diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2020-01-23 02:43:48 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2020-01-23 13:45:24 +1100 |
| commit | 56cffcc09f8a2e661d2ba02e61364ae6f998b2b1 (patch) | |
| tree | 7056f21f29a73cce790ed19c6118983f1ceb6c7d /ssh-keygen.1 | |
| parent | 65cf8730de6876a56595eef296e07a86c52534a6 (diff) | |
upstream: add a new signature operations "find-principal" to look
up the principal associated with a signature from an allowed-signers file.
Work by Sebastian Kinne; ok dtucker@
OpenBSD-Commit-ID: 6f782cc7e18e38fcfafa62af53246a1dcfe74e5d
Diffstat (limited to 'ssh-keygen.1')
| -rw-r--r-- | ssh-keygen.1 | 19 |
1 files changed, 17 insertions, 2 deletions
diff --git a/ssh-keygen.1 b/ssh-keygen.1 index c0a22606b..33e3f5375 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | .\" $OpenBSD: ssh-keygen.1,v 1.193 2020/01/18 21:16:43 naddy Exp $ | 1 | .\" $OpenBSD: ssh-keygen.1,v 1.194 2020/01/23 02:43:48 djm Exp $ |
| 2 | .\" | 2 | .\" |
| 3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -35,7 +35,7 @@ | |||
| 35 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 35 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 36 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 36 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 37 | .\" | 37 | .\" |
| 38 | .Dd $Mdocdate: January 18 2020 $ | 38 | .Dd $Mdocdate: January 23 2020 $ |
| 39 | .Dt SSH-KEYGEN 1 | 39 | .Dt SSH-KEYGEN 1 |
| 40 | .Os | 40 | .Os |
| 41 | .Sh NAME | 41 | .Sh NAME |
| @@ -138,6 +138,10 @@ | |||
| 138 | .Fl f Ar krl_file | 138 | .Fl f Ar krl_file |
| 139 | .Ar | 139 | .Ar |
| 140 | .Nm ssh-keygen | 140 | .Nm ssh-keygen |
| 141 | .Fl Y Cm find-principal | ||
| 142 | .Fl s Ar signature_file | ||
| 143 | .Fl f Ar allowed_signers_file | ||
| 144 | .Nm ssh-keygen | ||
| 141 | .Fl Y Cm check-novalidate | 145 | .Fl Y Cm check-novalidate |
| 142 | .Fl n Ar namespace | 146 | .Fl n Ar namespace |
| 143 | .Fl s Ar signature_file | 147 | .Fl s Ar signature_file |
| @@ -614,6 +618,17 @@ The maximum is 3. | |||
| 614 | Specifies a path to a library that will be used when creating | 618 | Specifies a path to a library that will be used when creating |
| 615 | FIDO authenticator-hosted keys, overriding the default of using | 619 | FIDO authenticator-hosted keys, overriding the default of using |
| 616 | the internal USB HID support. | 620 | the internal USB HID support. |
| 621 | .It Fl Y Cm find-principal | ||
| 622 | Find the principal associated with the public key of a signature, | ||
| 623 | provided using the | ||
| 624 | .Fl s | ||
| 625 | flag in an authorized signers file provided using the | ||
| 626 | .Fl f | ||
| 627 | flag. | ||
| 628 | The format of the allowed signers file is documented in the | ||
| 629 | .Sx ALLOWED SIGNERS | ||
| 630 | section below. If a matching principal is found, it is returned | ||
| 631 | on standard output. | ||
| 617 | .It Fl Y Cm check-novalidate | 632 | .It Fl Y Cm check-novalidate |
| 618 | Checks that a signature generated using | 633 | Checks that a signature generated using |
| 619 | .Nm | 634 | .Nm |