1 files changed, 23 insertions, 10 deletions
diff --git a/ssh-add.1 b/ssh-add.1
index d4e1c603b..58d42138e 100644
--- a/ssh-add.1
+++ b/ssh-add.1
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: ssh-add.1,v 1.69 2019/01/21 12:53:35 djm Exp $
+.\"     $OpenBSD: ssh-add.1,v 1.79 2020/02/07 03:57:31 djm Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,16 +35,17 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: January 21 2019 $
+.Dd $Mdocdate: February 7 2020 $
 .Dt SSH-ADD 1
 .Os
 .Sh NAME
 .Nm ssh-add
-.Nd adds private key identities to the authentication agent
+.Nd adds private key identities to the OpenSSH authentication agent
 .Sh SYNOPSIS
 .Nm ssh-add
-.Op Fl cDdkLlqvXx
+.Op Fl cDdKkLlqvXx
 .Op Fl E Ar fingerprint_hash
+.Op Fl S Ar provider
 .Op Fl t Ar life
 .Op Ar
 .Nm ssh-add
@@ -62,8 +63,10 @@ When run without arguments, it adds the files
 .Pa ~/.ssh/id_rsa ,
 .Pa ~/.ssh/id_dsa ,
 .Pa ~/.ssh/id_ecdsa ,
+.Pa ~/.ssh/id_ecdsa_sk ,
+.Pa ~/.ssh/id_ed25519 ,
 and
-.Pa ~/.ssh/id_ed25519 .
+.Pa ~/.ssh/id_ed25519_sk .
 After loading a private key,
 .Nm
 will try to load corresponding certificate information from the
@@ -121,6 +124,8 @@ The default is
 .It Fl e Ar pkcs11
 Remove keys provided by the PKCS#11 shared library
 .Ar pkcs11 .
+.It Fl K
+Load resident keys from a FIDO authenticator.
 .It Fl k
 When loading keys into or deleting keys from the agent, process plain private
 keys only and skip certificates.
@@ -131,6 +136,10 @@ by the agent.
 Lists fingerprints of all identities currently represented by the agent.
 .It Fl q
 Be quiet after a successful operation.
+.It Fl S Ar provider
+Specifies a path to a library that will be used when adding
+FIDO authenticator-hosted keys, overriding the default of using the
+internal USB HID support.
 .It Fl s Ar pkcs11
 Add keys provided by the PKCS#11 shared library
 .Ar pkcs11 .
@@ -189,17 +198,21 @@ to make this work.)
 Identifies the path of a
 .Ux Ns -domain
 socket used to communicate with the agent.
+.It Ev SSH_SK_PROVIDER
+Specifies a path to a library that will be used when loading any
+FIDO authenticator-hosted keys, overriding the default of using
+the built-in USB HID support.
 .El
 .Sh FILES
-.Bl -tag -width Ds
+.Bl -tag -width Ds -compact
 .It Pa ~/.ssh/id_dsa
-Contains the DSA authentication identity of the user.
 .It Pa ~/.ssh/id_ecdsa
-Contains the ECDSA authentication identity of the user.
+.It Pa ~/.ssh/id_ecdsa_sk
 .It Pa ~/.ssh/id_ed25519
-Contains the Ed25519 authentication identity of the user.
+.It Pa ~/.ssh/id_ed25519_sk
 .It Pa ~/.ssh/id_rsa
-Contains the RSA authentication identity of the user.
+Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519,
+authenticator-hosted Ed25519 or RSA authentication identity of the user.
 .El
 .Pp
 Identity files should not be readable by anyone but the user.

diff --git a/ssh-add.1 b/ssh-add.1 index d4e1c603b..58d42138e 100644 --- a/ssh-add.1 +++ b/ssh-add.1
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: ssh-add.1,v 1.69 2019/01/21 12:53:35 djm Exp $	1	.\" $OpenBSD: ssh-add.1,v 1.79 2020/02/07 03:57:31 djm Exp $
2	.\"	2	.\"
3	.\" Author: Tatu Ylonen <ylo@cs.hut.fi>	3	.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4	.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,16 +35,17 @@
35	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	35	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
36	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	36	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
37	.\"	37	.\"
38	.Dd $Mdocdate: January 21 2019 $	38	.Dd $Mdocdate: February 7 2020 $
39	.Dt SSH-ADD 1	39	.Dt SSH-ADD 1
40	.Os	40	.Os
41	.Sh NAME	41	.Sh NAME
42	.Nm ssh-add	42	.Nm ssh-add
43	.Nd adds private key identities to the authentication agent	43	.Nd adds private key identities to the OpenSSH authentication agent
44	.Sh SYNOPSIS	44	.Sh SYNOPSIS
45	.Nm ssh-add	45	.Nm ssh-add
46	.Op Fl cDdkLlqvXx	46	.Op Fl cDdKkLlqvXx
47	.Op Fl E Ar fingerprint_hash	47	.Op Fl E Ar fingerprint_hash
		48	.Op Fl S Ar provider
48	.Op Fl t Ar life	49	.Op Fl t Ar life
49	.Op Ar	50	.Op Ar
50	.Nm ssh-add	51	.Nm ssh-add
@@ -62,8 +63,10 @@ When run without arguments, it adds the files
62	.Pa ~/.ssh/id_rsa ,	63	.Pa ~/.ssh/id_rsa ,
63	.Pa ~/.ssh/id_dsa ,	64	.Pa ~/.ssh/id_dsa ,
64	.Pa ~/.ssh/id_ecdsa ,	65	.Pa ~/.ssh/id_ecdsa ,
		66	.Pa ~/.ssh/id_ecdsa_sk ,
		67	.Pa ~/.ssh/id_ed25519 ,
65	and	68	and
66	.Pa ~/.ssh/id_ed25519 .	69	.Pa ~/.ssh/id_ed25519_sk .
67	After loading a private key,	70	After loading a private key,
68	.Nm	71	.Nm
69	will try to load corresponding certificate information from the	72	will try to load corresponding certificate information from the
@@ -121,6 +124,8 @@ The default is
121	.It Fl e Ar pkcs11	124	.It Fl e Ar pkcs11
122	Remove keys provided by the PKCS#11 shared library	125	Remove keys provided by the PKCS#11 shared library
123	.Ar pkcs11 .	126	.Ar pkcs11 .
		127	.It Fl K
		128	Load resident keys from a FIDO authenticator.
124	.It Fl k	129	.It Fl k
125	When loading keys into or deleting keys from the agent, process plain private	130	When loading keys into or deleting keys from the agent, process plain private
126	keys only and skip certificates.	131	keys only and skip certificates.
@@ -131,6 +136,10 @@ by the agent.
131	Lists fingerprints of all identities currently represented by the agent.	136	Lists fingerprints of all identities currently represented by the agent.
132	.It Fl q	137	.It Fl q
133	Be quiet after a successful operation.	138	Be quiet after a successful operation.
		139	.It Fl S Ar provider
		140	Specifies a path to a library that will be used when adding
		141	FIDO authenticator-hosted keys, overriding the default of using the
		142	internal USB HID support.
134	.It Fl s Ar pkcs11	143	.It Fl s Ar pkcs11
135	Add keys provided by the PKCS#11 shared library	144	Add keys provided by the PKCS#11 shared library
136	.Ar pkcs11 .	145	.Ar pkcs11 .
@@ -189,17 +198,21 @@ to make this work.)
189	Identifies the path of a	198	Identifies the path of a
190	.Ux Ns -domain	199	.Ux Ns -domain
191	socket used to communicate with the agent.	200	socket used to communicate with the agent.
		201	.It Ev SSH_SK_PROVIDER
		202	Specifies a path to a library that will be used when loading any
		203	FIDO authenticator-hosted keys, overriding the default of using
		204	the built-in USB HID support.
192	.El	205	.El
193	.Sh FILES	206	.Sh FILES
194	.Bl -tag -width Ds	207	.Bl -tag -width Ds -compact
195	.It Pa ~/.ssh/id_dsa	208	.It Pa ~/.ssh/id_dsa
196	Contains the DSA authentication identity of the user.
197	.It Pa ~/.ssh/id_ecdsa	209	.It Pa ~/.ssh/id_ecdsa
198	Contains the ECDSA authentication identity of the user.	210	.It Pa ~/.ssh/id_ecdsa_sk
199	.It Pa ~/.ssh/id_ed25519	211	.It Pa ~/.ssh/id_ed25519
200	Contains the Ed25519 authentication identity of the user.	212	.It Pa ~/.ssh/id_ed25519_sk
201	.It Pa ~/.ssh/id_rsa	213	.It Pa ~/.ssh/id_rsa
202	Contains the RSA authentication identity of the user.	214	Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519,
		215	authenticator-hosted Ed25519 or RSA authentication identity of the user.
203	.El	216	.El
204	.Pp	217	.Pp
205	Identity files should not be readable by anyone but the user.	218	Identity files should not be readable by anyone but the user.