-.\" $OpenBSD: ssh-keygen.1,v 1.116 2013/06/27 14:05:37 jmc Exp $
+.\" $OpenBSD: ssh-keygen.1,v 1.117 2013/12/07 08:08:26 djm Exp $
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: June 27 2013 $
+.Dd $Mdocdate: December 7 2013 $
.Dt SSH-KEYGEN 1
.Os
.Sh NAME
.Fl T Ar output_file
.Fl f Ar input_file
.Op Fl v
-.Op Fl a Ar num_trials
+.Op Fl a Ar rounds
.Op Fl J Ar num_lines
.Op Fl j Ar start_line
.Op Fl K Ar checkpt
This is used by
.Pa /etc/rc
to generate new host keys.
-.It Fl a Ar trials
-Specifies the number of primality tests to perform when screening DH-GEX
-candidates using the
+.It Fl a Ar rounds
+When saving a new-format private key (i.e. an ed25519 key or any SSH protocol
+2 key when the
+.Fl o
+flag is set), this option specifies the number of KDF (key derivation function)
+rounds used.
+Higher numbers result in slower passphrase verification and increased
+resistance to brute-force password cracking (should the keys be stolen).
+.Pp
+When screening DH-GEX candidates (
+using the
.Fl T
-command.
+command).
+This option specifies the number of primality tests to perform.
.It Fl B
Show the bubblebabble digest of specified private or public key file.
.It Fl b Ar bits
.El
.Pp
At present, no options are valid for host keys.
+.It Fl o
+Causes
+.Nm
+to save SSH protocol 2 private keys using the new OpenSSH format rather than
+the more compatible PEM format.
+The new format has increased resistance to brute-force password cracking
+but is not supported by versions of OpenSSH prior to 6.5.
+Ed25519 keys always use the new private key format.
.It Fl P Ar passphrase
Provides the (old) passphrase.
.It Fl p
projects / thirdparty / openssh-portable.git / commitdiff
