-a

When saving a new-format private key (i.e. an ed25519 key or when the -o flag is set), this option spec‐ifies the number of KDF (key derivation function) rounds used. Higher numbers result in slowerpassphrase verification and increased resistance to brute-force password cracking (should the keys bestolen).When screening DH-GEX candidates (using the -T command). This option specifies the number of primalitytests to perform.

-B

Show the bubblebabble digest of specified private or public key file.

-b

Specifies the number of bits in the key to create. For RSA keys, the minimum size is 1024 bits and thedefault is 2048 bits. Generally, 2048 bits is considered sufficient. DSA keys must be exactly 1024bits as specified by FIPS 186-2. For ECDSA keys, the -b flag determines the key length by selectingfrom one of three elliptic curve sizes: 256, 384 or 521 bits. Attempting to use bit lengths other thanthese three values for ECDSA keys will fail. Ed25519 keys have a fixed length and the -b flag will beignored.

-C

Provides a new comment.

-D

Download the RSA public keys provided by the PKCS#11 shared library pkcs11. When used in combinationwith -s, this option indicates that a CA key resides in a PKCS#11 token (see the CERTIFICATES sectionfor details).

-E

Specifies the hash algorithm used when displaying key fingerprints. Valid options are: “md5” and“sha256”. The default is “sha256”.

-F

Search for the specified hostname in a known_hosts file, listing any occurrences found. This option isuseful to find hashed host names or addresses and may also be used in conjunction with the -H option toprint found keys in a hashed format.

-f

Specifies the filename of the key file.

-G

Generate candidate primes for DH-GEX. These primes must be screened for safety (using the -T option)before use.

-g

Use generic DNS format when printing fingerprint resource records using the -r command.

-I

Specify the key identity when signing a public key. Please see the CERTIFICATES section for details.

-J

Exit after screening the specified number of lines while performing DH candidate screening using the -Toption.

-j

Start screening at the specified line number while performing DH candidate screening using the -Toption.

-K

Write the last line processed to the file checkpt while performing DH candidate screening using the -Toption. This will be used to skip lines in the input file that have already been processed if the jobis restarted.

-L

Prints the contents of one or more certificates.

-M

Specify the amount of memory to use (in megabytes) when generating candidate moduli for DH-GEX.

-m

Specify a key format for the -i (import) or -e (export) conversion options. The supported key formatsare: “RFC4716” (RFC 4716/SSH2 public or private key), “PKCS8” (PEM PKCS8 public key) or “PEM” (PEM pub‐lic key). The default conversion format is “RFC4716”.

-N

Provides the new passphrase.

-n

Specify one or more principals (user or host names) to be included in a certificate when signing a key.Multiple principals may be specified, separated by commas. Please see the CERTIFICATES section fordetails.

-O

Specify a certificate option when signing a key. This option may be specified multiple times. See alsothe CERTIFICATES section for further details. The options that are valid for user certificates are:clear Clear all enabled permissions. This is useful for clearing the default set of permissions sopermissions may be added individually.critical:name[=contents]extension:name[=contents]Includes an arbitrary certificate critical option or extension. The specified name shouldinclude a domain suffix, e.g. “name@example.com”. If contents is specified then it is includedas the contents of the extension/option encoded as a string, otherwise the extension/option iscreated with no contents (usually indicating a flag). Extensions may be ignored by a client orserver that does not recognise them, whereas unknown critical options will cause the certificateto be refused.At present, no standard options are valid for host keys.force-command=commandForces the execution of command instead of any shell or command specified by the user when thecertificate is used for authentication.no-agent-forwardingDisable ssh-agent(1) forwarding (permitted by default).no-port-forwardingDisable port forwarding (permitted by default).no-pty Disable PTY allocation (permitted by default).no-user-rcDisable execution of ~/.ssh/rc by sshd(8) (permitted by default).no-x11-forwardingDisable X11 forwarding (permitted by default).permit-agent-forwardingAllows ssh-agent(1) forwarding.permit-port-forwardingAllows port forwarding.permit-ptyAllows PTY allocation.permit-user-rcAllows execution of ~/.ssh/rc by sshd(8).permit-x11-forwardingAllows X11 forwarding.source-address=address_listRestrict the source addresses from which the certificate is considered valid. The address_listis a comma-separated list of one or more address/netmask pairs in CIDR format.

-P

Provides the (old) passphrase.

-Q

Test whether keys have been revoked in a KRL.

-q

Silence ssh-keygen.

-R

Removes all keys belonging to hostname from a known_hosts file. This option is useful to delete hashedhosts (see the -H option above).

-r

Print the SSHFP fingerprint resource record named hostname for the specified public key file.

-S

Specify start point (in hex) when generating candidate moduli for DH-GEX.

-s

Certify (sign) a public key using the specified CA key. Please see the CERTIFICATES section fordetails.When generating a KRL, -s specifies a path to a CA public key file used to revoke certificates directlyby key ID or serial number. See the KEY REVOCATION LISTS section for details.

-T

Test DH group exchange candidate primes (generated using the -G option) for safety.

-t

Specifies the type of key to create. The possible values are “dsa”, “ecdsa”, “ed25519”, or “rsa”.

-V

Specify a validity interval when signing a certificate. A validity interval may consist of a singletime, indicating that the certificate is valid beginning now and expiring at that time, or may consistof two times separated by a colon to indicate an explicit time interval. The start time may be speci‐fied as a date in YYYYMMDD format, a time in YYYYMMDDHHMMSS format or a relative time (to the currenttime) consisting of a minus sign followed by a relative time in the format described in the TIME FORMATSsection of sshd_config(5). The end time may be specified as a YYYYMMDD date, a YYYYMMDDHHMMSS time or arelative time starting with a plus character.For example: “+52w1d” (valid from now to 52 weeks and one day from now), “-4w:+4w” (valid from fourweeks ago to four weeks from now), “20100101123000:20110101123000” (valid from 12:30 PM, January 1st,2010 to 12:30 PM, January 1st, 2011), “-1d:20110101” (valid from yesterday to midnight, January 1st,2011).

-W

Specify desired generator when testing candidate moduli for DH-GEX.

-y

This option will read a private OpenSSH format file and print an OpenSSH public key to stdout.

-z

Specifies a serial number to be embedded in the certificate to distinguish this certificate from othersfrom the same CA. The default serial number is zero.When generating a KRL, the -z flag is used to specify a KRL version number.MODULI GENERATIONssh-keygen may be used to generate groups for the Diffie-Hellman Group Exchange (DH-GEX) protocol. Generatingthese groups is a two-step process: first, candidate primes are generated using a fast, but memory intensiveprocess. These candidate primes are then tested for suitability (a CPU-intensive process).Generation of primes is performed using the -G option. The desired length of the primes may be specified by the