summaryrefslogtreecommitdiff
path: root/ssh-keygen.1
Commit message (Collapse)AuthorAgeFilesLines
* upstream: add valid-before="[time]" authorized_keys option. Adjm@openbsd.org2018-03-141-4/+4
| | | | | | simple way of giving a key an expiry date. ok markus@ OpenBSD-Commit-ID: 1793b4dd5184fa87f42ed33c7b0f4f02bc877947
* upstream commitdjm@openbsd.org2018-02-071-5/+5
| | | | | | | | | certificate options are case-sensitive; fix case on one that had it wrong. move a badly-place sentence to a less bad place OpenBSD-Commit-ID: 231e516bba860699a1eece6d48532d825f5f747b
* upstream commitdjm@openbsd.org@openbsd.org2017-11-031-7/+16
| | | | | | | allow certificate validity intervals that specify only a start or stop time (we already support specifying both or neither) OpenBSD-Commit-ID: 9be486545603c003030bdb5c467d1318b46b4e42
* upstream commitjmc@openbsd.org2017-07-211-4/+4
| | | | | | slightly rework previous, to avoid an article issue; Upstream-ID: 15a315f0460ddd3d4e2ade1f16d6c640a8c41b30
* upstream commitdjm@openbsd.org2017-07-211-2/+7
| | | | | | | | | When generating all hostkeys (ssh-keygen -A), clobber existing keys if they exist but are zero length. zero-length keys could previously be made if ssh-keygen failed part way through generating them, so avoid that case too. bz#2561 reported by Krzysztof Cieplucha; ok dtucker@ Upstream-ID: f662201c28ab8e1f086b5d43c59cddab5ade4044
* upstream commitdjm@openbsd.org2017-06-281-2/+20
| | | | | | | Allow ssh-keygen to use a key held in ssh-agent as a CA when signing certificates. bz#2377 ok markus Upstream-ID: fb42e920b592edcbb5b50465739a867c09329c8f
* upstream commitnaddy@openbsd.org2017-05-081-5/+5
| | | | | | remove superfluous protocol 2 mentions; ok jmc@ Upstream-ID: 0aaf7567c9f2e50fac5906b6a500a39c33c4664d
* upstream commitjmc@openbsd.org2017-05-081-32/+5
| | | | | | more protocol 1 stuff to go; ok djm Upstream-ID: 307a30441d2edda480fd1661d998d36665671e47
* upstream commitjmc@openbsd.org2017-05-081-8/+5
| | | | | | rsa1 is no longer valid; Upstream-ID: 9953d09ed9841c44b7dcf7019fa874783a709d89
* upstream commitjmc@openbsd.org2017-05-081-2/+3
| | | | | | more -O shuffle; ok djm Upstream-ID: c239991a3a025cdbb030b73e990188dd9bfbeceb
* upstream commitjmc@openbsd.org2017-05-081-27/+34
| | | | | | tidy up -O somewhat; ok djm Upstream-ID: 804405f716bf7ef15c1f36ab48581ca16aeb4d52
* upstream commitdjm@openbsd.org2017-05-011-5/+4
| | | | | | | | remove KEY_RSA1 ok markus@ Upstream-ID: 7408517b077c892a86b581e19f82a163069bf133
* upstream commitjmc@openbsd.org2017-05-011-6/+6
| | | | | | tweak previous; Upstream-ID: a3abc6857455299aa42a046d232b7984568bceb9
* upstream commitdjm@openbsd.org2017-05-011-3/+23
| | | | | | | allow ssh-keygen to include arbitrary string or flag certificate extensions and critical options. ok markus@ dtucker@ Upstream-ID: 2cf28dd6c5489eb9fc136e0b667ac3ea10241646
* upstream commitjmc@openbsd.org2016-06-241-4/+5
| | | | | | | | | keys stored in openssh format can have comments too; diff from yonas yanfa, tweaked a bit; ok djm Upstream-ID: 03d48536da6e51510d73ade6fcd44ace731ceb27
* upstream commitjmc@openbsd.org2016-05-051-2/+2
| | | | | | correct article; Upstream-ID: 1fbd5b7ab16d2d9834ec79c3cedd4738fa42a168
* upstream commitdjm@openbsd.org2016-05-041-3/+4
| | | | | | | make nethack^wrandomart fingerprint flag more readily searchable pointed out by Matt Johnston Upstream-ID: cb40d0235dc153c478c1aad3bc60b195422a54fb
* upstream commitjmc@openbsd.org2016-02-181-5/+9
| | | | | | | | | | since these pages now clearly tell folks to avoid v1, normalise the docs from a v2 perspective (i.e. stop pointing out which bits are v2 only); ok/tweaks djm ok markus Upstream-ID: eb474f8c36fb6a532dc05c282f7965e38dcfa129
* upstream commitdjm@openbsd.org2015-11-161-3/+3
| | | | | | | support multiple certificates (one per line) and reading from standard input (using "-f -") for "ssh-keygen -L"; ok dtucker@ Upstream-ID: ecbadeeef3926e5be6281689b7250a32a80e88db
* upstream commitjmc@openbsd.org2015-11-091-3/+3
| | | | | | | | | | "commandline" -> "command line", since there are so few examples of the former in the pages, so many of the latter, and in some of these pages we had multiple spellings; prompted by tj Upstream-ID: 78459d59bff74223f8139d9001ccd56fc4310659
* upstream commitnaddy@openbsd.org2015-08-211-4/+4
| | | | | | | In the certificates section, be consistent about using "host_key" and "user_key" for the respective key types. ok sthen@ deraadt@ Upstream-ID: 9e037ea3b15577b238604c5533e082a3947f13cb
* upstream commitdjm@openbsd.org2015-07-151-3/+3
| | | | | | | refuse to generate or accept RSA keys smaller than 1024 bits; feedback and ok dtucker@ Upstream-ID: 7ea3d31271366ba264f06e34a3539bf1ac30f0ba
* upstream commitnaddy@openbsd.org2015-02-261-2/+3
| | | | add -v (show ASCII art) to -l's synopsis; ok djm@
* upstream commitdjm@openbsd.org2014-12-221-2/+11
| | | | | | | | Add FingerprintHash option to control algorithm used for key fingerprints. Default changes from MD5 to SHA256 and format from hex to base64. Feedback and ok naddy@ markus@
* upstream commitsobrado@openbsd.org2014-10-131-6/+6
| | | | | | | improve capitalization for the Ed25519 public-key signature system. ok djm@
* - jmc@cvs.openbsd.org 2014/03/31 13:39:34Damien Miller2014-04-201-6/+6
| | | | | | [ssh-keygen.1] the text for the -K option was inserted in the wrong place in -r1.108; fix From: Matthew Clarke
* - deraadt@cvs.openbsd.org 2014/03/15 17:28:26Damien Miller2014-04-201-4/+4
| | | | | | | | | [ssh-agent.c ssh-keygen.1 ssh-keygen.c] Improve usage() and documentation towards the standard form. In particular, this line saves a lot of man page reading time. usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1] [-N new_passphrase] [-C comment] [-f output_keyfile] ok schwarze jmc
* - naddy@cvs.openbsd.org 2014/02/05 20:13:25Damien Miller2014-02-071-3/+3
| | | | | | [ssh-keygen.1 ssh-keygen.c] tweak synopsis: calling ssh-keygen without any arguments is fine; ok jmc@ while here, fix ordering in usage(); requested by jmc@
* - tedu@cvs.openbsd.org 2013/12/21 07:10:47Damien Miller2013-12-291-3/+3
| | | | | [ssh-keygen.1] small typo
* - naddy@cvs.openbsd.org 2013/12/07 11:58:46Damien Miller2013-12-181-8/+18
| | | | | | [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8 ssh.1] [ssh_config.5 sshd.8 sshd_config.5] add missing mentions of ed25519; ok djm@
* - djm@cvs.openbsd.org 2013/12/07 08:08:26Damien Miller2013-12-181-7/+24
| | | | | [ssh-keygen.1] document -a and -o wrt new key format
* - jmc@cvs.openbsd.org 2013/06/27 14:05:37Damien Miller2013-07-181-4/+3
| | | | | | | | [ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5] do not use Sx for sections outwith the man page - ingo informs me that stuff like html will render with broken links; issue reported by Eric S. Raymond, via djm
* - jmc@cvs.openbsd.org 2013/01/19 07:13:25Damien Miller2013-01-201-3/+3
| | | | | [ssh-keygen.1] fix some formatting; ok djm
* - jmc@cvs.openbsd.org 2013/01/18 21:48:43Damien Miller2013-01-201-8/+8
| | | | | [ssh-keygen.1] command-line (adj.) -> command line (n.);
* - jmc@cvs.openbsd.org 2013/01/18 08:39:04Damien Miller2013-01-201-1/+3
| | | | | [ssh-keygen.1] add -Q to the options list; ok djm
* - jmc@cvs.openbsd.org 2013/01/18 07:57:47Damien Miller2013-01-201-15/+16
| | | | | [ssh-keygen.1] tweak previous;
* - djm@cvs.openbsd.org 2013/01/17 23:00:01Damien Miller2013-01-181-2/+116
| | | | | | | | | | [auth.c key.c key.h ssh-keygen.1 ssh-keygen.c sshd_config.5] [krl.c krl.h PROTOCOL.krl] add support for Key Revocation Lists (KRLs). These are a compact way to represent lists of revoked keys and certificates, taking as little as a single bit of incremental cost to revoke a certificate by serial number. KRLs are loaded via the existing RevokedKeys sshd_config option. feedback and ok markus@
* - jmc@cvs.openbsd.org 2012/08/15 18:25:50Darren Tucker2012-09-061-3/+5
| | | | | | [ssh-keygen.1] a little more info on certificate validity; requested by Ross L Richardson, and provided by djm
* - dtucker@cvs.openbsd.org 2012/07/06 00:41:59Damien Miller2012-07-061-3/+15
| | | | | | | [moduli.c ssh-keygen.1 ssh-keygen.c] Add options to specify starting line number and number of lines to process when screening moduli candidates. This allows processing of different parts of a candidate moduli file in parallel. man page help jmc@, ok djm@
* - dtucker@cvs.openbsd.org 2011/10/16 11:02:46Damien Miller2011-10-181-2/+11
| | | | | [moduli.c ssh-keygen.1 ssh-keygen.c] Add optional checkpoints for moduli screening. feedback & ok deraadt
* - deraadt@cvs.openbsd.org 2011/09/07 02:18:31Damien Miller2011-09-221-3/+3
| | | | | [ssh-keygen.1] typo (they vs the) found by Lawrence Teo
* - djm@cvs.openbsd.org 2011/04/13 04:09:37Damien Miller2011-05-051-1/+7
| | | | | [ssh-keygen.1] mention valid -b sizes for ECDSA keys; bz#1862
* - djm@cvs.openbsd.org 2011/04/13 04:02:48Damien Miller2011-05-051-5/+4
| | | | | [ssh-keygen.1] improve wording; bz#1861
* - jmc@cvs.openbsd.org 2011/03/24 15:29:30Damien Miller2011-05-051-3/+3
| | | | | [ssh-keygen.1] zap trailing whitespace;
* - stevesk@cvs.openbsd.org 2011/03/23 16:24:56Damien Miller2011-05-051-4/+1
| | | | | [ssh-keygen.1] -q not used in /etc/rc now so remove statement.
* - stevesk@cvs.openbsd.org 2011/03/23 15:16:22Damien Miller2011-05-051-2/+11
| | | | | | | | | | [ssh-keygen.1 ssh-keygen.c] Add -A option. For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys do not exist, generate the host keys with the default key file path, an empty passphrase, default bits for the key type, and default comment. This will be used by /etc/rc to generate new host keys. Idea from deraadt. ok deraadt
* - jmc@cvs.openbsd.org 2010/10/28 18:33:28Damien Miller2010-11-051-4/+2
| | | | | [scp.1 ssh-add.1 ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5] knock out some "-*- nroff -*-" lines;
* - naddy@cvs.openbsd.org 2010/09/10 15:19:29Damien Miller2010-09-241-26/+17
| | | | | | | | [ssh-keygen.1] * mention ECDSA in more places * less repetition in FILES section * SSHv1 keys are still encrypted with 3DES help and ok jmc@
* - djm@cvs.openbsd.org 2010/08/31 11:54:45Damien Miller2010-08-311-4/+5
| | | | | | | | | | | | | | | | | | | | | | | | | [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c] [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c] [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c] [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c] [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h] [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5] [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer better performance than plain DH and DSA at the same equivalent symmetric key length, as well as much shorter keys. Only the mandatory sections of RFC5656 are implemented, specifically the three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and ECDSA. Point compression (optional in RFC5656 is NOT implemented). Certificate host and user keys using the new ECDSA key types are supported. Note that this code has not been tested for interoperability and may be subject to change. feedback and ok markus@
* - djm@cvs.openbsd.org 2010/08/04 06:07:11Damien Miller2010-08-051-3/+18
| | | | | [ssh-keygen.1 ssh-keygen.c] Support CA keys in PKCS#11 tokens; feedback and ok markus@
View Lorry Controller Status