diff options
author | djm@openbsd.org <djm@openbsd.org> | 2019-11-25 00:54:23 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-11-25 12:23:40 +1100 |
commit | 2e71263b80fec7ad977e098004fef7d122169d40 (patch) | |
tree | b4eef0768ef7fb69c0acdfad6a9d63762791d6f6 /ssh-keygen.1 | |
parent | 0fddf2967ac51d518e300408a0d7e6adf4cd2634 (diff) |
upstream: add a "no-touch-required" option for authorized_keys and
a similar extension for certificates. This option disables the default
requirement that security key signatures attest that the user touched their
key to authorize them.
feedback deraadt, ok markus
OpenBSD-Commit-ID: f1fb56151ba68d55d554d0f6d3d4dba0cf1a452e
Diffstat (limited to 'ssh-keygen.1')
-rw-r--r-- | ssh-keygen.1 | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/ssh-keygen.1 b/ssh-keygen.1 index feaa69efe..06aead348 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: ssh-keygen.1,v 1.176 2019/11/18 23:16:49 naddy Exp $ | 1 | .\" $OpenBSD: ssh-keygen.1,v 1.177 2019/11/25 00:54:23 djm Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -35,7 +35,7 @@ | |||
35 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 35 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
36 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 36 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
37 | .\" | 37 | .\" |
38 | .Dd $Mdocdate: November 18 2019 $ | 38 | .Dd $Mdocdate: November 25 2019 $ |
39 | .Dt SSH-KEYGEN 1 | 39 | .Dt SSH-KEYGEN 1 |
40 | .Os | 40 | .Os |
41 | .Sh NAME | 41 | .Sh NAME |
@@ -534,6 +534,14 @@ by | |||
534 | .It Ic permit-X11-forwarding | 534 | .It Ic permit-X11-forwarding |
535 | Allows X11 forwarding. | 535 | Allows X11 forwarding. |
536 | .Pp | 536 | .Pp |
537 | .It Ic no-touch-required | ||
538 | Do not require signatures made using this key require demonstration | ||
539 | of user presence (e.g. by having the user touch the key). | ||
540 | This option only makes sense for the Security Key algorithms | ||
541 | .Cm ecdsa-sk | ||
542 | and | ||
543 | .Cm ed25519-sk . | ||
544 | .Pp | ||
537 | .It Ic source-address Ns = Ns Ar address_list | 545 | .It Ic source-address Ns = Ns Ar address_list |
538 | Restrict the source addresses from which the certificate is considered valid. | 546 | Restrict the source addresses from which the certificate is considered valid. |
539 | The | 547 | The |