diff options
author | Colin Watson <cjwatson@debian.org> | 2010-04-16 10:04:09 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2010-04-16 10:04:09 +0100 |
commit | 78eedc2c60ff4718200f9271d8ee4f437da3a0c5 (patch) | |
tree | 13e783343edf688afffb4a8e02dc9685342b98a6 /ssh-keygen.0 | |
parent | d1a87e462e1db89f19cd960588d0c6b287cb5ccc (diff) | |
parent | ff0095389ba9a9e4599e6051c8d5bae6777c4d64 (diff) |
merge 5.5p1
Diffstat (limited to 'ssh-keygen.0')
-rw-r--r-- | ssh-keygen.0 | 44 |
1 files changed, 22 insertions, 22 deletions
diff --git a/ssh-keygen.0 b/ssh-keygen.0 index c9877300e..aed4a14ad 100644 --- a/ssh-keygen.0 +++ b/ssh-keygen.0 | |||
@@ -165,8 +165,14 @@ DESCRIPTION | |||
165 | section for details. The constraints that are valid for user | 165 | section for details. The constraints that are valid for user |
166 | certificates are: | 166 | certificates are: |
167 | 167 | ||
168 | no-x11-forwarding | 168 | clear Clear all enabled permissions. This is useful for clear- |
169 | Disable X11 forwarding (permitted by default). | 169 | ing the default set of permissions so permissions may be |
170 | added individually. | ||
171 | |||
172 | force-command=command | ||
173 | Forces the execution of command instead of any shell or | ||
174 | command specified by the user when the certificate is | ||
175 | used for authentication. | ||
170 | 176 | ||
171 | no-agent-forwarding | 177 | no-agent-forwarding |
172 | Disable ssh-agent(1) forwarding (permitted by default). | 178 | Disable ssh-agent(1) forwarding (permitted by default). |
@@ -180,12 +186,8 @@ DESCRIPTION | |||
180 | Disable execution of ~/.ssh/rc by sshd(8) (permitted by | 186 | Disable execution of ~/.ssh/rc by sshd(8) (permitted by |
181 | default). | 187 | default). |
182 | 188 | ||
183 | clear Clear all enabled permissions. This is useful for clear- | 189 | no-x11-forwarding |
184 | ing the default set of permissions so permissions may be | 190 | Disable X11 forwarding (permitted by default). |
185 | added individually. | ||
186 | |||
187 | permit-x11-forwarding | ||
188 | Allows X11 forwarding. | ||
189 | 191 | ||
190 | permit-agent-forwarding | 192 | permit-agent-forwarding |
191 | Allows ssh-agent(1) forwarding. | 193 | Allows ssh-agent(1) forwarding. |
@@ -199,16 +201,14 @@ DESCRIPTION | |||
199 | permit-user-rc | 201 | permit-user-rc |
200 | Allows execution of ~/.ssh/rc by sshd(8). | 202 | Allows execution of ~/.ssh/rc by sshd(8). |
201 | 203 | ||
202 | force-command=command | 204 | permit-x11-forwarding |
203 | Forces the execution of command instead of any shell or | 205 | Allows X11 forwarding. |
204 | command specified by the user when the certificate is | ||
205 | used for authentication. | ||
206 | 206 | ||
207 | source-address=address_list | 207 | source-address=address_list |
208 | Restrict the source addresses from which the certificate | 208 | Restrict the source addresses from which the certificate |
209 | is considered valid from. The address_list is a comma- | 209 | is considered valid. The address_list is a comma-sepa- |
210 | separated list of one or more address/netmask pairs in | 210 | rated list of one or more address/netmask pairs in CIDR |
211 | CIDR format. | 211 | format. |
212 | 212 | ||
213 | At present, no constraints are valid for host keys. | 213 | At present, no constraints are valid for host keys. |
214 | 214 | ||
@@ -257,9 +257,9 @@ DESCRIPTION | |||
257 | in YYYYMMDD format, a time in YYYYMMDDHHMMSS format or a relative | 257 | in YYYYMMDD format, a time in YYYYMMDDHHMMSS format or a relative |
258 | time (to the current time) consisting of a minus sign followed by | 258 | time (to the current time) consisting of a minus sign followed by |
259 | a relative time in the format described in the TIME FORMATS sec- | 259 | a relative time in the format described in the TIME FORMATS sec- |
260 | tion of ssh_config(5). The end time may be specified as a YYYYM- | 260 | tion of sshd_config(5). The end time may be specified as a |
261 | MDD date, a YYYYMMDDHHMMSS time or a relative time starting with | 261 | YYYYMMDD date, a YYYYMMDDHHMMSS time or a relative time starting |
262 | a plus character. | 262 | with a plus character. |
263 | 263 | ||
264 | For example: ``+52w1d'' (valid from now to 52 weeks and one day | 264 | For example: ``+52w1d'' (valid from now to 52 weeks and one day |
265 | from now), ``-4w:+4w'' (valid from four weeks ago to four weeks | 265 | from now), ``-4w:+4w'' (valid from four weeks ago to four weeks |
@@ -329,12 +329,12 @@ CERTIFICATES | |||
329 | 329 | ||
330 | $ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub | 330 | $ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub |
331 | 331 | ||
332 | The resultant certificate will be placed in /path/to/user_key_cert.pub. | 332 | The resultant certificate will be placed in /path/to/user_key-cert.pub. |
333 | A host certificate requires the -h option: | 333 | A host certificate requires the -h option: |
334 | 334 | ||
335 | $ ssh-keygen -s /path/to/ca_key -I key_id -h /path/to/host_key.pub | 335 | $ ssh-keygen -s /path/to/ca_key -I key_id -h /path/to/host_key.pub |
336 | 336 | ||
337 | The host certificate will be output to /path/to/host_key_cert.pub. In | 337 | The host certificate will be output to /path/to/host_key-cert.pub. In |
338 | both cases, key_id is a "key identifier" that is logged by the server | 338 | both cases, key_id is a "key identifier" that is logged by the server |
339 | when the certificate is used for authentication. | 339 | when the certificate is used for authentication. |
340 | 340 | ||
@@ -344,7 +344,7 @@ CERTIFICATES | |||
344 | pals: | 344 | pals: |
345 | 345 | ||
346 | $ ssh-keygen -s ca_key -I key_id -n user1,user2 user_key.pub | 346 | $ ssh-keygen -s ca_key -I key_id -n user1,user2 user_key.pub |
347 | $ ssh-keygen -s ca_key -I key_id -h -n host.domain $0 | 347 | $ ssh-keygen -s ca_key -I key_id -h -n host.domain user_key.pub |
348 | 348 | ||
349 | Additional limitations on the validity and use of user certificates may | 349 | Additional limitations on the validity and use of user certificates may |
350 | be specified through certificate constraints. A constrained certificate | 350 | be specified through certificate constraints. A constrained certificate |
@@ -431,4 +431,4 @@ AUTHORS | |||
431 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | 431 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
432 | versions 1.5 and 2.0. | 432 | versions 1.5 and 2.0. |
433 | 433 | ||
434 | OpenBSD 4.6 March 8, 2010 7 | 434 | OpenBSD 4.7 March 13, 2010 7 |