summaryrefslogtreecommitdiff
path: root/ssh-keygen.1
diff options
context:
space:
mode:
authordjm@openbsd.org@openbsd.org <djm@openbsd.org@openbsd.org>2017-11-03 05:14:04 +0000
committerDamien Miller <djm@mindrot.org>2017-11-03 16:20:41 +1100
commitd52131a98316e76c0caa348f09bf6f7b9b01a1b9 (patch)
tree3328babb2dfeafda48da072003b5bff9e069c9c7 /ssh-keygen.1
parentfbe8e7ac94c2fa380421a9205a8bc966549c2f91 (diff)
upstream commit
allow certificate validity intervals that specify only a start or stop time (we already support specifying both or neither) OpenBSD-Commit-ID: 9be486545603c003030bdb5c467d1318b46b4e42
Diffstat (limited to 'ssh-keygen.1')
-rw-r--r--ssh-keygen.123
1 files changed, 16 insertions, 7 deletions
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 5f1ec09b0..0ade33de9 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: ssh-keygen.1,v 1.144 2017/07/08 18:32:54 jmc Exp $ 1.\" $OpenBSD: ssh-keygen.1,v 1.145 2017/11/03 05:14:04 djm Exp $
2.\" 2.\"
3.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 3.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
35.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 35.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
36.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 36.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
37.\" 37.\"
38.Dd $Mdocdate: July 8 2017 $ 38.Dd $Mdocdate: November 3 2017 $
39.Dt SSH-KEYGEN 1 39.Dt SSH-KEYGEN 1
40.Os 40.Os
41.Sh NAME 41.Sh NAME
@@ -584,13 +584,20 @@ Specify a validity interval when signing a certificate.
584A validity interval may consist of a single time, indicating that the 584A validity interval may consist of a single time, indicating that the
585certificate is valid beginning now and expiring at that time, or may consist 585certificate is valid beginning now and expiring at that time, or may consist
586of two times separated by a colon to indicate an explicit time interval. 586of two times separated by a colon to indicate an explicit time interval.
587The start time may be specified as a date in YYYYMMDD format, a time 587.Pp
588in YYYYMMDDHHMMSS format or a relative time (to the current time) consisting 588The start time may be specified as the string
589of a minus sign followed by a relative time in the format described in the 589.Dq always
590to indicate the certificate has no specified start time,
591a date in YYYYMMDD format, a time in YYYYMMDDHHMMSS format,
592a relative time (to the current time) consisting of a minus sign followed by
593an interval in the format described in the
590TIME FORMATS section of 594TIME FORMATS section of
591.Xr sshd_config 5 . 595.Xr sshd_config 5 .
592The end time may be specified as a YYYYMMDD date, a YYYYMMDDHHMMSS time or 596.Pp
593a relative time starting with a plus character. 597The end time may be specified as a YYYYMMDD date, a YYYYMMDDHHMMSS time,
598a relative time starting with a plus character or the string
599.Dq forever
600to indicate that the certificate has no expirty date.
594.Pp 601.Pp
595For example: 602For example:
596.Dq +52w1d 603.Dq +52w1d
@@ -601,6 +608,8 @@ For example:
601(valid from 12:30 PM, January 1st, 2010 to 12:30 PM, January 1st, 2011), 608(valid from 12:30 PM, January 1st, 2010 to 12:30 PM, January 1st, 2011),
602.Dq -1d:20110101 609.Dq -1d:20110101
603(valid from yesterday to midnight, January 1st, 2011). 610(valid from yesterday to midnight, January 1st, 2011).
611.Dq -1m:forever
612(valid from one minute ago and never expiring).
604.It Fl v 613.It Fl v
605Verbose mode. 614Verbose mode.
606Causes 615Causes