diff options
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | ssh-agent.c | 15 | ||||
-rw-r--r-- | ssh-keygen.1 | 8 | ||||
-rw-r--r-- | ssh-keygen.c | 77 |
4 files changed, 44 insertions, 63 deletions
@@ -18,6 +18,13 @@ | |||
18 | - naddy@cvs.openbsd.org 2014/03/12 13:06:59 | 18 | - naddy@cvs.openbsd.org 2014/03/12 13:06:59 |
19 | [ssh-keyscan.1] | 19 | [ssh-keyscan.1] |
20 | scan for Ed25519 keys by default too | 20 | scan for Ed25519 keys by default too |
21 | - deraadt@cvs.openbsd.org 2014/03/15 17:28:26 | ||
22 | [ssh-agent.c ssh-keygen.1 ssh-keygen.c] | ||
23 | Improve usage() and documentation towards the standard form. | ||
24 | In particular, this line saves a lot of man page reading time. | ||
25 | usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1] | ||
26 | [-N new_passphrase] [-C comment] [-f output_keyfile] | ||
27 | ok schwarze jmc | ||
21 | 28 | ||
22 | 20140401 | 29 | 20140401 |
23 | - (djm) On platforms that support it, use prctl() to prevent sftp-server | 30 | - (djm) On platforms that support it, use prctl() to prevent sftp-server |
diff --git a/ssh-agent.c b/ssh-agent.c index ba2461211..f4c0524cc 100644 --- a/ssh-agent.c +++ b/ssh-agent.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-agent.c,v 1.183 2014/02/02 03:44:31 djm Exp $ */ | 1 | /* $OpenBSD: ssh-agent.c,v 1.184 2014/03/15 17:28:26 deraadt Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -1001,15 +1001,10 @@ check_parent_exists(void) | |||
1001 | static void | 1001 | static void |
1002 | usage(void) | 1002 | usage(void) |
1003 | { | 1003 | { |
1004 | fprintf(stderr, "usage: %s [options] [command [arg ...]]\n", | 1004 | fprintf(stderr, |
1005 | __progname); | 1005 | "usage: ssh-agent [-c | -s] [-d] [-a bind_address] [-t life]\n" |
1006 | fprintf(stderr, "Options:\n"); | 1006 | " [command [arg ...]]\n" |
1007 | fprintf(stderr, " -c Generate C-shell commands on stdout.\n"); | 1007 | " ssh-agent [-c | -s] -k\n"); |
1008 | fprintf(stderr, " -s Generate Bourne shell commands on stdout.\n"); | ||
1009 | fprintf(stderr, " -k Kill the current agent.\n"); | ||
1010 | fprintf(stderr, " -d Debug mode.\n"); | ||
1011 | fprintf(stderr, " -a socket Bind agent socket to given name.\n"); | ||
1012 | fprintf(stderr, " -t life Default identity lifetime (seconds).\n"); | ||
1013 | exit(1); | 1008 | exit(1); |
1014 | } | 1009 | } |
1015 | 1010 | ||
diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 12e00d416..3f7341daa 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: ssh-keygen.1,v 1.120 2014/02/05 20:13:25 naddy Exp $ | 1 | .\" $OpenBSD: ssh-keygen.1,v 1.121 2014/03/15 17:28:26 deraadt Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -35,7 +35,7 @@ | |||
35 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 35 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
36 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 36 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
37 | .\" | 37 | .\" |
38 | .Dd $Mdocdate: February 5 2014 $ | 38 | .Dd $Mdocdate: March 15 2014 $ |
39 | .Dt SSH-KEYGEN 1 | 39 | .Dt SSH-KEYGEN 1 |
40 | .Os | 40 | .Os |
41 | .Sh NAME | 41 | .Sh NAME |
@@ -46,7 +46,7 @@ | |||
46 | .Nm ssh-keygen | 46 | .Nm ssh-keygen |
47 | .Op Fl q | 47 | .Op Fl q |
48 | .Op Fl b Ar bits | 48 | .Op Fl b Ar bits |
49 | .Op Fl t Ar type | 49 | .Op Fl t Cm dsa | ecdsa | ed25519 | rsa | rsa1 |
50 | .Op Fl N Ar new_passphrase | 50 | .Op Fl N Ar new_passphrase |
51 | .Op Fl C Ar comment | 51 | .Op Fl C Ar comment |
52 | .Op Fl f Ar output_keyfile | 52 | .Op Fl f Ar output_keyfile |
@@ -514,7 +514,7 @@ section for details. | |||
514 | Test DH group exchange candidate primes (generated using the | 514 | Test DH group exchange candidate primes (generated using the |
515 | .Fl G | 515 | .Fl G |
516 | option) for safety. | 516 | option) for safety. |
517 | .It Fl t Ar type | 517 | .It Fl t Cm dsa | ecdsa | ed25519 | rsa | rsa1 |
518 | Specifies the type of key to create. | 518 | Specifies the type of key to create. |
519 | The possible values are | 519 | The possible values are |
520 | .Dq rsa1 | 520 | .Dq rsa1 |
diff --git a/ssh-keygen.c b/ssh-keygen.c index 64d1a5f3c..75dea318f 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keygen.c,v 1.242 2014/03/12 04:50:32 djm Exp $ */ | 1 | /* $OpenBSD: ssh-keygen.c,v 1.243 2014/03/15 17:28:26 deraadt Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -2149,56 +2149,35 @@ do_check_krl(struct passwd *pw, int argc, char **argv) | |||
2149 | static void | 2149 | static void |
2150 | usage(void) | 2150 | usage(void) |
2151 | { | 2151 | { |
2152 | fprintf(stderr, "usage: %s [options]\n", __progname); | 2152 | fprintf(stderr, |
2153 | fprintf(stderr, "Options:\n"); | 2153 | "usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1]\n" |
2154 | fprintf(stderr, " -A Generate non-existent host keys for all key types.\n"); | 2154 | " [-N new_passphrase] [-C comment] [-f output_keyfile]\n" |
2155 | fprintf(stderr, " -a number Number of KDF rounds for new key format or moduli primality tests.\n"); | 2155 | " ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]\n" |
2156 | fprintf(stderr, " -B Show bubblebabble digest of key file.\n"); | 2156 | " ssh-keygen -i [-m key_format] [-f input_keyfile]\n" |
2157 | fprintf(stderr, " -b bits Number of bits in the key to create.\n"); | 2157 | " ssh-keygen -e [-m key_format] [-f input_keyfile]\n" |
2158 | fprintf(stderr, " -C comment Provide new comment.\n"); | 2158 | " ssh-keygen -y [-f input_keyfile]\n" |
2159 | fprintf(stderr, " -c Change comment in private and public key files.\n"); | 2159 | " ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]\n" |
2160 | " ssh-keygen -l [-f input_keyfile]\n" | ||
2161 | " ssh-keygen -B [-f input_keyfile]\n"); | ||
2160 | #ifdef ENABLE_PKCS11 | 2162 | #ifdef ENABLE_PKCS11 |
2161 | fprintf(stderr, " -D pkcs11 Download public key from pkcs11 token.\n"); | 2163 | fprintf(stderr, |
2164 | " ssh-keygen -D pkcs11\n"); | ||
2162 | #endif | 2165 | #endif |
2163 | fprintf(stderr, " -e Export OpenSSH to foreign format key file.\n"); | 2166 | fprintf(stderr, |
2164 | fprintf(stderr, " -F hostname Find hostname in known hosts file.\n"); | 2167 | " ssh-keygen -F hostname [-f known_hosts_file] [-l]\n" |
2165 | fprintf(stderr, " -f filename Filename of the key file.\n"); | 2168 | " ssh-keygen -H [-f known_hosts_file]\n" |
2166 | fprintf(stderr, " -G file Generate candidates for DH-GEX moduli.\n"); | 2169 | " ssh-keygen -R hostname [-f known_hosts_file]\n" |
2167 | fprintf(stderr, " -g Use generic DNS resource record format.\n"); | 2170 | " ssh-keygen -r hostname [-f input_keyfile] [-g]\n" |
2168 | fprintf(stderr, " -H Hash names in known_hosts file.\n"); | 2171 | " ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point]\n" |
2169 | fprintf(stderr, " -h Generate host certificate instead of a user certificate.\n"); | 2172 | " ssh-keygen -T output_file -f input_file [-v] [-a rounds] [-J num_lines]\n" |
2170 | fprintf(stderr, " -I key_id Key identifier to include in certificate.\n"); | 2173 | " [-j start_line] [-K checkpt] [-W generator]\n" |
2171 | fprintf(stderr, " -i Import foreign format to OpenSSH key file.\n"); | 2174 | " ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals]\n" |
2172 | fprintf(stderr, " -J number Screen this number of moduli lines.\n"); | 2175 | " [-O option] [-V validity_interval] [-z serial_number] file ...\n" |
2173 | fprintf(stderr, " -j number Start screening moduli at specified line.\n"); | 2176 | " ssh-keygen -L [-f input_keyfile]\n" |
2174 | fprintf(stderr, " -K checkpt Write checkpoints to this file.\n"); | 2177 | " ssh-keygen -A\n" |
2175 | fprintf(stderr, " -k Generate a KRL file.\n"); | 2178 | " ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number]\n" |
2176 | fprintf(stderr, " -L Print the contents of a certificate.\n"); | 2179 | " file ...\n" |
2177 | fprintf(stderr, " -l Show fingerprint of key file.\n"); | 2180 | " ssh-keygen -Q -f krl_file file ...\n"); |
2178 | fprintf(stderr, " -M memory Amount of memory (MB) to use for generating DH-GEX moduli.\n"); | ||
2179 | fprintf(stderr, " -m key_fmt Conversion format for -e/-i (PEM|PKCS8|RFC4716).\n"); | ||
2180 | fprintf(stderr, " -N phrase Provide new passphrase.\n"); | ||
2181 | fprintf(stderr, " -n name,... User/host principal names to include in certificate\n"); | ||
2182 | fprintf(stderr, " -O option Specify a certificate option.\n"); | ||
2183 | fprintf(stderr, " -o Enforce new private key format.\n"); | ||
2184 | fprintf(stderr, " -P phrase Provide old passphrase.\n"); | ||
2185 | fprintf(stderr, " -p Change passphrase of private key file.\n"); | ||
2186 | fprintf(stderr, " -Q Test whether key(s) are revoked in KRL.\n"); | ||
2187 | fprintf(stderr, " -q Quiet.\n"); | ||
2188 | fprintf(stderr, " -R hostname Remove host from known_hosts file.\n"); | ||
2189 | fprintf(stderr, " -r hostname Print DNS resource record.\n"); | ||
2190 | fprintf(stderr, " -S start Start point (hex) for generating DH-GEX moduli.\n"); | ||
2191 | fprintf(stderr, " -s ca_key Certify keys with CA key.\n"); | ||
2192 | fprintf(stderr, " -T file Screen candidates for DH-GEX moduli.\n"); | ||
2193 | fprintf(stderr, " -t type Specify type of key to create.\n"); | ||
2194 | fprintf(stderr, " -u Update KRL rather than creating a new one.\n"); | ||
2195 | fprintf(stderr, " -V from:to Specify certificate validity interval.\n"); | ||
2196 | fprintf(stderr, " -v Verbose.\n"); | ||
2197 | fprintf(stderr, " -W gen Generator to use for generating DH-GEX moduli.\n"); | ||
2198 | fprintf(stderr, " -y Read private key file and print public key.\n"); | ||
2199 | fprintf(stderr, " -Z cipher Specify a cipher for new private key format.\n"); | ||
2200 | fprintf(stderr, " -z serial Specify a serial number.\n"); | ||
2201 | |||
2202 | exit(1); | 2181 | exit(1); |
2203 | } | 2182 | } |
2204 | 2183 | ||