diff options
| author | jmc@openbsd.org <jmc@openbsd.org> | 2020-02-02 07:36:50 +0000 |
|---|---|---|
| committer | Darren Tucker <dtucker@dtucker.net> | 2020-02-02 20:25:09 +1100 |
| commit | 0facae7bc8d3f8f9d02d0f6bed3d163ff7f39806 (patch) | |
| tree | 6b061dee153550993d63d88ac44ed1819a39098e /ssh-keygen.1 | |
| parent | 6fb3dd0ccda1c26b06223b87bcd1cab9ec8ec3cc (diff) | |
upstream: shuffle the challenge keyword to keep the -O list sorted;
OpenBSD-Commit-ID: 08efad608b790949a9a048d65578fae9ed5845fe
Diffstat (limited to 'ssh-keygen.1')
| -rw-r--r-- | ssh-keygen.1 | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/ssh-keygen.1 b/ssh-keygen.1 index c6a976183..3494fbceb 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | .\" $OpenBSD: ssh-keygen.1,v 1.197 2020/01/28 08:01:34 djm Exp $ | 1 | .\" $OpenBSD: ssh-keygen.1,v 1.198 2020/02/02 07:36:50 jmc Exp $ |
| 2 | .\" | 2 | .\" |
| 3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -35,7 +35,7 @@ | |||
| 35 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 35 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 36 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 36 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 37 | .\" | 37 | .\" |
| 38 | .Dd $Mdocdate: January 28 2020 $ | 38 | .Dd $Mdocdate: February 2 2020 $ |
| 39 | .Dt SSH-KEYGEN 1 | 39 | .Dt SSH-KEYGEN 1 |
| 40 | .Os | 40 | .Os |
| 41 | .Sh NAME | 41 | .Sh NAME |
| @@ -472,6 +472,14 @@ Those supported at present are: | |||
| 472 | Override the default FIDO application/origin string of | 472 | Override the default FIDO application/origin string of |
| 473 | .Dq ssh: . | 473 | .Dq ssh: . |
| 474 | This may be useful when generating host or domain-specific resident keys. | 474 | This may be useful when generating host or domain-specific resident keys. |
| 475 | .It Cm challenge=path | ||
| 476 | Specifies a path to a challenge string that will be passed to the | ||
| 477 | FIDO token during key generation. | ||
| 478 | The challenge string is optional, but may be used as part of an out-of-band | ||
| 479 | protocol for key enrollment. | ||
| 480 | If no | ||
| 481 | .Cm challenge | ||
| 482 | is specified, a random challenge is used. | ||
| 475 | .It Cm device | 483 | .It Cm device |
| 476 | Explicitly specify a | 484 | Explicitly specify a |
| 477 | .Xr fido 4 | 485 | .Xr fido 4 |
| @@ -483,14 +491,6 @@ Note that | |||
| 483 | .Xr sshd 8 | 491 | .Xr sshd 8 |
| 484 | will refuse such signatures by default, unless overridden via | 492 | will refuse such signatures by default, unless overridden via |
| 485 | an authorized_keys option. | 493 | an authorized_keys option. |
| 486 | .It Cm challenge=path | ||
| 487 | Specifies a path to a challenge string that will be passed to the | ||
| 488 | FIDO token during key generation. | ||
| 489 | The challenge string is optional, but may be used as part of an out-of-band | ||
| 490 | protocol for key enrollment. | ||
| 491 | If no | ||
| 492 | .Cm challenge | ||
| 493 | is specified, a random challenge is used. | ||
| 494 | .It Cm resident | 494 | .It Cm resident |
| 495 | Indicate that the key should be stored on the FIDO authenticator itself. | 495 | Indicate that the key should be stored on the FIDO authenticator itself. |
| 496 | Resident keys may be supported on FIDO2 tokens and typically require that | 496 | Resident keys may be supported on FIDO2 tokens and typically require that |