summaryrefslogtreecommitdiff
path: root/ssh-keygen.0
diff options
context:
space:
mode:
Diffstat (limited to 'ssh-keygen.0')
-rw-r--r--ssh-keygen.044
1 files changed, 22 insertions, 22 deletions
diff --git a/ssh-keygen.0 b/ssh-keygen.0
index c9877300e..aed4a14ad 100644
--- a/ssh-keygen.0
+++ b/ssh-keygen.0
@@ -165,8 +165,14 @@ DESCRIPTION
165 section for details. The constraints that are valid for user 165 section for details. The constraints that are valid for user
166 certificates are: 166 certificates are:
167 167
168 no-x11-forwarding 168 clear Clear all enabled permissions. This is useful for clear-
169 Disable X11 forwarding (permitted by default). 169 ing the default set of permissions so permissions may be
170 added individually.
171
172 force-command=command
173 Forces the execution of command instead of any shell or
174 command specified by the user when the certificate is
175 used for authentication.
170 176
171 no-agent-forwarding 177 no-agent-forwarding
172 Disable ssh-agent(1) forwarding (permitted by default). 178 Disable ssh-agent(1) forwarding (permitted by default).
@@ -180,12 +186,8 @@ DESCRIPTION
180 Disable execution of ~/.ssh/rc by sshd(8) (permitted by 186 Disable execution of ~/.ssh/rc by sshd(8) (permitted by
181 default). 187 default).
182 188
183 clear Clear all enabled permissions. This is useful for clear- 189 no-x11-forwarding
184 ing the default set of permissions so permissions may be 190 Disable X11 forwarding (permitted by default).
185 added individually.
186
187 permit-x11-forwarding
188 Allows X11 forwarding.
189 191
190 permit-agent-forwarding 192 permit-agent-forwarding
191 Allows ssh-agent(1) forwarding. 193 Allows ssh-agent(1) forwarding.
@@ -199,16 +201,14 @@ DESCRIPTION
199 permit-user-rc 201 permit-user-rc
200 Allows execution of ~/.ssh/rc by sshd(8). 202 Allows execution of ~/.ssh/rc by sshd(8).
201 203
202 force-command=command 204 permit-x11-forwarding
203 Forces the execution of command instead of any shell or 205 Allows X11 forwarding.
204 command specified by the user when the certificate is
205 used for authentication.
206 206
207 source-address=address_list 207 source-address=address_list
208 Restrict the source addresses from which the certificate 208 Restrict the source addresses from which the certificate
209 is considered valid from. The address_list is a comma- 209 is considered valid. The address_list is a comma-sepa-
210 separated list of one or more address/netmask pairs in 210 rated list of one or more address/netmask pairs in CIDR
211 CIDR format. 211 format.
212 212
213 At present, no constraints are valid for host keys. 213 At present, no constraints are valid for host keys.
214 214
@@ -257,9 +257,9 @@ DESCRIPTION
257 in YYYYMMDD format, a time in YYYYMMDDHHMMSS format or a relative 257 in YYYYMMDD format, a time in YYYYMMDDHHMMSS format or a relative
258 time (to the current time) consisting of a minus sign followed by 258 time (to the current time) consisting of a minus sign followed by
259 a relative time in the format described in the TIME FORMATS sec- 259 a relative time in the format described in the TIME FORMATS sec-
260 tion of ssh_config(5). The end time may be specified as a YYYYM- 260 tion of sshd_config(5). The end time may be specified as a
261 MDD date, a YYYYMMDDHHMMSS time or a relative time starting with 261 YYYYMMDD date, a YYYYMMDDHHMMSS time or a relative time starting
262 a plus character. 262 with a plus character.
263 263
264 For example: ``+52w1d'' (valid from now to 52 weeks and one day 264 For example: ``+52w1d'' (valid from now to 52 weeks and one day
265 from now), ``-4w:+4w'' (valid from four weeks ago to four weeks 265 from now), ``-4w:+4w'' (valid from four weeks ago to four weeks
@@ -329,12 +329,12 @@ CERTIFICATES
329 329
330 $ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub 330 $ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub
331 331
332 The resultant certificate will be placed in /path/to/user_key_cert.pub. 332 The resultant certificate will be placed in /path/to/user_key-cert.pub.
333 A host certificate requires the -h option: 333 A host certificate requires the -h option:
334 334
335 $ ssh-keygen -s /path/to/ca_key -I key_id -h /path/to/host_key.pub 335 $ ssh-keygen -s /path/to/ca_key -I key_id -h /path/to/host_key.pub
336 336
337 The host certificate will be output to /path/to/host_key_cert.pub. In 337 The host certificate will be output to /path/to/host_key-cert.pub. In
338 both cases, key_id is a "key identifier" that is logged by the server 338 both cases, key_id is a "key identifier" that is logged by the server
339 when the certificate is used for authentication. 339 when the certificate is used for authentication.
340 340
@@ -344,7 +344,7 @@ CERTIFICATES
344 pals: 344 pals:
345 345
346 $ ssh-keygen -s ca_key -I key_id -n user1,user2 user_key.pub 346 $ ssh-keygen -s ca_key -I key_id -n user1,user2 user_key.pub
347 $ ssh-keygen -s ca_key -I key_id -h -n host.domain $0 347 $ ssh-keygen -s ca_key -I key_id -h -n host.domain user_key.pub
348 348
349 Additional limitations on the validity and use of user certificates may 349 Additional limitations on the validity and use of user certificates may
350 be specified through certificate constraints. A constrained certificate 350 be specified through certificate constraints. A constrained certificate
@@ -431,4 +431,4 @@ AUTHORS
431 created OpenSSH. Markus Friedl contributed the support for SSH protocol 431 created OpenSSH. Markus Friedl contributed the support for SSH protocol
432 versions 1.5 and 2.0. 432 versions 1.5 and 2.0.
433 433
434OpenBSD 4.6 March 8, 2010 7 434OpenBSD 4.7 March 13, 2010 7
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-29 08:28:56 +0000