diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2018-09-12 01:21:34 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2018-09-12 16:49:21 +1000 |
| commit | 9405c6214f667be604a820c6823b27d0ea77937d (patch) | |
| tree | 02a875b21e6a6f0d1432cc90ae515383b267b688 /ssh-keygen.1 | |
| parent | 50e2687ee0941c0ea216d6ffea370ffd2c1f14b9 (diff) | |
upstream: allow key revocation by SHA256 hash and allow ssh-keygen
to create KRLs using SHA256/base64 key fingerprints; ok markus@
OpenBSD-Commit-ID: a0590fd34e7f1141f2873ab3acc57442560e6a94
Diffstat (limited to 'ssh-keygen.1')
| -rw-r--r-- | ssh-keygen.1 | 19 |
1 files changed, 16 insertions, 3 deletions
diff --git a/ssh-keygen.1 b/ssh-keygen.1 index dd6e7e5a8..d1aad6f20 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | .\" $OpenBSD: ssh-keygen.1,v 1.148 2018/08/08 01:16:01 djm Exp $ | 1 | .\" $OpenBSD: ssh-keygen.1,v 1.149 2018/09/12 01:21:34 djm Exp $ |
| 2 | .\" | 2 | .\" |
| 3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -35,7 +35,7 @@ | |||
| 35 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 35 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 36 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 36 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 37 | .\" | 37 | .\" |
| 38 | .Dd $Mdocdate: August 8 2018 $ | 38 | .Dd $Mdocdate: September 12 2018 $ |
| 39 | .Dt SSH-KEYGEN 1 | 39 | .Dt SSH-KEYGEN 1 |
| 40 | .Os | 40 | .Os |
| 41 | .Sh NAME | 41 | .Sh NAME |
| @@ -814,7 +814,20 @@ option. | |||
| 814 | Revokes the specified key. | 814 | Revokes the specified key. |
| 815 | If a certificate is listed, then it is revoked as a plain public key. | 815 | If a certificate is listed, then it is revoked as a plain public key. |
| 816 | .It Cm sha1 : Ar public_key | 816 | .It Cm sha1 : Ar public_key |
| 817 | Revokes the specified key by its SHA1 hash. | 817 | Revokes the specified key by including its SHA1 hash in the KRL. |
| 818 | .It Cm sha256 : Ar public_key | ||
| 819 | Revokes the specified key by including its SHA256 hash in the KRL. | ||
| 820 | KRLs that revoke keys by SHA256 hash are not supported by OpenSSH versions | ||
| 821 | prior to 7.9. | ||
| 822 | .It Cm hash : Ar fingerprint | ||
| 823 | Revokes a key using by fingerprint hash, as obtained from a | ||
| 824 | .Xr sshd 8 | ||
| 825 | authentication log message or the | ||
| 826 | .Nm | ||
| 827 | .Fl l | ||
| 828 | flag. | ||
| 829 | Only SHA256 fingerprints are supported here and resultant KRLs are | ||
| 830 | not supported by OpenSSH versions prior to 7.9. | ||
| 818 | .El | 831 | .El |
| 819 | .Pp | 832 | .Pp |
| 820 | KRLs may be updated using the | 833 | KRLs may be updated using the |