diff options
Diffstat (limited to 'ssh-keygen.0')
-rw-r--r-- | ssh-keygen.0 | 33 |
1 files changed, 20 insertions, 13 deletions
diff --git a/ssh-keygen.0 b/ssh-keygen.0 index fb2c02fe7..417e8382b 100644 --- a/ssh-keygen.0 +++ b/ssh-keygen.0 | |||
@@ -226,8 +226,10 @@ DESCRIPTION | |||
226 | -O option | 226 | -O option |
227 | Specify a certificate option when signing a key. This option may | 227 | Specify a certificate option when signing a key. This option may |
228 | be specified multiple times. See also the CERTIFICATES section | 228 | be specified multiple times. See also the CERTIFICATES section |
229 | for further details. The options that are valid for user | 229 | for further details. |
230 | certificates are: | 230 | |
231 | At present, no standard options are valid for host keys. The | ||
232 | options that are valid for user certificates are: | ||
231 | 233 | ||
232 | clear Clear all enabled permissions. This is useful for | 234 | clear Clear all enabled permissions. This is useful for |
233 | clearing the default set of permissions so permissions | 235 | clearing the default set of permissions so permissions |
@@ -246,8 +248,6 @@ DESCRIPTION | |||
246 | unknown critical options will cause the certificate to be | 248 | unknown critical options will cause the certificate to be |
247 | refused. | 249 | refused. |
248 | 250 | ||
249 | At present, no standard options are valid for host keys. | ||
250 | |||
251 | force-command=command | 251 | force-command=command |
252 | Forces the execution of command instead of any shell or | 252 | Forces the execution of command instead of any shell or |
253 | command specified by the user when the certificate is | 253 | command specified by the user when the certificate is |
@@ -280,7 +280,7 @@ DESCRIPTION | |||
280 | permit-user-rc | 280 | permit-user-rc |
281 | Allows execution of ~/.ssh/rc by sshd(8). | 281 | Allows execution of ~/.ssh/rc by sshd(8). |
282 | 282 | ||
283 | permit-x11-forwarding | 283 | permit-X11-forwarding |
284 | Allows X11 forwarding. | 284 | Allows X11 forwarding. |
285 | 285 | ||
286 | source-address=address_list | 286 | source-address=address_list |
@@ -349,19 +349,26 @@ DESCRIPTION | |||
349 | validity interval may consist of a single time, indicating that | 349 | validity interval may consist of a single time, indicating that |
350 | the certificate is valid beginning now and expiring at that time, | 350 | the certificate is valid beginning now and expiring at that time, |
351 | or may consist of two times separated by a colon to indicate an | 351 | or may consist of two times separated by a colon to indicate an |
352 | explicit time interval. The start time may be specified as a | 352 | explicit time interval. |
353 | date in YYYYMMDD format, a time in YYYYMMDDHHMMSS format or a | 353 | |
354 | relative time (to the current time) consisting of a minus sign | 354 | The start time may be specified as the string M-bM-^@M-^\alwaysM-bM-^@M-^] to |
355 | followed by a relative time in the format described in the TIME | 355 | indicate the certificate has no specified start time, a date in |
356 | FORMATS section of sshd_config(5). The end time may be specified | 356 | YYYYMMDD format, a time in YYYYMMDDHHMM[SS] format, a relative |
357 | as a YYYYMMDD date, a YYYYMMDDHHMMSS time or a relative time | 357 | time (to the current time) consisting of a minus sign followed by |
358 | starting with a plus character. | 358 | an interval in the format described in the TIME FORMATS section |
359 | of sshd_config(5). | ||
360 | |||
361 | The end time may be specified as a YYYYMMDD date, a | ||
362 | YYYYMMDDHHMM[SS] time, a relative time starting with a plus | ||
363 | character or the string M-bM-^@M-^\foreverM-bM-^@M-^] to indicate that the | ||
364 | certificate has no expirty date. | ||
359 | 365 | ||
360 | For example: M-bM-^@M-^\+52w1dM-bM-^@M-^] (valid from now to 52 weeks and one day | 366 | For example: M-bM-^@M-^\+52w1dM-bM-^@M-^] (valid from now to 52 weeks and one day |
361 | from now), M-bM-^@M-^\-4w:+4wM-bM-^@M-^] (valid from four weeks ago to four weeks | 367 | from now), M-bM-^@M-^\-4w:+4wM-bM-^@M-^] (valid from four weeks ago to four weeks |
362 | from now), M-bM-^@M-^\20100101123000:20110101123000M-bM-^@M-^] (valid from 12:30 PM, | 368 | from now), M-bM-^@M-^\20100101123000:20110101123000M-bM-^@M-^] (valid from 12:30 PM, |
363 | January 1st, 2010 to 12:30 PM, January 1st, 2011), M-bM-^@M-^\-1d:20110101M-bM-^@M-^] | 369 | January 1st, 2010 to 12:30 PM, January 1st, 2011), M-bM-^@M-^\-1d:20110101M-bM-^@M-^] |
364 | (valid from yesterday to midnight, January 1st, 2011). | 370 | (valid from yesterday to midnight, January 1st, 2011). |
371 | M-bM-^@M-^\-1m:foreverM-bM-^@M-^] (valid from one minute ago and never expiring). | ||
365 | 372 | ||
366 | -v Verbose mode. Causes ssh-keygen to print debugging messages | 373 | -v Verbose mode. Causes ssh-keygen to print debugging messages |
367 | about its progress. This is helpful for debugging moduli | 374 | about its progress. This is helpful for debugging moduli |
@@ -570,4 +577,4 @@ AUTHORS | |||
570 | created OpenSSH. Markus Friedl contributed the support for SSH protocol | 577 | created OpenSSH. Markus Friedl contributed the support for SSH protocol |
571 | versions 1.5 and 2.0. | 578 | versions 1.5 and 2.0. |
572 | 579 | ||
573 | OpenBSD 6.2 July 8, 2017 OpenBSD 6.2 | 580 | OpenBSD 6.2 March 12, 2018 OpenBSD 6.2 |