{
"name": "ssh-keygen",
"description": "Generates, manages and converts authentication keys for ssh",
"options": [
{
"names": [
"-A"
],
"description": "For each of the key types (rsa, dsa, ecdsa and ed25519) for which host keys do not exist, generate the host keys with the default key file path, an empty passphrase, default bits for the key type, and"
},
{
"names": [
"-a"
],
"description": "When saving a private key, this option specifies the number of KDF",
"takes_arg": true,
"arg": {
"name": "rounds",
"description": "Number of rounds being used",
"suggestions": [
"16"
]
}
},
{
"names": [
"-B"
],
"description": "Show the bubblebabble digest of specified private or public key file"
},
{
"names": [
"-b"
],
"description": "Specifies the number of bits in the key to create",
"takes_arg": true,
"arg": {
"name": "bits",
"description": "Number of bits in the key",
"suggestions": [
"3072"
]
}
},
{
"names": [
"-C"
],
"description": "Provides a new comment",
"takes_arg": true,
"arg": {
"name": "comment",
"description": "New comment value"
}
},
{
"names": [
"-c"
],
"description": "Requests changing the comment in the private and public key files"
},
{
"names": [
"-D"
],
"description": "Download the public keys provided by the PKCS#11",
"takes_arg": true,
"arg": {
"name": "pkcs11",
"description": "PKCS#11 public keys"
}
},
{
"names": [
"-E"
],
"description": "Specifies the hash algorithm used",
"takes_arg": true,
"arg": {
"name": "fingerprint_hash",
"description": "Hash algorithm value",
"suggestions": [
"md5",
"sha256"
]
}
},
{
"names": [
"-e"
],
"description": "Read a OpenSSH key file and print to stdout"
},
{
"names": [
"-F"
],
"description": "Search for the specified hostname (with optional port number)",
"takes_arg": true,
"arg": {
"name": "hostname",
"description": "Hostname with optional port number"
}
},
{
"names": [
"-f"
],
"description": "Specifies the filename of the key file",
"takes_arg": true,
"arg": {
"name": "filename",
"description": "Filename of the key file",
"template": "filepaths"
}
},
{
"names": [
"-g"
],
"description": "Use generic DNS format when printing fingerprint resource records"
},
{
"names": [
"-H"
],
"description": "Hash a known_hosts file"
},
{
"names": [
"-h"
],
"description": "Create a host certificate instead of a user"
},
{
"names": [
"-I"
],
"description": "Specify the key identity when signing a public key",
"takes_arg": true,
"arg": {
"name": "certificate_identity",
"description": "Key identity value",
"template": "filepaths"
}
},
{
"names": [
"-i"
],
"description": "Read an unencrypted private (or public) key file"
},
{
"names": [
"-K"
],
"description": "Download resident keys from a FIDO\tauthenticator"
},
{
"names": [
"-k"
],
"description": "Generate a\tKRL file"
},
{
"names": [
"-L"
],
"description": "Generate a\tKRL file"
},
{
"names": [
"-l"
],
"description": "Show fingerprint of specified public key file"
},
{
"names": [
"-M"
],
"description": "Use for Moduli generation",
"takes_arg": true,
"arg": {
"name": "command",
"description": "Use generate or screen",
"suggestions": [
"generate",
"screen"
]
}
},
{
"names": [
"-m"
],
"description": "Specify a key format for key generation",
"takes_arg": true,
"arg": {
"name": "key_format",
"description": "Key format for key generation"
}
},
{
"names": [
"-N"
],
"description": "Provides the new passphrase",
"takes_arg": true,
"arg": {
"name": "new_passphrase",
"description": "New passphrase value"
}
},
{
"names": [
"-n"
],
"description": "Specify one or more principals (user or host names) to be included in a certificate when signing a key",
"takes_arg": true,
"arg": {
"name": "principals",
"description": "Principals to be included in a certificate when signing a key"
}
},
{
"names": [
"-O"
],
"description": "Specify a key/value option",
"takes_arg": true,
"arg": {
"name": "option",
"description": "Value for option"
}
},
{
"names": [
"-P"
],
"description": "Provides the (old) passphrase",
"takes_arg": true,
"arg": {
"name": "passphrase",
"description": "(Old) passphrase value"
}
},
{
"names": [
"-p"
],
"description": "Requests changing the passphrase of a private key file instead of creating a new private key"
},
{
"names": [
"-Q"
],
"description": "Test whether keys have been revoked in a KRL"
},
{
"names": [
"-q"
],
"description": "Silence ssh-keygen"
},
{
"names": [
"-R"
],
"description": "Removes all keys belonging to hostname",
"takes_arg": true,
"arg": {
"name": "hostname",
"description": "Hostname to remove keys from a known_hosts file"
}
},
{
"names": [
"-r"
],
"description": "Print the SSHFP fingerprint resource record named hostname for the specified public key file",
"takes_arg": true,
"arg": {
"name": "hostname",
"description": "Hostname for the specified public key file"
}
},
{
"names": [
"-s"
],
"description": "Certify (sign) a public key using the specified CA\tkey",
"takes_arg": true,
"arg": {
"name": "ca_key",
"description": "Hostname for the specified public key file"
}
},
{
"names": [
"-t"
],
"description": "Specifies the type of key to create",
"takes_arg": true,
"arg": {
"name": "command",
"suggestions": [
"dsa",
"ecdsa-sk",
"ed25519",
"ed25519-sk",
"rsa"
]
}
},
{
"names": [
"-U"
],
"description": "When used in combination with -s, this option indicates that a CA key resides in a ssh-agent(1)"
},
{
"names": [
"-u"
],
"description": "Update a KRL"
},
{
"names": [
"-V"
],
"description": "Specify a validity interval when signing a certificate",
"takes_arg": true,
"arg": {
"name": "validity_interval",
"description": "Value for validity interval"
}
},
{
"names": [
"-v"
],
"description": "Verbose mode"
},
{
"names": [
"-w"
],
"description": "Specifies a path to a library that will be used when creating FIDO authenticator-hosted keys",
"takes_arg": true,
"arg": {
"name": "provider",
"description": "Path to library to be used when creating FIDO authenticator-hosted keys"
}
},
{
"names": [
"-Y"
],
"description": "Multiple functions: find principals, match principals, check novalidate, sign, verify",
"takes_arg": true,
"arg": {
"name": "command",
"is_variadic": true,
"suggestions": [
"find-principals",
"check-novalidate",
"sign",
"verify"
]
}
},
{
"names": [
"-y"
],
"description": "Read a private OpenSSH format file and print an OpenSSH public key to stdout"
},
{
"names": [
"-Z"
],
"description": "Specifies the cipher to use for encryption when writing an OpenSSH-format private key file",
"takes_arg": true,
"arg": {
"name": "cipher",
"description": "Cipher to use for encryption"
}
},
{
"names": [
"-z"
],
"description": "Specifies a serial number to be embedded in the certificate to distinguish this certificate from others from the same CA",
"takes_arg": true,
"arg": {
"name": "serial_number",
"description": "Serial number to distinguish this certificate"
}
}
]
}