summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authornaddy@openbsd.org <naddy@openbsd.org>2020-01-17 20:13:47 +0000
committerDamien Miller <djm@mindrot.org>2020-01-21 18:09:09 +1100
commite8c06c4ee708720efec12cd1a6f78a3c6d76b7f0 (patch)
tree971f5c99a3b85087c631db07dff2a66728d77129
parent0d005d6372a067b59123dec8fc6dc905f2c09e1e (diff)
upstream: Document loading of resident keys from a FIDO
authenticator. * Rename -O to -K to keep "-O option" available. * Document -K. * Trim usage() message down to synopsis, like all other commands. ok markus@ OpenBSD-Commit-ID: 015c2c4b28f8e19107adc80351b44b23bca4c78a
Diffstat
-rw-r--r--ssh-add.18
-rw-r--r--ssh-add.c40
2 files changed, 20 insertions, 28 deletions
diff --git a/ssh-add.1 b/ssh-add.1
index 45af7357a..7c592d8db 100644
--- a/ssh-add.1
+++ b/ssh-add.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: ssh-add.1,v 1.77 2019/12/21 20:22:34 naddy Exp $ 1.\" $OpenBSD: ssh-add.1,v 1.78 2020/01/17 20:13:47 naddy Exp $
2.\" 2.\"
3.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 3.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
35.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 35.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
36.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 36.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
37.\" 37.\"
38.Dd $Mdocdate: December 21 2019 $ 38.Dd $Mdocdate: January 17 2020 $
39.Dt SSH-ADD 1 39.Dt SSH-ADD 1
40.Os 40.Os
41.Sh NAME 41.Sh NAME
@@ -43,7 +43,7 @@
43.Nd adds private key identities to the OpenSSH authentication agent 43.Nd adds private key identities to the OpenSSH authentication agent
44.Sh SYNOPSIS 44.Sh SYNOPSIS
45.Nm ssh-add 45.Nm ssh-add
46.Op Fl cDdkLlqvXx 46.Op Fl cDdKkLlqvXx
47.Op Fl E Ar fingerprint_hash 47.Op Fl E Ar fingerprint_hash
48.Op Fl S Ar provider 48.Op Fl S Ar provider
49.Op Fl t Ar life 49.Op Fl t Ar life
@@ -124,6 +124,8 @@ The default is
124.It Fl e Ar pkcs11 124.It Fl e Ar pkcs11
125Remove keys provided by the PKCS#11 shared library 125Remove keys provided by the PKCS#11 shared library
126.Ar pkcs11 . 126.Ar pkcs11 .
127.It Fl K
128Load resident keys from a FIDO authenticator.
127.It Fl k 129.It Fl k
128When loading keys into or deleting keys from the agent, process plain private 130When loading keys into or deleting keys from the agent, process plain private
129keys only and skip certificates. 131keys only and skip certificates.
diff --git a/ssh-add.c b/ssh-add.c
index fbb2578dd..980caa467 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-add.c,v 1.149 2020/01/06 02:00:46 djm Exp $ */ 1/* $OpenBSD: ssh-add.c,v 1.150 2020/01/17 20:13:47 naddy Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -606,26 +606,16 @@ do_file(int agent_fd, int deleting, int key_only, char *file, int qflag,
606static void 606static void
607usage(void) 607usage(void)
608{ 608{
609 fprintf(stderr, "usage: %s [options] [file ...]\n", __progname); 609 fprintf(stderr,
610 fprintf(stderr, "Options:\n"); 610"usage: ssh-add [-cDdKkLlqvXx] [-E fingerprint_hash] [-S provider] [-t life]\n"
611 fprintf(stderr, " -l List fingerprints of all identities.\n"); 611#ifdef WITH_XMSS
612 fprintf(stderr, " -E hash Specify hash algorithm used for fingerprints.\n"); 612" [-M maxsign] [-m minleft]\n"
613 fprintf(stderr, " -L List public key parameters of all identities.\n"); 613#endif
614 fprintf(stderr, " -k Load only keys and not certificates.\n"); 614" [file ...]\n"
615 fprintf(stderr, " -c Require confirmation to sign using identities\n"); 615" ssh-add -s pkcs11\n"
616 fprintf(stderr, " -m minleft Maxsign is only changed if less than minleft are left (for XMSS)\n"); 616" ssh-add -e pkcs11\n"
617 fprintf(stderr, " -M maxsign Maximum number of signatures allowed (for XMSS)\n"); 617" ssh-add -T pubkey ...\n"
618 fprintf(stderr, " -t life Set lifetime (in seconds) when adding identities.\n"); 618 );
619 fprintf(stderr, " -d Delete identity.\n");
620 fprintf(stderr, " -D Delete all identities.\n");
621 fprintf(stderr, " -x Lock agent.\n");
622 fprintf(stderr, " -X Unlock agent.\n");
623 fprintf(stderr, " -s pkcs11 Add keys from PKCS#11 provider.\n");
624 fprintf(stderr, " -e pkcs11 Remove keys provided by PKCS#11 provider.\n");
625 fprintf(stderr, " -T pubkey Test if ssh-agent can access matching private key.\n");
626 fprintf(stderr, " -S provider Specify security key provider.\n");
627 fprintf(stderr, " -q Be quiet after a successful operation.\n");
628 fprintf(stderr, " -v Be more verbose.\n");
629} 619}
630 620
631int 621int
@@ -665,7 +655,7 @@ main(int argc, char **argv)
665 655
666 skprovider = getenv("SSH_SK_PROVIDER"); 656 skprovider = getenv("SSH_SK_PROVIDER");
667 657
668 while ((ch = getopt(argc, argv, "vklLcdDTxXE:e:M:m:Oqs:S:t:")) != -1) { 658 while ((ch = getopt(argc, argv, "vkKlLcdDTxXE:e:M:m:qs:S:t:")) != -1) {
669 switch (ch) { 659 switch (ch) {
670 case 'v': 660 case 'v':
671 if (log_level == SYSLOG_LEVEL_INFO) 661 if (log_level == SYSLOG_LEVEL_INFO)
@@ -681,15 +671,15 @@ main(int argc, char **argv)
681 case 'k': 671 case 'k':
682 key_only = 1; 672 key_only = 1;
683 break; 673 break;
674 case 'K':
675 do_download = 1;
676 break;
684 case 'l': 677 case 'l':
685 case 'L': 678 case 'L':
686 if (lflag != 0) 679 if (lflag != 0)
687 fatal("-%c flag already specified", lflag); 680 fatal("-%c flag already specified", lflag);
688 lflag = ch; 681 lflag = ch;
689 break; 682 break;
690 case 'O':
691 do_download = 1;
692 break;
693 case 'x': 683 case 'x':
694 case 'X': 684 case 'X':
695 if (xflag != 0) 685 if (xflag != 0)
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 18:15:32 +0000