SSH-KEYGEN2(1) SSH2 SSH-KEYGEN2(1)
ssh-keygen2 - authentication key pair generation
ssh-keygen2 [-b bits] [-t dsa|rsa] [ -c comment_string] [
-e file] [ -p passphrase] [ -P ] [ -h ] [ -q ] [--over-
write] [ -1 file] [ -i file] [ -D file] [ -B number] [ -V
] [ -r file] [ -x file] [ -k file] [ -7 file] [ -F file] [
--import-public-key infile outfile] [ --import-private-
key infile outfile] [ --import-ssh1-authorized-keys infile
outfile] [ --import-ssh1-known-hosts-file infile] [key1
ssh-keygen2 generates and manages authentication keys for
ssh2(1). Normally each user wishing to use ssh2 with pub-
lic-key authentication runs this to create authentication
keys. Additionally, the system administrator may use this
to generate host keys for sshd2(8).
Specifies the length of the key in bits (default
Selects the algorithm used in key generation. dsa
(Digital Signature Algorithm) and rsa are sup-
ported. The default is dsa.
Specifies the key's comment string.
Edits the specified key. Makes ssh-keygen2 inter-
active. You can change the key's passphrase or
Specifies the passphrase used to protect the key.
-P Specifies that the key will be saved with an empty
-h | -\?
Prints a short summary of ssh-keygen2 commands.
-q Hides the progress indicator.
Specifies whether to overwrite existing file(s).
Default is yes. Takes an optional yes/no argument
with which you can disable overwriting, i.e.
Converts a key from the ssh1 format to the ssh2
Displays (all) information about a key.
Derives the public key from the private key file.
Specifies the number base for displaying key infor-
mation (default 10).
-V Prints version string and exits.
Adds entropy from file to the random pool
$HOME/.ssh2/random_seed. If file contains 'rela-
tively random' data (i.e. data unpredictable by a
potential attacker), the randomness of the pool is
increased. Good randomness is essential for the
security of the generated keys.
Converts a private key from the X.509 format to the
SSH2 format. The converted key is written to
file_ssh2. This feature is only available in com-
mercial distributions with certificate support.
Converts a PKCS #12 file to an SSH2-format private
key and certificate pair. This feature is only
available in commercial distributions with certifi-
Exports certificate(s) from a PKCS #7 file. This
feature is only available in commercial distribu-
tions with certificate support.
Dumps the fingerprint of the given public key. The
fingerprint is given in the Bubble Babble format,
which makes the fingerprint look like a string of
"real" words (making it easier to remember).
--import-public-key infile outfile
Attempts to import a public key from file infile
and store it to file outfile in ssh2 native format.
--import-private-key infile outfile
Attempts to import an unencrypted private key from
file infile and store it to file outfile in ssh2
native private key format.
--import-ssh1-authorized-keys infile outfile
Attempts to import ssh1-style authorized_keys file
infile and generate ssh2-style authorization file
outfile and store the keys from infile to generated
files into the same directory with outfile.
Attempts to import ssh1-style known_hosts file
infile and generate ssh2-style hostkey files to the
current directory from each key within the
Used for seeding the random number generator. This
file must not be readable by anyone but the user.
This file is created the first time the program is
run, and is updated every time the program is run.
Private authentication keys.
Public authentication keys.
Private and public sshd2(8) host keys.
SSH Communications Security Corp.
For more information, see http://www.ssh.com.
ssh2(1), sshd2(8), ssh-agent2(1), ssh-add2(1)