summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ssh-add.121
-rw-r--r--ssh-agent.18
-rw-r--r--ssh-keygen.125
-rw-r--r--ssh-sk-helper.88
-rw-r--r--ssh.112
-rw-r--r--ssh_config.512
-rw-r--r--sshd.86
-rw-r--r--sshd_config.518
8 files changed, 52 insertions, 58 deletions
diff --git a/ssh-add.1 b/ssh-add.1
index 1832ae66d..45af7357a 100644
--- a/ssh-add.1
+++ b/ssh-add.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: ssh-add.1,v 1.76 2019/11/30 07:07:59 jmc Exp $ 1.\" $OpenBSD: ssh-add.1,v 1.77 2019/12/21 20:22:34 naddy Exp $
2.\" 2.\"
3.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 3.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
35.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 35.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
36.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 36.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
37.\" 37.\"
38.Dd $Mdocdate: November 30 2019 $ 38.Dd $Mdocdate: December 21 2019 $
39.Dt SSH-ADD 1 39.Dt SSH-ADD 1
40.Os 40.Os
41.Sh NAME 41.Sh NAME
@@ -135,8 +135,8 @@ Lists fingerprints of all identities currently represented by the agent.
135.It Fl q 135.It Fl q
136Be quiet after a successful operation. 136Be quiet after a successful operation.
137.It Fl S Ar provider 137.It Fl S Ar provider
138Specifies a path to a security key provider library that will be used when 138Specifies a path to a library that will be used when adding
139adding any security key-hosted keys, overriding the default of using the 139FIDO authenticator-hosted keys, overriding the default of using the
140internal USB HID support. 140internal USB HID support.
141.It Fl s Ar pkcs11 141.It Fl s Ar pkcs11
142Add keys provided by the PKCS#11 shared library 142Add keys provided by the PKCS#11 shared library
@@ -197,23 +197,18 @@ Identifies the path of a
197.Ux Ns -domain 197.Ux Ns -domain
198socket used to communicate with the agent. 198socket used to communicate with the agent.
199.It Ev SSH_SK_PROVIDER 199.It Ev SSH_SK_PROVIDER
200Specifies the path to a security key provider library used to interact with 200Specifies the path to a library used to interact with FIDO authenticators.
201hardware security keys.
202.El 201.El
203.Sh FILES 202.Sh FILES
204.Bl -tag -width Ds 203.Bl -tag -width Ds -compact
205.It Pa ~/.ssh/id_dsa 204.It Pa ~/.ssh/id_dsa
206Contains the DSA authentication identity of the user.
207.It Pa ~/.ssh/id_ecdsa 205.It Pa ~/.ssh/id_ecdsa
208Contains the ECDSA authentication identity of the user.
209.It Pa ~/.ssh/id_ecdsa_sk 206.It Pa ~/.ssh/id_ecdsa_sk
210Contains the security key-hosted ECDSA authentication identity of the user.
211.It Pa ~/.ssh/id_ed25519 207.It Pa ~/.ssh/id_ed25519
212Contains the Ed25519 authentication identity of the user.
213.It Pa ~/.ssh/id_ed25519_sk 208.It Pa ~/.ssh/id_ed25519_sk
214Contains the security key-hosted Ed25519 authentication identity of the user.
215.It Pa ~/.ssh/id_rsa 209.It Pa ~/.ssh/id_rsa
216Contains the RSA authentication identity of the user. 210Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519,
211authenticator-hosted Ed25519 or RSA authentication identity of the user.
217.El 212.El
218.Pp 213.Pp
219Identity files should not be readable by anyone but the user. 214Identity files should not be readable by anyone but the user.
diff --git a/ssh-agent.1 b/ssh-agent.1
index a3f63467c..fff0db6bc 100644
--- a/ssh-agent.1
+++ b/ssh-agent.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: ssh-agent.1,v 1.69 2019/11/30 07:07:59 jmc Exp $ 1.\" $OpenBSD: ssh-agent.1,v 1.70 2019/12/21 20:22:34 naddy Exp $
2.\" 2.\"
3.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 3.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -34,7 +34,7 @@
34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 34.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 35.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36.\" 36.\"
37.Dd $Mdocdate: November 30 2019 $ 37.Dd $Mdocdate: December 21 2019 $
38.Dt SSH-AGENT 1 38.Dt SSH-AGENT 1
39.Os 39.Os
40.Sh NAME 40.Sh NAME
@@ -98,8 +98,8 @@ Kill the current agent (given by the
98.Ev SSH_AGENT_PID 98.Ev SSH_AGENT_PID
99environment variable). 99environment variable).
100.It Fl P Ar provider_whitelist 100.It Fl P Ar provider_whitelist
101Specify a pattern-list of acceptable paths for PKCS#11 and security key shared 101Specify a pattern-list of acceptable paths for PKCS#11 and FIDO authenticator
102libraries that may be used with the 102shared libraries that may be used with the
103.Fl S 103.Fl S
104or 104or
105.Fl s 105.Fl s
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 1b77bdf6d..e48597388 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: ssh-keygen.1,v 1.179 2019/11/30 07:07:59 jmc Exp $ 1.\" $OpenBSD: ssh-keygen.1,v 1.180 2019/12/21 20:22:34 naddy Exp $
2.\" 2.\"
3.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 3.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
35.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 35.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
36.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 36.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
37.\" 37.\"
38.Dd $Mdocdate: November 30 2019 $ 38.Dd $Mdocdate: December 21 2019 $
39.Dt SSH-KEYGEN 1 39.Dt SSH-KEYGEN 1
40.Os 40.Os
41.Sh NAME 41.Sh NAME
@@ -537,7 +537,7 @@ Allows X11 forwarding.
537.It Ic no-touch-required 537.It Ic no-touch-required
538Do not require signatures made using this key require demonstration 538Do not require signatures made using this key require demonstration
539of user presence (e.g. by having the user touch the key). 539of user presence (e.g. by having the user touch the key).
540This option only makes sense for the Security Key algorithms 540This option only makes sense for the FIDO authenticator algorithms
541.Cm ecdsa-sk 541.Cm ecdsa-sk
542and 542and
543.Cm ed25519-sk . 543.Cm ed25519-sk .
@@ -673,11 +673,11 @@ The maximum is 3.
673.It Fl W Ar generator 673.It Fl W Ar generator
674Specify desired generator when testing candidate moduli for DH-GEX. 674Specify desired generator when testing candidate moduli for DH-GEX.
675.It Fl w Ar provider 675.It Fl w Ar provider
676Specifies a path to a security key provider library that will be used when 676Specifies a path to a library that will be used when creating
677creating any security key-hosted keys, overriding the default of the 677FIDO authenticator-hosted keys, overriding the default of using
678internal support for USB HID keys. 678the internal USB HID support.
679.It Fl x Ar flags 679.It Fl x Ar flags
680Specifies the security key flags to use when enrolling a security key-hosted 680Specifies the authenticator flags to use when enrolling an authenticator-hosted
681key. 681key.
682Flags may be specified by name or directly as a hexadecimal value. 682Flags may be specified by name or directly as a hexadecimal value.
683Only one named flag is supported at present: 683Only one named flag is supported at present:
@@ -1053,8 +1053,7 @@ user2@example.com namespaces="file" ssh-ed25519 AAA41...
1053.Sh ENVIRONMENT 1053.Sh ENVIRONMENT
1054.Bl -tag -width Ds 1054.Bl -tag -width Ds
1055.It Ev SSH_SK_PROVIDER 1055.It Ev SSH_SK_PROVIDER
1056Specifies the path to a security key provider library used to interact with 1056Specifies the path to a library used to interact with FIDO authenticators.
1057hardware security keys.
1058.El 1057.El
1059.Sh FILES 1058.Sh FILES
1060.Bl -tag -width Ds -compact 1059.Bl -tag -width Ds -compact
@@ -1064,8 +1063,8 @@ hardware security keys.
1064.It Pa ~/.ssh/id_ed25519 1063.It Pa ~/.ssh/id_ed25519
1065.It Pa ~/.ssh/id_ed25519_sk 1064.It Pa ~/.ssh/id_ed25519_sk
1066.It Pa ~/.ssh/id_rsa 1065.It Pa ~/.ssh/id_rsa
1067Contains the DSA, ECDSA, security key-hosted ECDSA, Ed25519, 1066Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519,
1068security key-hosted Ed25519 or RSA authentication identity of the user. 1067authenticator-hosted Ed25519 or RSA authentication identity of the user.
1069This file should not be readable by anyone but the user. 1068This file should not be readable by anyone but the user.
1070It is possible to 1069It is possible to
1071specify a passphrase when generating the key; that passphrase will be 1070specify a passphrase when generating the key; that passphrase will be
@@ -1082,8 +1081,8 @@ will read this file when a login attempt is made.
1082.It Pa ~/.ssh/id_ed25519.pub 1081.It Pa ~/.ssh/id_ed25519.pub
1083.It Pa ~/.ssh/id_ed25519_sk.pub 1082.It Pa ~/.ssh/id_ed25519_sk.pub
1084.It Pa ~/.ssh/id_rsa.pub 1083.It Pa ~/.ssh/id_rsa.pub
1085Contains the DSA, ECDSA, security key-hosted ECDSA, Ed25519, 1084Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519,
1086security key-hosted Ed25519 or RSA public key for authentication. 1085authenticator-hosted Ed25519 or RSA public key for authentication.
1087The contents of this file should be added to 1086The contents of this file should be added to
1088.Pa ~/.ssh/authorized_keys 1087.Pa ~/.ssh/authorized_keys
1089on all machines 1088on all machines
diff --git a/ssh-sk-helper.8 b/ssh-sk-helper.8
index 9a518fba9..3c53da1ec 100644
--- a/ssh-sk-helper.8
+++ b/ssh-sk-helper.8
@@ -1,4 +1,4 @@
1.\" $OpenBSD: ssh-sk-helper.8,v 1.2 2019/11/30 07:07:59 jmc Exp $ 1.\" $OpenBSD: ssh-sk-helper.8,v 1.3 2019/12/21 20:22:34 naddy Exp $
2.\" 2.\"
3.\" Copyright (c) 2010 Markus Friedl. All rights reserved. 3.\" Copyright (c) 2010 Markus Friedl. All rights reserved.
4.\" 4.\"
@@ -14,12 +14,12 @@
14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16.\" 16.\"
17.Dd $Mdocdate: November 30 2019 $ 17.Dd $Mdocdate: December 21 2019 $
18.Dt SSH-SK-HELPER 8 18.Dt SSH-SK-HELPER 8
19.Os 19.Os
20.Sh NAME 20.Sh NAME
21.Nm ssh-sk-helper 21.Nm ssh-sk-helper
22.Nd OpenSSH helper for security key support 22.Nd OpenSSH helper for FIDO authenticator support
23.Sh SYNOPSIS 23.Sh SYNOPSIS
24.Nm 24.Nm
25.Op Fl v 25.Op Fl v
@@ -27,7 +27,7 @@
27.Nm 27.Nm
28is used by 28is used by
29.Xr ssh-agent 1 29.Xr ssh-agent 1
30to access keys provided by a security key. 30to access keys provided by a FIDO authenticator.
31.Pp 31.Pp
32.Nm 32.Nm
33is not intended to be invoked by the user, but from 33is not intended to be invoked by the user, but from
diff --git a/ssh.1 b/ssh.1
index 8b4b79e19..971337520 100644
--- a/ssh.1
+++ b/ssh.1
@@ -33,8 +33,8 @@
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\" 35.\"
36.\" $OpenBSD: ssh.1,v 1.408 2019/11/30 07:07:59 jmc Exp $ 36.\" $OpenBSD: ssh.1,v 1.409 2019/12/21 20:22:34 naddy Exp $
37.Dd $Mdocdate: November 30 2019 $ 37.Dd $Mdocdate: December 21 2019 $
38.Dt SSH 1 38.Dt SSH 1
39.Os 39.Os
40.Sh NAME 40.Sh NAME
@@ -903,11 +903,11 @@ This stores the private key in
903.Pa ~/.ssh/id_ecdsa 903.Pa ~/.ssh/id_ecdsa
904(ECDSA), 904(ECDSA),
905.Pa ~/.ssh/id_ecdsa_sk 905.Pa ~/.ssh/id_ecdsa_sk
906(security key-hosted ECDSA), 906(authenticator-hosted ECDSA),
907.Pa ~/.ssh/id_ed25519 907.Pa ~/.ssh/id_ed25519
908(Ed25519), 908(Ed25519),
909.Pa ~/.ssh/id_ed25519_sk 909.Pa ~/.ssh/id_ed25519_sk
910(security key-hosted Ed25519), 910(authenticator-hosted Ed25519),
911or 911or
912.Pa ~/.ssh/id_rsa 912.Pa ~/.ssh/id_rsa
913(RSA) 913(RSA)
@@ -917,11 +917,11 @@ and stores the public key in
917.Pa ~/.ssh/id_ecdsa.pub 917.Pa ~/.ssh/id_ecdsa.pub
918(ECDSA), 918(ECDSA),
919.Pa ~/.ssh/id_ecdsa_sk.pub 919.Pa ~/.ssh/id_ecdsa_sk.pub
920(security key-hosted ECDSA), 920(authenticator-hosted ECDSA),
921.Pa ~/.ssh/id_ed25519.pub 921.Pa ~/.ssh/id_ed25519.pub
922(Ed25519), 922(Ed25519),
923.Pa ~/.ssh/id_ed25519_sk.pub 923.Pa ~/.ssh/id_ed25519_sk.pub
924(security key-hosted Ed25519), 924(authenticator-hosted Ed25519),
925or 925or
926.Pa ~/.ssh/id_rsa.pub 926.Pa ~/.ssh/id_rsa.pub
927(RSA) 927(RSA)
diff --git a/ssh_config.5 b/ssh_config.5
index 186e07617..d3d45b53a 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,7 +33,7 @@
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\" 35.\"
36.\" $OpenBSD: ssh_config.5,v 1.312 2019/12/21 02:19:13 djm Exp $ 36.\" $OpenBSD: ssh_config.5,v 1.313 2019/12/21 20:22:34 naddy Exp $
37.Dd $Mdocdate: December 21 2019 $ 37.Dd $Mdocdate: December 21 2019 $
38.Dt SSH_CONFIG 5 38.Dt SSH_CONFIG 5
39.Os 39.Os
@@ -936,8 +936,8 @@ or the tokens described in the
936.Sx TOKENS 936.Sx TOKENS
937section. 937section.
938.It Cm IdentityFile 938.It Cm IdentityFile
939Specifies a file from which the user's DSA, ECDSA, security key-hosted ECDSA, 939Specifies a file from which the user's DSA, ECDSA, authenticator-hosted ECDSA,
940Ed25519 or RSA authentication identity is read. 940Ed25519, authenticator-hosted Ed25519 or RSA authentication identity is read.
941The default is 941The default is
942.Pa ~/.ssh/id_dsa , 942.Pa ~/.ssh/id_dsa ,
943.Pa ~/.ssh/id_ecdsa , 943.Pa ~/.ssh/id_ecdsa ,
@@ -1462,9 +1462,9 @@ an OpenSSH Key Revocation List (KRL) as generated by
1462For more information on KRLs, see the KEY REVOCATION LISTS section in 1462For more information on KRLs, see the KEY REVOCATION LISTS section in
1463.Xr ssh-keygen 1 . 1463.Xr ssh-keygen 1 .
1464.It Cm SecurityKeyProvider 1464.It Cm SecurityKeyProvider
1465Specifies a path to a security key provider library that will be used when 1465Specifies a path to a library that will be used when loading any
1466loading any security key-hosted keys, overriding the default of using 1466FIDO authenticator-hosted keys, overriding the default of using
1467the built-in support for USB HID keys. 1467the built-in USB HID support.
1468.Pp 1468.Pp
1469If the specified value begins with a 1469If the specified value begins with a
1470.Sq $ 1470.Sq $
diff --git a/sshd.8 b/sshd.8
index dc11a0d00..b7042cb5e 100644
--- a/sshd.8
+++ b/sshd.8
@@ -33,8 +33,8 @@
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\" 35.\"
36.\" $OpenBSD: sshd.8,v 1.310 2019/12/19 03:50:01 dtucker Exp $ 36.\" $OpenBSD: sshd.8,v 1.311 2019/12/21 20:22:34 naddy Exp $
37.Dd $Mdocdate: December 19 2019 $ 37.Dd $Mdocdate: December 21 2019 $
38.Dt SSHD 8 38.Dt SSHD 8
39.Os 39.Os
40.Sh NAME 40.Sh NAME
@@ -627,7 +627,7 @@ option.
627.It Cm no-touch-required 627.It Cm no-touch-required
628Do not require demonstration of user presence 628Do not require demonstration of user presence
629for signatures made using this key. 629for signatures made using this key.
630This option only makes sense for the Security Key algorithms 630This option only makes sense for the FIDO authenticator algorithms
631.Cm ecdsa-sk 631.Cm ecdsa-sk
632and 632and
633.Cm ed25519-sk . 633.Cm ed25519-sk .
diff --git a/sshd_config.5 b/sshd_config.5
index 222193170..76ec69baf 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\" 35.\"
36.\" $OpenBSD: sshd_config.5,v 1.296 2019/12/19 15:09:30 naddy Exp $ 36.\" $OpenBSD: sshd_config.5,v 1.297 2019/12/21 20:22:34 naddy Exp $
37.Dd $Mdocdate: December 19 2019 $ 37.Dd $Mdocdate: December 21 2019 $
38.Dt SSHD_CONFIG 5 38.Dt SSHD_CONFIG 5
39.Os 39.Os
40.Sh NAME 40.Sh NAME
@@ -1462,20 +1462,20 @@ and
1462.Pp 1462.Pp
1463The 1463The
1464.Cm touch-required 1464.Cm touch-required
1465option causes public key authentication using a security key algorithm 1465option causes public key authentication using a FIDO authenticator algorithm
1466(i.e.\& 1466(i.e.\&
1467.Cm ecdsa-sk 1467.Cm ecdsa-sk
1468or 1468or
1469.Cm ed25519-sk ) 1469.Cm ed25519-sk )
1470to always require the signature to attest that a physically present user 1470to always require the signature to attest that a physically present user
1471explicitly confirmed the authentication (usually by touching the security key). 1471explicitly confirmed the authentication (usually by touching the authenticator).
1472By default, 1472By default,
1473.Xr sshd 8 1473.Xr sshd 8
1474requires key touch unless overridden with an authorized_keys option. 1474requires user presence unless overridden with an authorized_keys option.
1475The 1475The
1476.Cm touch-required 1476.Cm touch-required
1477flag disables this override. 1477flag disables this override.
1478This option has no effect for other, non-security key, public key types. 1478This option has no effect for other, non-authenticator public key types.
1479.It Cm PubkeyAuthentication 1479.It Cm PubkeyAuthentication
1480Specifies whether public key authentication is allowed. 1480Specifies whether public key authentication is allowed.
1481The default is 1481The default is
@@ -1527,9 +1527,9 @@ If the routing domain is set to
1527.Cm \&%D , 1527.Cm \&%D ,
1528then the domain in which the incoming connection was received will be applied. 1528then the domain in which the incoming connection was received will be applied.
1529.It Cm SecurityKeyProvider 1529.It Cm SecurityKeyProvider
1530Specifies a path to a security key provider library that will be used when 1530Specifies a path to a library that will be used when loading
1531loading any security key-hosted keys, overriding the default of using 1531FIDO authenticator-hosted keys, overriding the default of using
1532the built-in support for USB HID keys. 1532the built-in USB HID support.
1533.It Cm SetEnv 1533.It Cm SetEnv
1534Specifies one or more environment variables to set in child sessions started 1534Specifies one or more environment variables to set in child sessions started
1535by 1535by