summaryrefslogtreecommitdiff
path: root/ssh-keygen.1
diff options
context:
space:
mode:
authornaddy@openbsd.org <naddy@openbsd.org>2019-12-21 20:22:34 +0000
committerDamien Miller <djm@mindrot.org>2019-12-30 14:31:40 +1100
commit141df487ba699cfd1ec3dcd98186e7c956e99024 (patch)
treed759e3195bf74db1bf1673c563dd24450fcc4c50 /ssh-keygen.1
parentfbd9729d4eadf2f7097b6017156387ac64302453 (diff)
upstream: Replace the term "security key" with "(FIDO)
authenticator". The polysemous use of "key" was too confusing. Input from markus@. ok jmc@ OpenBSD-Commit-ID: 12eea973a44c8232af89f86e4269d71ae900ca8f
Diffstat (limited to 'ssh-keygen.1')
-rw-r--r--ssh-keygen.125
1 files changed, 12 insertions, 13 deletions
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 1b77bdf6d..e48597388 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: ssh-keygen.1,v 1.179 2019/11/30 07:07:59 jmc Exp $ 1.\" $OpenBSD: ssh-keygen.1,v 1.180 2019/12/21 20:22:34 naddy Exp $
2.\" 2.\"
3.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 3.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
35.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 35.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
36.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 36.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
37.\" 37.\"
38.Dd $Mdocdate: November 30 2019 $ 38.Dd $Mdocdate: December 21 2019 $
39.Dt SSH-KEYGEN 1 39.Dt SSH-KEYGEN 1
40.Os 40.Os
41.Sh NAME 41.Sh NAME
@@ -537,7 +537,7 @@ Allows X11 forwarding.
537.It Ic no-touch-required 537.It Ic no-touch-required
538Do not require signatures made using this key require demonstration 538Do not require signatures made using this key require demonstration
539of user presence (e.g. by having the user touch the key). 539of user presence (e.g. by having the user touch the key).
540This option only makes sense for the Security Key algorithms 540This option only makes sense for the FIDO authenticator algorithms
541.Cm ecdsa-sk 541.Cm ecdsa-sk
542and 542and
543.Cm ed25519-sk . 543.Cm ed25519-sk .
@@ -673,11 +673,11 @@ The maximum is 3.
673.It Fl W Ar generator 673.It Fl W Ar generator
674Specify desired generator when testing candidate moduli for DH-GEX. 674Specify desired generator when testing candidate moduli for DH-GEX.
675.It Fl w Ar provider 675.It Fl w Ar provider
676Specifies a path to a security key provider library that will be used when 676Specifies a path to a library that will be used when creating
677creating any security key-hosted keys, overriding the default of the 677FIDO authenticator-hosted keys, overriding the default of using
678internal support for USB HID keys. 678the internal USB HID support.
679.It Fl x Ar flags 679.It Fl x Ar flags
680Specifies the security key flags to use when enrolling a security key-hosted 680Specifies the authenticator flags to use when enrolling an authenticator-hosted
681key. 681key.
682Flags may be specified by name or directly as a hexadecimal value. 682Flags may be specified by name or directly as a hexadecimal value.
683Only one named flag is supported at present: 683Only one named flag is supported at present:
@@ -1053,8 +1053,7 @@ user2@example.com namespaces="file" ssh-ed25519 AAA41...
1053.Sh ENVIRONMENT 1053.Sh ENVIRONMENT
1054.Bl -tag -width Ds 1054.Bl -tag -width Ds
1055.It Ev SSH_SK_PROVIDER 1055.It Ev SSH_SK_PROVIDER
1056Specifies the path to a security key provider library used to interact with 1056Specifies the path to a library used to interact with FIDO authenticators.
1057hardware security keys.
1058.El 1057.El
1059.Sh FILES 1058.Sh FILES
1060.Bl -tag -width Ds -compact 1059.Bl -tag -width Ds -compact
@@ -1064,8 +1063,8 @@ hardware security keys.
1064.It Pa ~/.ssh/id_ed25519 1063.It Pa ~/.ssh/id_ed25519
1065.It Pa ~/.ssh/id_ed25519_sk 1064.It Pa ~/.ssh/id_ed25519_sk
1066.It Pa ~/.ssh/id_rsa 1065.It Pa ~/.ssh/id_rsa
1067Contains the DSA, ECDSA, security key-hosted ECDSA, Ed25519, 1066Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519,
1068security key-hosted Ed25519 or RSA authentication identity of the user. 1067authenticator-hosted Ed25519 or RSA authentication identity of the user.
1069This file should not be readable by anyone but the user. 1068This file should not be readable by anyone but the user.
1070It is possible to 1069It is possible to
1071specify a passphrase when generating the key; that passphrase will be 1070specify a passphrase when generating the key; that passphrase will be
@@ -1082,8 +1081,8 @@ will read this file when a login attempt is made.
1082.It Pa ~/.ssh/id_ed25519.pub 1081.It Pa ~/.ssh/id_ed25519.pub
1083.It Pa ~/.ssh/id_ed25519_sk.pub 1082.It Pa ~/.ssh/id_ed25519_sk.pub
1084.It Pa ~/.ssh/id_rsa.pub 1083.It Pa ~/.ssh/id_rsa.pub
1085Contains the DSA, ECDSA, security key-hosted ECDSA, Ed25519, 1084Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519,
1086security key-hosted Ed25519 or RSA public key for authentication. 1085authenticator-hosted Ed25519 or RSA public key for authentication.
1087The contents of this file should be added to 1086The contents of this file should be added to
1088.Pa ~/.ssh/authorized_keys 1087.Pa ~/.ssh/authorized_keys
1089on all machines 1088on all machines