diff options
Diffstat (limited to 'ssh-keygen.1')
-rw-r--r-- | ssh-keygen.1 | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/ssh-keygen.1 b/ssh-keygen.1 index b4a873920..c6a976183 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: ssh-keygen.1,v 1.196 2020/01/23 23:31:52 djm Exp $ | 1 | .\" $OpenBSD: ssh-keygen.1,v 1.197 2020/01/28 08:01:34 djm Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -35,7 +35,7 @@ | |||
35 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 35 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
36 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 36 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
37 | .\" | 37 | .\" |
38 | .Dd $Mdocdate: January 23 2020 $ | 38 | .Dd $Mdocdate: January 28 2020 $ |
39 | .Dt SSH-KEYGEN 1 | 39 | .Dt SSH-KEYGEN 1 |
40 | .Os | 40 | .Os |
41 | .Sh NAME | 41 | .Sh NAME |
@@ -483,6 +483,14 @@ Note that | |||
483 | .Xr sshd 8 | 483 | .Xr sshd 8 |
484 | will refuse such signatures by default, unless overridden via | 484 | will refuse such signatures by default, unless overridden via |
485 | an authorized_keys option. | 485 | an authorized_keys option. |
486 | .It Cm challenge=path | ||
487 | Specifies a path to a challenge string that will be passed to the | ||
488 | FIDO token during key generation. | ||
489 | The challenge string is optional, but may be used as part of an out-of-band | ||
490 | protocol for key enrollment. | ||
491 | If no | ||
492 | .Cm challenge | ||
493 | is specified, a random challenge is used. | ||
486 | .It Cm resident | 494 | .It Cm resident |
487 | Indicate that the key should be stored on the FIDO authenticator itself. | 495 | Indicate that the key should be stored on the FIDO authenticator itself. |
488 | Resident keys may be supported on FIDO2 tokens and typically require that | 496 | Resident keys may be supported on FIDO2 tokens and typically require that |
@@ -494,6 +502,10 @@ A username to be associated with a resident key, | |||
494 | overriding the empty default username. | 502 | overriding the empty default username. |
495 | Specifying a username may be useful when generating multiple resident keys | 503 | Specifying a username may be useful when generating multiple resident keys |
496 | for the same application name. | 504 | for the same application name. |
505 | .It Cm write-attestation=path | ||
506 | May be used at key generation time to record the attestation certificate | ||
507 | returned from FIDO tokens during key generation. | ||
508 | By default this information is discarded. | ||
497 | .El | 509 | .El |
498 | .Pp | 510 | .Pp |
499 | The | 511 | The |