What does ssh-keygen [-o] do?

3

2

Gitlab lists their ssh-keygen commands with the -o flag:
https://docs.gitlab.com/ee/ssh/

But I cannot find -o in any help page or man page.

What does it do?

jsarbour

Posted 2019-07-03T13:22:24.433

Reputation: 139

Answers

4

Quoting OpenSSH 7.7 man page of ssh-keygen:

-o Causes ssh-keygen to save private keys using the new OpenSSH format rather than the more compatible PEM format. The new format has increased resistance to brute-force password cracking but is not supported by versions of OpenSSH prior to 6.5. Ed25519 keys always use the new private key format.

The option existed in OpenSSH 6.5–7.7. Since OpenSSH 7.8, the -o is the default behavior and the option is no longer documented (just silently ignored, when used).

In those older versions, ssh-keygen would by default use PEM format for RSA, DSA and ECDSA keys (but not Ed25519).

In OpenSSH 7.8 and newer, you can get the key in the PEM format by using -m PEM flag.

Martin Prikryl

Posted 2019-07-03T13:22:24.433

Reputation: 13 764

7.8 was released 2018-08 almost a year ago, but distros, platforms, packages, and such vary in how quickly they adopt new releases. – dave_thompson_085 – 2019-07-24T09:14:54.320

Asked: 2019-07-03T13:22:24.433

Viewed: 1 270 times

Active: 2019-07-24T09:06:31.280