Converts a key file from the SSH1 format to the SSH2 format. Note: "1" is number one (not letter L).

Extracts certificates from a PKCS #7 file.

Specifies the length of the generated key in bits (default: 2048).

Specifies the number base for displaying key information (default: 10).

Specifies a comment string for the generated key.

Derives the public key from the private key file.

Edits the specified key. Makes ssh-keygen-g3 interactive. You can change the key's passphrase or comment.

Dumps the fingerprint of the given public key. By default, the fingerprint is given in the SSH Babble format, which makes the fingerprint look like a string of "real" words (making it easier to pronounce). The format can be changed with the --fingerprint-type option.

Dumps the fingerprint of the locally stored host key identified with the given <host id>. The <host id> is a host name or string "host#port";.

Stores the generated key pair in the default host key directory (/opt/tectia/etc on Unix, "C:\Program Files\SSH Communications Security\SSH Tectia\SSH Tectia Server" on Windows). Specify the -P option to store the private key with an empty passphrase.

Loads and displays information on the key file.

Converts a PKCS #12 file to an SSH2-format certificate and private key.

Specifies the passphrase for the generated key.

Specifies that the generated key will be saved with an empty passphrase.

Hides the progress indicator during key generation.

Adds entropy from file to the random pool. If file contains 'relatively random' data (i.e. data unpredictable by a potential attacker), the randomness of the pool is increased. Good randomness is essential for the security of the generated keys.

Selects the type of the key. Valid options are dsa (default) and rsa.

Converts a private key from the X.509 format to the SSH2 format.

Appends the keys. Optional values are yes and no. The default is to append.

Copies the host identity to the specified directory.

Deletes the host key of the specified host id. The <host id> is a host name or string "host#port";.

Specifies the output format of the fingerprint. If this option is given, the -F option and the key filename must precede it. The default format is babble.

See the section called “Examples” for examples of using this option.

Generates the key using the FIPS mode for the cryptographic library. In the FIPS mode, only DSA keys of 1024 bits and RSA keys of at least 512 bits can be generated, and the keys must have non-empty passphrases. By default (if this option is not given), the key is generated using the standard mode for the cryptographic library.

Specifies the location of the FIPS cryptographic DLL.

Specifies the digest algorithm for fingerprint generation. Valid options are md5 and sha1.

When copying, uses the given file as the source host key, instead of autodetecting the location. When deleting, only deletes from the given location. If the specified file does not contain identities for the specified host, does nothing.

Specifies the directory for known host keys to be used instead of the default location.

Attempts to import a public key from infile and store it to outfile in SSH2 native format.

Attempts to import an unencrypted private key from infile and store it to outfile in SSH2 native private key format.

Imports an SSH1-style authorized_keys file infile and generates an SSH2-style authorization file outfile, and stores the keys from infile to generated files into the same directory with outfile.

Uses the specified known hosts file. Enables fetching fingerprints for hosts defined in OpenSSH-style known-hosts file.

Overwrite files with the same filenames. The default is to overwrite.

Displays the fingerprint in the format specified in RFC4716. The digest algorithm (hash) is md5, and the output format is the 16-bytes output in lowercase HEX separated with colons (:).

Displays version string and exits.

Displays a short summary of command-line options and exits.