diff --git a/chrony.texi.in b/chrony.texi.in
index 2fc780c..3d629e3 100644
--- a/chrony.texi.in
+++ b/chrony.texi.in
@@ -3820,12 +3820,12 @@ key file (@pxref{keyfile directive}) to allow NTP authentication between
 server and client, or peers.  The key is generated from the @code{/dev/urandom}
 device and it's printed to standard output.
 
-The first argument of the command is the key number, which will be specified
-with the @code{key} option of the @code{server} or @code{peer} directives in
-the configuration file.  The second and third arguments are optional.  They
-specify the hash function (by default SHA1 or MD5 if SHA1 is not available) and
-the number of bits the key should have between 80 and 4096 bits (by default 160
-bits).
+The command has three optional arguments.  The first argument is the key number
+(by default 1), which will be specified with the @code{key} option of the
+@code{server} or @code{peer} directives in the configuration file.  The second
+argument is the hash function (by default SHA1 or MD5 if SHA1 is not available)
+and the third argument is the number of bits the key should have, between 80
+and 4096 bits (by default 160 bits).
 
 An example is
 
diff --git a/client.c b/client.c
index 2257763..969331b 100644
--- a/client.c
+++ b/client.c
@@ -1256,7 +1256,7 @@ give_help(void)
     "dns -4|-6|-46\0Resolve hostnames only to IPv4/IPv6/both addresses\0"
     "timeout <milliseconds>\0Set initial response timeout\0"
     "retries <retries>\0Set maximum number of retries\0"
-    "keygen <id> [<type> [<bits>]]\0Generate key for key file\0"
+    "keygen [<id> [<type> [<bits>]]]\0Generate key for key file\0"
     "exit|quit\0Leave the program\0"
     "help\0Generate this help\0"
     "\0";
@@ -2443,7 +2443,7 @@ process_cmd_keygen(char *line)
 {
   char hash_name[17];
   unsigned char key[512];
-  unsigned int i, length, id, bits = 160;
+  unsigned int i, length, id = 1, bits = 160;
 
 #ifdef FEAT_SECHASH
   snprintf(hash_name, sizeof (hash_name), "SHA1");
@@ -2451,10 +2451,7 @@ process_cmd_keygen(char *line)
   snprintf(hash_name, sizeof (hash_name), "MD5");
 #endif
 
-  if (sscanf(line, "%u %16s %d", &id, hash_name, &bits) < 1) {
-    LOG(LOGS_ERR, LOGF_Client, "Invalid syntax for keygen command");
-    return 0;
-  }
+  sscanf(line, "%u %16s %d", &id, hash_name, &bits);
 
   length = CLAMP(10, (bits + 7) / 8, sizeof (key));
   if (HSH_GetHashId(hash_name) < 0) {