What does ssh-keygen [-o] do?

Gitlab lists their ssh-keygen commands with the -o flag:
https://docs.gitlab.com/ee/ssh/

But I cannot find -o in any help page or man page.

What does it do?


Solution 1:

Quoting OpenSSH 7.7 man page of ssh-keygen:

-o Causes ssh-keygen to save private keys using the new OpenSSH format rather than the more compatible PEM format. The new format has increased resistance to brute-force password cracking but is not supported by versions of OpenSSH prior to 6.5. Ed25519 keys always use the new private key format.


The option existed in OpenSSH 6.5 through 7.7. Since OpenSSH 7.8, the -o is the default behavior and the option is no longer documented (just silently ignored, when used).

In those older versions, ssh-keygen would by default use PEM format for RSA, DSA and ECDSA keys (but not Ed25519).

In OpenSSH 7.8 and newer, you can get the key in the PEM format by using -m PEM flag.