1.\" $OpenBSD: ssh-keygen.1,v 1.133 2016/06/16 06:10:45 jmc Exp $ 2.\" 3.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 5.\" All rights reserved 6.\" 7.\" As far as I am concerned, the code I have written for this software 8.\" can be used freely for any purpose. Any derived versions of this 9.\" software must be clearly marked as such, and if the derived work is 10.\" incompatible with the protocol description in the RFC file, it must be 11.\" called by a name other than "ssh" or "Secure Shell". 12.\" 13.\" 14.\" Copyright (c) 1999,2000 Markus Friedl. All rights reserved. 15.\" Copyright (c) 1999 Aaron Campbell. All rights reserved. 16.\" Copyright (c) 1999 Theo de Raadt. All rights reserved. 17.\" 18.\" Redistribution and use in source and binary forms, with or without 19.\" modification, are permitted provided that the following conditions 20.\" are met: 21.\" 1. Redistributions of source code must retain the above copyright 22.\" notice, this list of conditions and the following disclaimer. 23.\" 2. Redistributions in binary form must reproduce the above copyright 24.\" notice, this list of conditions and the following disclaimer in the 25.\" documentation and/or other materials provided with the distribution. 26.\" 27.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 28.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 29.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 30.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 31.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 32.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 33.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 34.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 35.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 36.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 37.\" 38.Dd $Mdocdate: June 16 2016 $ 39.Dt SSH-KEYGEN 1 40.Os 41.Sh NAME 42.Nm ssh-keygen 43.Nd authentication key generation, management and conversion 44.Sh SYNOPSIS 45.Bk -words 46.Nm ssh-keygen 47.Op Fl q 48.Op Fl b Ar bits 49.Op Fl t Cm dsa | ecdsa | ed25519 | rsa | rsa1 50.Op Fl N Ar new_passphrase 51.Op Fl C Ar comment 52.Op Fl f Ar output_keyfile 53.Nm ssh-keygen 54.Fl p 55.Op Fl P Ar old_passphrase 56.Op Fl N Ar new_passphrase 57.Op Fl f Ar keyfile 58.Nm ssh-keygen 59.Fl i 60.Op Fl m Ar key_format 61.Op Fl f Ar input_keyfile 62.Nm ssh-keygen 63.Fl e 64.Op Fl m Ar key_format 65.Op Fl f Ar input_keyfile 66.Nm ssh-keygen 67.Fl y 68.Op Fl f Ar input_keyfile 69.Nm ssh-keygen 70.Fl c 71.Op Fl P Ar passphrase 72.Op Fl C Ar comment 73.Op Fl f Ar keyfile 74.Nm ssh-keygen 75.Fl l 76.Op Fl v 77.Op Fl E Ar fingerprint_hash 78.Op Fl f Ar input_keyfile 79.Nm ssh-keygen 80.Fl B 81.Op Fl f Ar input_keyfile 82.Nm ssh-keygen 83.Fl D Ar pkcs11 84.Nm ssh-keygen 85.Fl F Ar hostname 86.Op Fl f Ar known_hosts_file 87.Op Fl l 88.Nm ssh-keygen 89.Fl H 90.Op Fl f Ar known_hosts_file 91.Nm ssh-keygen 92.Fl R Ar hostname 93.Op Fl f Ar known_hosts_file 94.Nm ssh-keygen 95.Fl r Ar hostname 96.Op Fl f Ar input_keyfile 97.Op Fl g 98.Nm ssh-keygen 99.Fl G Ar output_file 100.Op Fl v 101.Op Fl b Ar bits 102.Op Fl M Ar memory 103.Op Fl S Ar start_point 104.Nm ssh-keygen 105.Fl T Ar output_file 106.Fl f Ar input_file 107.Op Fl v 108.Op Fl a Ar rounds 109.Op Fl J Ar num_lines 110.Op Fl j Ar start_line 111.Op Fl K Ar checkpt 112.Op Fl W Ar generator 113.Nm ssh-keygen 114.Fl s Ar ca_key 115.Fl I Ar certificate_identity 116.Op Fl h 117.Op Fl n Ar principals 118.Op Fl O Ar option 119.Op Fl V Ar validity_interval 120.Op Fl z Ar serial_number 121.Ar 122.Nm ssh-keygen 123.Fl L 124.Op Fl f Ar input_keyfile 125.Nm ssh-keygen 126.Fl A 127.Nm ssh-keygen 128.Fl k 129.Fl f Ar krl_file 130.Op Fl u 131.Op Fl s Ar ca_public 132.Op Fl z Ar version_number 133.Ar 134.Nm ssh-keygen 135.Fl Q 136.Fl f Ar krl_file 137.Ar 138.Ek 139.Sh DESCRIPTION 140.Nm 141generates, manages and converts authentication keys for 142.Xr ssh 1 . 143.Nm 144can create keys for use by SSH protocol versions 1 and 2. 145Protocol 1 should not be used 146and is only offered to support legacy devices. 147It suffers from a number of cryptographic weaknesses 148and doesn't support many of the advanced features available for protocol 2. 149.Pp 150The type of key to be generated is specified with the 151.Fl t 152option. 153If invoked without any arguments, 154.Nm 155will generate an RSA key for use in SSH protocol 2 connections. 156.Pp 157.Nm 158is also used to generate groups for use in Diffie-Hellman group 159exchange (DH-GEX). 160See the 161.Sx MODULI GENERATION 162section for details. 163.Pp 164Finally, 165.Nm 166can be used to generate and update Key Revocation Lists, and to test whether 167given keys have been revoked by one. 168See the 169.Sx KEY REVOCATION LISTS 170section for details. 171.Pp 172Normally each user wishing to use SSH 173with public key authentication runs this once to create the authentication 174key in 175.Pa ~/.ssh/identity , 176.Pa ~/.ssh/id_dsa , 177.Pa ~/.ssh/id_ecdsa , 178.Pa ~/.ssh/id_ed25519 179or 180.Pa ~/.ssh/id_rsa . 181Additionally, the system administrator may use this to generate host keys, 182as seen in 183.Pa /etc/rc . 184.Pp 185Normally this program generates the key and asks for a file in which 186to store the private key. 187The public key is stored in a file with the same name but 188.Dq .pub 189appended. 190The program also asks for a passphrase. 191The passphrase may be empty to indicate no passphrase 192(host keys must have an empty passphrase), or it may be a string of 193arbitrary length. 194A passphrase is similar to a password, except it can be a phrase with a 195series of words, punctuation, numbers, whitespace, or any string of 196characters you want. 197Good passphrases are 10-30 characters long, are 198not simple sentences or otherwise easily guessable (English 199prose has only 1-2 bits of entropy per character, and provides very bad 200passphrases), and contain a mix of upper and lowercase letters, 201numbers, and non-alphanumeric characters. 202The passphrase can be changed later by using the 203.Fl p 204option. 205.Pp 206There is no way to recover a lost passphrase. 207If the passphrase is lost or forgotten, a new key must be generated 208and the corresponding public key copied to other machines. 209.Pp 210For RSA1 keys and keys stored in the newer OpenSSH format, 211there is also a comment field in the key file that is only for 212convenience to the user to help identify the key. 213The comment can tell what the key is for, or whatever is useful. 214The comment is initialized to 215.Dq user@host 216when the key is created, but can be changed using the 217.Fl c 218option. 219.Pp 220After a key is generated, instructions below detail where the keys 221should be placed to be activated. 222.Pp 223The options are as follows: 224.Bl -tag -width Ds 225.It Fl A 226For each of the key types (rsa1, rsa, dsa, ecdsa and ed25519) 227for which host keys 228do not exist, generate the host keys with the default key file path, 229an empty passphrase, default bits for the key type, and default comment. 230This is used by 231.Pa /etc/rc 232to generate new host keys. 233.It Fl a Ar rounds 234When saving a new-format private key (i.e. an ed25519 key or any SSH protocol 2352 key when the 236.Fl o 237flag is set), this option specifies the number of KDF (key derivation function) 238rounds used. 239Higher numbers result in slower passphrase verification and increased 240resistance to brute-force password cracking (should the keys be stolen). 241.Pp 242When screening DH-GEX candidates ( 243using the 244.Fl T 245command). 246This option specifies the number of primality tests to perform. 247.It Fl B 248Show the bubblebabble digest of specified private or public key file. 249.It Fl b Ar bits 250Specifies the number of bits in the key to create. 251For RSA keys, the minimum size is 1024 bits and the default is 2048 bits. 252Generally, 2048 bits is considered sufficient. 253DSA keys must be exactly 1024 bits as specified by FIPS 186-2. 254For ECDSA keys, the 255.Fl b 256flag determines the key length by selecting from one of three elliptic 257curve sizes: 256, 384 or 521 bits. 258Attempting to use bit lengths other than these three values for ECDSA keys 259will fail. 260Ed25519 keys have a fixed length and the 261.Fl b 262flag will be ignored. 263.It Fl C Ar comment 264Provides a new comment. 265.It Fl c 266Requests changing the comment in the private and public key files. 267This operation is only supported for RSA1 keys and keys stored in the 268newer OpenSSH format. 269The program will prompt for the file containing the private keys, for 270the passphrase if the key has one, and for the new comment. 271.It Fl D Ar pkcs11 272Download the RSA public keys provided by the PKCS#11 shared library 273.Ar pkcs11 . 274When used in combination with 275.Fl s , 276this option indicates that a CA key resides in a PKCS#11 token (see the 277.Sx CERTIFICATES 278section for details). 279.It Fl E Ar fingerprint_hash 280Specifies the hash algorithm used when displaying key fingerprints. 281Valid options are: 282.Dq md5 283and 284.Dq sha256 . 285The default is 286.Dq sha256 . 287.It Fl e 288This option will read a private or public OpenSSH key file and 289print to stdout the key in one of the formats specified by the 290.Fl m 291option. 292The default export format is 293.Dq RFC4716 . 294This option allows exporting OpenSSH keys for use by other programs, including 295several commercial SSH implementations. 296.It Fl F Ar hostname 297Search for the specified 298.Ar hostname 299in a 300.Pa known_hosts 301file, listing any occurrences found. 302This option is useful to find hashed host names or addresses and may also be 303used in conjunction with the 304.Fl H 305option to print found keys in a hashed format. 306.It Fl f Ar filename 307Specifies the filename of the key file. 308.It Fl G Ar output_file 309Generate candidate primes for DH-GEX. 310These primes must be screened for 311safety (using the 312.Fl T 313option) before use. 314.It Fl g 315Use generic DNS format when printing fingerprint resource records using the 316.Fl r 317command. 318.It Fl H 319Hash a 320.Pa known_hosts 321file. 322This replaces all hostnames and addresses with hashed representations 323within the specified file; the original content is moved to a file with 324a .old suffix. 325These hashes may be used normally by 326.Nm ssh 327and 328.Nm sshd , 329but they do not reveal identifying information should the file's contents 330be disclosed. 331This option will not modify existing hashed hostnames and is therefore safe 332to use on files that mix hashed and non-hashed names. 333.It Fl h 334When signing a key, create a host certificate instead of a user 335certificate. 336Please see the 337.Sx CERTIFICATES 338section for details. 339.It Fl I Ar certificate_identity 340Specify the key identity when signing a public key. 341Please see the 342.Sx CERTIFICATES 343section for details. 344.It Fl i 345This option will read an unencrypted private (or public) key file 346in the format specified by the 347.Fl m 348option and print an OpenSSH compatible private 349(or public) key to stdout. 350This option allows importing keys from other software, including several 351commercial SSH implementations. 352The default import format is 353.Dq RFC4716 . 354.It Fl J Ar num_lines 355Exit after screening the specified number of lines 356while performing DH candidate screening using the 357.Fl T 358option. 359.It Fl j Ar start_line 360Start screening at the specified line number 361while performing DH candidate screening using the 362.Fl T 363option. 364.It Fl K Ar checkpt 365Write the last line processed to the file 366.Ar checkpt 367while performing DH candidate screening using the 368.Fl T 369option. 370This will be used to skip lines in the input file that have already been 371processed if the job is restarted. 372.It Fl k 373Generate a KRL file. 374In this mode, 375.Nm 376will generate a KRL file at the location specified via the 377.Fl f 378flag that revokes every key or certificate presented on the command line. 379Keys/certificates to be revoked may be specified by public key file or 380using the format described in the 381.Sx KEY REVOCATION LISTS 382section. 383.It Fl L 384Prints the contents of one or more certificates. 385.It Fl l 386Show fingerprint of specified public key file. 387Private RSA1 keys are also supported. 388For RSA and DSA keys 389.Nm 390tries to find the matching public key file and prints its fingerprint. 391If combined with 392.Fl v , 393a visual ASCII art representation of the key is supplied with the 394fingerprint. 395.It Fl M Ar memory 396Specify the amount of memory to use (in megabytes) when generating 397candidate moduli for DH-GEX. 398.It Fl m Ar key_format 399Specify a key format for the 400.Fl i 401(import) or 402.Fl e 403(export) conversion options. 404The supported key formats are: 405.Dq RFC4716 406(RFC 4716/SSH2 public or private key), 407.Dq PKCS8 408(PEM PKCS8 public key) 409or 410.Dq PEM 411(PEM public key). 412The default conversion format is 413.Dq RFC4716 . 414.It Fl N Ar new_passphrase 415Provides the new passphrase. 416.It Fl n Ar principals 417Specify one or more principals (user or host names) to be included in 418a certificate when signing a key. 419Multiple principals may be specified, separated by commas. 420Please see the 421.Sx CERTIFICATES 422section for details. 423.It Fl O Ar option 424Specify a certificate option when signing a key. 425This option may be specified multiple times. 426Please see the 427.Sx CERTIFICATES 428section for details. 429The options that are valid for user certificates are: 430.Bl -tag -width Ds 431.It Ic clear 432Clear all enabled permissions. 433This is useful for clearing the default set of permissions so permissions may 434be added individually. 435.It Ic force-command Ns = Ns Ar command 436Forces the execution of 437.Ar command 438instead of any shell or command specified by the user when 439the certificate is used for authentication. 440.It Ic no-agent-forwarding 441Disable 442.Xr ssh-agent 1 443forwarding (permitted by default). 444.It Ic no-port-forwarding 445Disable port forwarding (permitted by default). 446.It Ic no-pty 447Disable PTY allocation (permitted by default). 448.It Ic no-user-rc 449Disable execution of 450.Pa ~/.ssh/rc 451by 452.Xr sshd 8 453(permitted by default). 454.It Ic no-x11-forwarding 455Disable X11 forwarding (permitted by default). 456.It Ic permit-agent-forwarding 457Allows 458.Xr ssh-agent 1 459forwarding. 460.It Ic permit-port-forwarding 461Allows port forwarding. 462.It Ic permit-pty 463Allows PTY allocation. 464.It Ic permit-user-rc 465Allows execution of 466.Pa ~/.ssh/rc 467by 468.Xr sshd 8 . 469.It Ic permit-x11-forwarding 470Allows X11 forwarding. 471.It Ic source-address Ns = Ns Ar address_list 472Restrict the source addresses from which the certificate is considered valid. 473The 474.Ar address_list 475is a comma-separated list of one or more address/netmask pairs in CIDR 476format. 477.El 478.Pp 479At present, no options are valid for host keys. 480.It Fl o 481Causes 482.Nm 483to save private keys using the new OpenSSH format rather than 484the more compatible PEM format. 485The new format has increased resistance to brute-force password cracking 486but is not supported by versions of OpenSSH prior to 6.5. 487Ed25519 keys always use the new private key format. 488.It Fl P Ar passphrase 489Provides the (old) passphrase. 490.It Fl p 491Requests changing the passphrase of a private key file instead of 492creating a new private key. 493The program will prompt for the file 494containing the private key, for the old passphrase, and twice for the 495new passphrase. 496.It Fl Q 497Test whether keys have been revoked in a KRL. 498.It Fl q 499Silence 500.Nm ssh-keygen . 501.It Fl R Ar hostname 502Removes all keys belonging to 503.Ar hostname 504from a 505.Pa known_hosts 506file. 507This option is useful to delete hashed hosts (see the 508.Fl H 509option above). 510.It Fl r Ar hostname 511Print the SSHFP fingerprint resource record named 512.Ar hostname 513for the specified public key file. 514.It Fl S Ar start 515Specify start point (in hex) when generating candidate moduli for DH-GEX. 516.It Fl s Ar ca_key 517Certify (sign) a public key using the specified CA key. 518Please see the 519.Sx CERTIFICATES 520section for details. 521.Pp 522When generating a KRL, 523.Fl s 524specifies a path to a CA public key file used to revoke certificates directly 525by key ID or serial number. 526See the 527.Sx KEY REVOCATION LISTS 528section for details. 529.It Fl T Ar output_file 530Test DH group exchange candidate primes (generated using the 531.Fl G 532option) for safety. 533.It Fl t Cm dsa | ecdsa | ed25519 | rsa | rsa1 534Specifies the type of key to create. 535The possible values are 536.Dq rsa1 537for protocol version 1 and 538.Dq dsa , 539.Dq ecdsa , 540.Dq ed25519 , 541or 542.Dq rsa 543for protocol version 2. 544.It Fl u 545Update a KRL. 546When specified with 547.Fl k , 548keys listed via the command line are added to the existing KRL rather than 549a new KRL being created. 550.It Fl V Ar validity_interval 551Specify a validity interval when signing a certificate. 552A validity interval may consist of a single time, indicating that the 553certificate is valid beginning now and expiring at that time, or may consist 554of two times separated by a colon to indicate an explicit time interval. 555The start time may be specified as a date in YYYYMMDD format, a time 556in YYYYMMDDHHMMSS format or a relative time (to the current time) consisting 557of a minus sign followed by a relative time in the format described in the 558TIME FORMATS section of 559.Xr sshd_config 5 . 560The end time may be specified as a YYYYMMDD date, a YYYYMMDDHHMMSS time or 561a relative time starting with a plus character. 562.Pp 563For example: 564.Dq +52w1d 565(valid from now to 52 weeks and one day from now), 566.Dq -4w:+4w 567(valid from four weeks ago to four weeks from now), 568.Dq 20100101123000:20110101123000 569(valid from 12:30 PM, January 1st, 2010 to 12:30 PM, January 1st, 2011), 570.Dq -1d:20110101 571(valid from yesterday to midnight, January 1st, 2011). 572.It Fl v 573Verbose mode. 574Causes 575.Nm 576to print debugging messages about its progress. 577This is helpful for debugging moduli generation. 578Multiple 579.Fl v 580options increase the verbosity. 581The maximum is 3. 582.It Fl W Ar generator 583Specify desired generator when testing candidate moduli for DH-GEX. 584.It Fl y 585This option will read a private 586OpenSSH format file and print an OpenSSH public key to stdout. 587.It Fl z Ar serial_number 588Specifies a serial number to be embedded in the certificate to distinguish 589this certificate from others from the same CA. 590The default serial number is zero. 591.Pp 592When generating a KRL, the 593.Fl z 594flag is used to specify a KRL version number. 595.El 596.Sh MODULI GENERATION 597.Nm 598may be used to generate groups for the Diffie-Hellman Group Exchange 599(DH-GEX) protocol. 600Generating these groups is a two-step process: first, candidate 601primes are generated using a fast, but memory intensive process. 602These candidate primes are then tested for suitability (a CPU-intensive 603process). 604.Pp 605Generation of primes is performed using the 606.Fl G 607option. 608The desired length of the primes may be specified by the 609.Fl b 610option. 611For example: 612.Pp 613.Dl # ssh-keygen -G moduli-2048.candidates -b 2048 614.Pp 615By default, the search for primes begins at a random point in the 616desired length range. 617This may be overridden using the 618.Fl S 619option, which specifies a different start point (in hex). 620.Pp 621Once a set of candidates have been generated, they must be screened for 622suitability. 623This may be performed using the 624.Fl T 625option. 626In this mode 627.Nm 628will read candidates from standard input (or a file specified using the 629.Fl f 630option). 631For example: 632.Pp 633.Dl # ssh-keygen -T moduli-2048 -f moduli-2048.candidates 634.Pp 635By default, each candidate will be subjected to 100 primality tests. 636This may be overridden using the 637.Fl a 638option. 639The DH generator value will be chosen automatically for the 640prime under consideration. 641If a specific generator is desired, it may be requested using the 642.Fl W 643option. 644Valid generator values are 2, 3, and 5. 645.Pp 646Screened DH groups may be installed in 647.Pa /etc/moduli . 648It is important that this file contains moduli of a range of bit lengths and 649that both ends of a connection share common moduli. 650.Sh CERTIFICATES 651.Nm 652supports signing of keys to produce certificates that may be used for 653user or host authentication. 654Certificates consist of a public key, some identity information, zero or 655more principal (user or host) names and a set of options that 656are signed by a Certification Authority (CA) key. 657Clients or servers may then trust only the CA key and verify its signature 658on a certificate rather than trusting many user/host keys. 659Note that OpenSSH certificates are a different, and much simpler, format to 660the X.509 certificates used in 661.Xr ssl 8 . 662.Pp 663.Nm 664supports two types of certificates: user and host. 665User certificates authenticate users to servers, whereas host certificates 666authenticate server hosts to users. 667To generate a user certificate: 668.Pp 669.Dl $ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub 670.Pp 671The resultant certificate will be placed in 672.Pa /path/to/user_key-cert.pub . 673A host certificate requires the 674.Fl h 675option: 676.Pp 677.Dl $ ssh-keygen -s /path/to/ca_key -I key_id -h /path/to/host_key.pub 678.Pp 679The host certificate will be output to 680.Pa /path/to/host_key-cert.pub . 681.Pp 682It is possible to sign using a CA key stored in a PKCS#11 token by 683providing the token library using 684.Fl D 685and identifying the CA key by providing its public half as an argument 686to 687.Fl s : 688.Pp 689.Dl $ ssh-keygen -s ca_key.pub -D libpkcs11.so -I key_id user_key.pub 690.Pp 691In all cases, 692.Ar key_id 693is a "key identifier" that is logged by the server when the certificate 694is used for authentication. 695.Pp 696Certificates may be limited to be valid for a set of principal (user/host) 697names. 698By default, generated certificates are valid for all users or hosts. 699To generate a certificate for a specified set of principals: 700.Pp 701.Dl $ ssh-keygen -s ca_key -I key_id -n user1,user2 user_key.pub 702.Dl "$ ssh-keygen -s ca_key -I key_id -h -n host.domain host_key.pub" 703.Pp 704Additional limitations on the validity and use of user certificates may 705be specified through certificate options. 706A certificate option may disable features of the SSH session, may be 707valid only when presented from particular source addresses or may 708force the use of a specific command. 709For a list of valid certificate options, see the documentation for the 710.Fl O 711option above. 712.Pp 713Finally, certificates may be defined with a validity lifetime. 714The 715.Fl V 716option allows specification of certificate start and end times. 717A certificate that is presented at a time outside this range will not be 718considered valid. 719By default, certificates are valid from 720.Ux 721Epoch to the distant future. 722.Pp 723For certificates to be used for user or host authentication, the CA 724public key must be trusted by 725.Xr sshd 8 726or 727.Xr ssh 1 . 728Please refer to those manual pages for details. 729.Sh KEY REVOCATION LISTS 730.Nm 731is able to manage OpenSSH format Key Revocation Lists (KRLs). 732These binary files specify keys or certificates to be revoked using a 733compact format, taking as little as one bit per certificate if they are being 734revoked by serial number. 735.Pp 736KRLs may be generated using the 737.Fl k 738flag. 739This option reads one or more files from the command line and generates a new 740KRL. 741The files may either contain a KRL specification (see below) or public keys, 742listed one per line. 743Plain public keys are revoked by listing their hash or contents in the KRL and 744certificates revoked by serial number or key ID (if the serial is zero or 745not available). 746.Pp 747Revoking keys using a KRL specification offers explicit control over the 748types of record used to revoke keys and may be used to directly revoke 749certificates by serial number or key ID without having the complete original 750certificate on hand. 751A KRL specification consists of lines containing one of the following directives 752followed by a colon and some directive-specific information. 753.Bl -tag -width Ds 754.It Cm serial : Ar serial_number Ns Op - Ns Ar serial_number 755Revokes a certificate with the specified serial number. 756Serial numbers are 64-bit values, not including zero and may be expressed 757in decimal, hex or octal. 758If two serial numbers are specified separated by a hyphen, then the range 759of serial numbers including and between each is revoked. 760The CA key must have been specified on the 761.Nm 762command line using the 763.Fl s 764option. 765.It Cm id : Ar key_id 766Revokes a certificate with the specified key ID string. 767The CA key must have been specified on the 768.Nm 769command line using the 770.Fl s 771option. 772.It Cm key : Ar public_key 773Revokes the specified key. 774If a certificate is listed, then it is revoked as a plain public key. 775.It Cm sha1 : Ar public_key 776Revokes the specified key by its SHA1 hash. 777.El 778.Pp 779KRLs may be updated using the 780.Fl u 781flag in addition to 782.Fl k . 783When this option is specified, keys listed via the command line are merged into 784the KRL, adding to those already there. 785.Pp 786It is also possible, given a KRL, to test whether it revokes a particular key 787(or keys). 788The 789.Fl Q 790flag will query an existing KRL, testing each key specified on the command line. 791If any key listed on the command line has been revoked (or an error encountered) 792then 793.Nm 794will exit with a non-zero exit status. 795A zero exit status will only be returned if no key was revoked. 796.Sh FILES 797.Bl -tag -width Ds -compact 798.It Pa ~/.ssh/identity 799Contains the protocol version 1 RSA authentication identity of the user. 800This file should not be readable by anyone but the user. 801It is possible to 802specify a passphrase when generating the key; that passphrase will be 803used to encrypt the private part of this file using 3DES. 804This file is not automatically accessed by 805.Nm 806but it is offered as the default file for the private key. 807.Xr ssh 1 808will read this file when a login attempt is made. 809.Pp 810.It Pa ~/.ssh/identity.pub 811Contains the protocol version 1 RSA public key for authentication. 812The contents of this file should be added to 813.Pa ~/.ssh/authorized_keys 814on all machines 815where the user wishes to log in using RSA authentication. 816There is no need to keep the contents of this file secret. 817.Pp 818.It Pa ~/.ssh/id_dsa 819.It Pa ~/.ssh/id_ecdsa 820.It Pa ~/.ssh/id_ed25519 821.It Pa ~/.ssh/id_rsa 822Contains the protocol version 2 DSA, ECDSA, Ed25519 or RSA 823authentication identity of the user. 824This file should not be readable by anyone but the user. 825It is possible to 826specify a passphrase when generating the key; that passphrase will be 827used to encrypt the private part of this file using 128-bit AES. 828This file is not automatically accessed by 829.Nm 830but it is offered as the default file for the private key. 831.Xr ssh 1 832will read this file when a login attempt is made. 833.Pp 834.It Pa ~/.ssh/id_dsa.pub 835.It Pa ~/.ssh/id_ecdsa.pub 836.It Pa ~/.ssh/id_ed25519.pub 837.It Pa ~/.ssh/id_rsa.pub 838Contains the protocol version 2 DSA, ECDSA, Ed25519 or RSA 839public key for authentication. 840The contents of this file should be added to 841.Pa ~/.ssh/authorized_keys 842on all machines 843where the user wishes to log in using public key authentication. 844There is no need to keep the contents of this file secret. 845.Pp 846.It Pa /etc/moduli 847Contains Diffie-Hellman groups used for DH-GEX. 848The file format is described in 849.Xr moduli 5 . 850.El 851.Sh SEE ALSO 852.Xr ssh 1 , 853.Xr ssh-add 1 , 854.Xr ssh-agent 1 , 855.Xr moduli 5 , 856.Xr sshd 8 857.Rs 858.%R RFC 4716 859.%T "The Secure Shell (SSH) Public Key File Format" 860.%D 2006 861.Re 862.Sh AUTHORS 863OpenSSH is a derivative of the original and free 864ssh 1.2.12 release by Tatu Ylonen. 865Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, 866Theo de Raadt and Dug Song 867removed many bugs, re-added newer features and 868created OpenSSH. 869Markus Friedl contributed the support for SSH 870protocol versions 1.5 and 2.0. 871