusting many user/host keys. 622Note that OpenSSH certificates are a different, and much simpler, format to 623the X.509 certificates used in 624.Xr ssl 8 . 625.Pp 626.Nm 627supports two types of certificates: user and host. 628User certificates authenticate users to servers, whereas host certificates 629authenticate server hosts to users. 630To generate a user certificate: 631.Pp 632.Dl $ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub 633.Pp 634The resultant certificate will be placed in 635.Pa /path/to/user_key-cert.pub . 636A host certificate requires the 637.Fl h 638option: 639.Pp 640.Dl $ ssh-keygen -s /path/to/ca_key -I key_id -h /path/to/host_key.pub 641.Pp 642The host certificate will be output to 643.Pa /path/to/host_key-cert.pub . 644.Pp 645It is possible to sign using a CA key stored in a PKCS#11 token by 646providing the token library using 647.Fl D 648and identifying the CA key by providing its public half as an argument 649to 650.Fl s : 651.Pp 652.Dl $ ssh-keygen -s ca_key.pub -D libpkcs11.so -I key_id host_key.pub 653.Pp 654In all cases, 655.Ar key_id 656is a "key identifier" that is logged by the server when the certificate 657is used for authentication. 658.Pp 659Certificates may be limited to be valid for a set of principal (user/host) 660names. 661By default, generated certificates are valid for all users or hosts. 662To generate a certificate for a specified set of principals: 663.Pp 664.Dl $ ssh-keygen -s ca_key -I key_id -n user1,user2 user_key.pub 665.Dl "$ ssh-keygen -s ca_key -I key_id -h -n host.domain user_key.pub" 666.Pp 667Additional limitations on the validity and use of user certificates may 668be specified through certificate options. 669A certificate option may disable features of the SSH session, may be 670valid only when presented from particular source addresses or may 671force the use of a specific command. 672For a list of valid certificate options, see the documentation for the 673.Fl O 674option above. 675.Pp 676Finally, certificates may be defined with a validity lifetime. 677The 678.Fl V 679option allows specification of certificate start and end times. 680A certificate that is presented at a time outside this range will not be 681considered valid. 682By default, certificates are valid from 683.Ux 684Epoch to the distant future. 685.Pp 686For certificates to be used for user or host authentication, the CA 687public key must be trusted by 688.Xr sshd 8 689or 690.Xr ssh 1 . 691Please refer to those manual pages for details. 692.Sh KEY REVOCATION LISTS 693.Nm 694is able to manage OpenSSH format Key Revocation Lists (KRLs). 695These binary files specify keys or certificates to be revoked using a 696compact format, taking as little a one bit per certificate if they are being 697revoked by serial number. 698.Pp 699KRLs may be generated using the 700.Fl k 701flag. 702This option reads one or more files from the command line and generates a new 703KRL. 704The files may either contain a KRL specification (see below) or public keys, 705listed one per line. 706Plain public keys are revoked by listing their hash or contents in the KRL and 707certificates revoked by serial number or key ID (if the serial is zero or 708not available). 709.Pp 710Revoking keys using a KRL specification offers explicit control over the 711types of record used to revoke keys and may be used to directly revoke 712certificates by serial number or key ID without having the complete original 713certificate on hand. 714A KRL specification consists of lines containing one of the following directives 715followed by a colon and some directive-specific information. 716.Bl -tag -width Ds 717.It Cm serial : Ar serial_number Ns Op - Ns Ar serial_number 718Revokes a certificate with the specified serial number. 719Serial numbers are 64-bit values, not including zero and may be expressed 720in decimal, hex or octal. 721If two serial numbers are specified separated by a hyphen, then the range 722of serial numbers including and between each is revoked. 723The CA key must have been specified on the 724.Nm 725command line using the 726.Fl s 727option. 728.It Cm id : Ar key_id 729Revokes a certificate with the specified key ID string. 730The CA key must have been specified on the 731.Nm 732command line using the 733.Fl s 734option. 735.It Cm key : Ar public_key 736Revokes the specified key. 737If a certificate is listed, then it is revoked as a plain public key. 738.It Cm sha1 : Ar public_key 739Revokes the specified key by its SHA1 hash. 740.El 741.Pp 742KRLs may be updated using the 743.Fl u 744flag in addition to 745.Fl k . 746When this option is specified, keys listed via the command line are merged into 747the KRL, adding to those already there. 748.Pp 749It is also possible, given a KRL, to test whether it revokes a particular key 750(or keys). 751The 752.Fl Q 753flag will query an existing KRL, testing each key specified on the commandline. 754If any key listed on the command line has been revoked (or an error encountered) 755then 756.Nm 757will exit with a non-zero exit status. 758A zero exit status will only be returned if no key was revoked. 759.Sh FILES 760.Bl -tag -width Ds -compact 761.It Pa ~/.ssh/identity 762Contains the protocol version 1 RSA authentication identity of the user. 763This file should not be readable by anyone but the user. 764It is possible to 765specify a passphrase when generating the key; that passphrase will be 766used to encrypt the private part of this file using 3DES. 767This file is not automatically accessed by 768.Nm 769but it is offered as the default file for the private key. 770.Xr ssh 1 771will read this file when a login attempt is made. 772.Pp 773.It Pa ~/.ssh/identity.pub 774Contains the protocol version 1 RSA public key for authentication. 775The contents of this file should be added to 776.Pa ~/.ssh/authorized_keys 777on all machines 778where the user wishes to log in using RSA authentication. 779There is no need to keep the contents of this file secret. 780.Pp 781.It Pa ~/.ssh/id_dsa 782.It Pa ~/.ssh/id_ecdsa 783.It Pa ~/.ssh/id_rsa 784Contains the protocol version 2 DSA, ECDSA or RSA authentication identity of the user. 785This file should not be readable by anyone but the user. 786It is possible to 787specify a passphrase when generating the key; that passphrase will be 788used to encrypt the private part of this file using 128-bit AES. 789This file is not automatically accessed by 790.Nm 791but it is offered as the default file for the private key. 792.Xr ssh 1 793will read this file when a login attempt is made. 794.Pp 795.It Pa ~/.ssh/id_dsa.pub 796.It Pa ~/.ssh/id_ecdsa.pub 797.It Pa ~/.ssh/id_rsa.pub 798Contains the protocol version 2 DSA, ECDSA or RSA public key for authentication. 799The contents of this file should be added to 800.Pa ~/.ssh/authorized_keys 801on all machines 802where the user wishes to log in using public key authentication. 803There is no need to keep the contents of this file secret. 804.Pp 805.It Pa /etc/moduli 806Contains Diffie-Hellman groups used for DH-GEX. 807The file format is described in 808.Xr moduli 5 . 809.El 810.Sh SEE ALSO 811.Xr ssh 1 , 812.Xr ssh-add 1 , 813.Xr ssh-agent 1 , 814.Xr moduli 5 , 815.Xr sshd 8 816.Rs 817.%R RFC 4716 818.%T "The Secure Shell (SSH) Public Key File Format" 819.%D 2006 820.Re 821.Sh AUTHORS 822OpenSSH is a derivative of the original and free 823ssh 1.2.12 release by Tatu Ylonen. 824Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, 825Theo de Raadt and Dug Song 826removed many bugs, re-added newer features and 827created OpenSSH. 828Markus Friedl contributed the support for SSH 829protocol versions 1.5 and 2.0. 830