summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog7
-rw-r--r--ssh-agent.c15
-rw-r--r--ssh-keygen.18
-rw-r--r--ssh-keygen.c77
4 files changed, 44 insertions, 63 deletions
diff --git a/ChangeLog b/ChangeLog
index 87476f13e..c1f951021 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -18,6 +18,13 @@
18 - naddy@cvs.openbsd.org 2014/03/12 13:06:59 18 - naddy@cvs.openbsd.org 2014/03/12 13:06:59
19 [ssh-keyscan.1] 19 [ssh-keyscan.1]
20 scan for Ed25519 keys by default too 20 scan for Ed25519 keys by default too
21 - deraadt@cvs.openbsd.org 2014/03/15 17:28:26
22 [ssh-agent.c ssh-keygen.1 ssh-keygen.c]
23 Improve usage() and documentation towards the standard form.
24 In particular, this line saves a lot of man page reading time.
25 usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1]
26 [-N new_passphrase] [-C comment] [-f output_keyfile]
27 ok schwarze jmc
21 28
2220140401 2920140401
23 - (djm) On platforms that support it, use prctl() to prevent sftp-server 30 - (djm) On platforms that support it, use prctl() to prevent sftp-server
diff --git a/ssh-agent.c b/ssh-agent.c
index ba2461211..f4c0524cc 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-agent.c,v 1.183 2014/02/02 03:44:31 djm Exp $ */ 1/* $OpenBSD: ssh-agent.c,v 1.184 2014/03/15 17:28:26 deraadt Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1001,15 +1001,10 @@ check_parent_exists(void)
1001static void 1001static void
1002usage(void) 1002usage(void)
1003{ 1003{
1004 fprintf(stderr, "usage: %s [options] [command [arg ...]]\n", 1004 fprintf(stderr,
1005 __progname); 1005 "usage: ssh-agent [-c | -s] [-d] [-a bind_address] [-t life]\n"
1006 fprintf(stderr, "Options:\n"); 1006 " [command [arg ...]]\n"
1007 fprintf(stderr, " -c Generate C-shell commands on stdout.\n"); 1007 " ssh-agent [-c | -s] -k\n");
1008 fprintf(stderr, " -s Generate Bourne shell commands on stdout.\n");
1009 fprintf(stderr, " -k Kill the current agent.\n");
1010 fprintf(stderr, " -d Debug mode.\n");
1011 fprintf(stderr, " -a socket Bind agent socket to given name.\n");
1012 fprintf(stderr, " -t life Default identity lifetime (seconds).\n");
1013 exit(1); 1008 exit(1);
1014} 1009}
1015 1010
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 12e00d416..3f7341daa 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: ssh-keygen.1,v 1.120 2014/02/05 20:13:25 naddy Exp $ 1.\" $OpenBSD: ssh-keygen.1,v 1.121 2014/03/15 17:28:26 deraadt Exp $
2.\" 2.\"
3.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 3.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
35.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 35.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
36.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 36.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
37.\" 37.\"
38.Dd $Mdocdate: February 5 2014 $ 38.Dd $Mdocdate: March 15 2014 $
39.Dt SSH-KEYGEN 1 39.Dt SSH-KEYGEN 1
40.Os 40.Os
41.Sh NAME 41.Sh NAME
@@ -46,7 +46,7 @@
46.Nm ssh-keygen 46.Nm ssh-keygen
47.Op Fl q 47.Op Fl q
48.Op Fl b Ar bits 48.Op Fl b Ar bits
49.Op Fl t Ar type 49.Op Fl t Cm dsa | ecdsa | ed25519 | rsa | rsa1
50.Op Fl N Ar new_passphrase 50.Op Fl N Ar new_passphrase
51.Op Fl C Ar comment 51.Op Fl C Ar comment
52.Op Fl f Ar output_keyfile 52.Op Fl f Ar output_keyfile
@@ -514,7 +514,7 @@ section for details.
514Test DH group exchange candidate primes (generated using the 514Test DH group exchange candidate primes (generated using the
515.Fl G 515.Fl G
516option) for safety. 516option) for safety.
517.It Fl t Ar type 517.It Fl t Cm dsa | ecdsa | ed25519 | rsa | rsa1
518Specifies the type of key to create. 518Specifies the type of key to create.
519The possible values are 519The possible values are
520.Dq rsa1 520.Dq rsa1
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 64d1a5f3c..75dea318f 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh-keygen.c,v 1.242 2014/03/12 04:50:32 djm Exp $ */ 1/* $OpenBSD: ssh-keygen.c,v 1.243 2014/03/15 17:28:26 deraadt Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2149,56 +2149,35 @@ do_check_krl(struct passwd *pw, int argc, char **argv)
2149static void 2149static void
2150usage(void) 2150usage(void)
2151{ 2151{
2152 fprintf(stderr, "usage: %s [options]\n", __progname); 2152 fprintf(stderr,
2153 fprintf(stderr, "Options:\n"); 2153 "usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1]\n"
2154 fprintf(stderr, " -A Generate non-existent host keys for all key types.\n"); 2154 " [-N new_passphrase] [-C comment] [-f output_keyfile]\n"
2155 fprintf(stderr, " -a number Number of KDF rounds for new key format or moduli primality tests.\n"); 2155 " ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]\n"
2156 fprintf(stderr, " -B Show bubblebabble digest of key file.\n"); 2156 " ssh-keygen -i [-m key_format] [-f input_keyfile]\n"
2157 fprintf(stderr, " -b bits Number of bits in the key to create.\n"); 2157 " ssh-keygen -e [-m key_format] [-f input_keyfile]\n"
2158 fprintf(stderr, " -C comment Provide new comment.\n"); 2158 " ssh-keygen -y [-f input_keyfile]\n"
2159 fprintf(stderr, " -c Change comment in private and public key files.\n"); 2159 " ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]\n"
2160 " ssh-keygen -l [-f input_keyfile]\n"
2161 " ssh-keygen -B [-f input_keyfile]\n");
2160#ifdef ENABLE_PKCS11 2162#ifdef ENABLE_PKCS11
2161 fprintf(stderr, " -D pkcs11 Download public key from pkcs11 token.\n"); 2163 fprintf(stderr,
2164 " ssh-keygen -D pkcs11\n");
2162#endif 2165#endif
2163 fprintf(stderr, " -e Export OpenSSH to foreign format key file.\n"); 2166 fprintf(stderr,
2164 fprintf(stderr, " -F hostname Find hostname in known hosts file.\n"); 2167 " ssh-keygen -F hostname [-f known_hosts_file] [-l]\n"
2165 fprintf(stderr, " -f filename Filename of the key file.\n"); 2168 " ssh-keygen -H [-f known_hosts_file]\n"
2166 fprintf(stderr, " -G file Generate candidates for DH-GEX moduli.\n"); 2169 " ssh-keygen -R hostname [-f known_hosts_file]\n"
2167 fprintf(stderr, " -g Use generic DNS resource record format.\n"); 2170 " ssh-keygen -r hostname [-f input_keyfile] [-g]\n"
2168 fprintf(stderr, " -H Hash names in known_hosts file.\n"); 2171 " ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point]\n"
2169 fprintf(stderr, " -h Generate host certificate instead of a user certificate.\n"); 2172 " ssh-keygen -T output_file -f input_file [-v] [-a rounds] [-J num_lines]\n"
2170 fprintf(stderr, " -I key_id Key identifier to include in certificate.\n"); 2173 " [-j start_line] [-K checkpt] [-W generator]\n"
2171 fprintf(stderr, " -i Import foreign format to OpenSSH key file.\n"); 2174 " ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals]\n"
2172 fprintf(stderr, " -J number Screen this number of moduli lines.\n"); 2175 " [-O option] [-V validity_interval] [-z serial_number] file ...\n"
2173 fprintf(stderr, " -j number Start screening moduli at specified line.\n"); 2176 " ssh-keygen -L [-f input_keyfile]\n"
2174 fprintf(stderr, " -K checkpt Write checkpoints to this file.\n"); 2177 " ssh-keygen -A\n"
2175 fprintf(stderr, " -k Generate a KRL file.\n"); 2178 " ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number]\n"
2176 fprintf(stderr, " -L Print the contents of a certificate.\n"); 2179 " file ...\n"
2177 fprintf(stderr, " -l Show fingerprint of key file.\n"); 2180 " ssh-keygen -Q -f krl_file file ...\n");
2178 fprintf(stderr, " -M memory Amount of memory (MB) to use for generating DH-GEX moduli.\n");
2179 fprintf(stderr, " -m key_fmt Conversion format for -e/-i (PEM|PKCS8|RFC4716).\n");
2180 fprintf(stderr, " -N phrase Provide new passphrase.\n");
2181 fprintf(stderr, " -n name,... User/host principal names to include in certificate\n");
2182 fprintf(stderr, " -O option Specify a certificate option.\n");
2183 fprintf(stderr, " -o Enforce new private key format.\n");
2184 fprintf(stderr, " -P phrase Provide old passphrase.\n");
2185 fprintf(stderr, " -p Change passphrase of private key file.\n");
2186 fprintf(stderr, " -Q Test whether key(s) are revoked in KRL.\n");
2187 fprintf(stderr, " -q Quiet.\n");
2188 fprintf(stderr, " -R hostname Remove host from known_hosts file.\n");
2189 fprintf(stderr, " -r hostname Print DNS resource record.\n");
2190 fprintf(stderr, " -S start Start point (hex) for generating DH-GEX moduli.\n");
2191 fprintf(stderr, " -s ca_key Certify keys with CA key.\n");
2192 fprintf(stderr, " -T file Screen candidates for DH-GEX moduli.\n");
2193 fprintf(stderr, " -t type Specify type of key to create.\n");
2194 fprintf(stderr, " -u Update KRL rather than creating a new one.\n");
2195 fprintf(stderr, " -V from:to Specify certificate validity interval.\n");
2196 fprintf(stderr, " -v Verbose.\n");
2197 fprintf(stderr, " -W gen Generator to use for generating DH-GEX moduli.\n");
2198 fprintf(stderr, " -y Read private key file and print public key.\n");
2199 fprintf(stderr, " -Z cipher Specify a cipher for new private key format.\n");
2200 fprintf(stderr, " -z serial Specify a serial number.\n");
2201
2202 exit(1); 2181 exit(1);
2203} 2182}
2204 2183