1 files changed, 12 insertions, 9 deletions
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 772caf7ad..d704f0660 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: ssh-keygen.1,v 1.84 2010/02/26 20:29:54 djm Exp $
+.\"     $OpenBSD: ssh-keygen.1,v 1.85 2010/02/26 22:09:28 jmc Exp $
 .\"
 .\"  -*- nroff -*-
 .\"
@@ -107,6 +107,7 @@
 .Op Fl a Ar num_trials
 .Op Fl W Ar generator
 .Nm ssh-keygen
+.Bk -words
 .Fl s Ar ca_key
 .Fl I Ar certificate_identity
 .Op Fl h
@@ -114,6 +115,7 @@
 .Op Fl O Ar constraint
 .Op Fl V Ar validity_interval
 .Ar
+.Ek
 .Sh DESCRIPTION
 .Nm
 generates, manages and converts authentication keys for
@@ -259,7 +261,7 @@ certificate.
 Please see the
 .Sx CERTIFICATES
 section for details.
-.It Fl I
+.It Fl I Ar certificate_identity
 Specify the key identity when signing a public key.
 Please see the
 .Sx CERTIFICATES
@@ -303,21 +305,21 @@ section for details.
 The constraints that are valid for user certificates are:
 .Bl -tag -width Ds
 .It Ic no-x11-forwarding
-Disable X11 forwarding. (permitted by default)
+Disable X11 forwarding (permitted by default).
 .It Ic no-agent-forwarding
 Disable
 .Xr ssh-agent 1
-forwarding. (permitted by default)
+forwarding (permitted by default).
 .It Ic no-port-forwarding
-Disable port forwarding. (permitted by default)
+Disable port forwarding (permitted by default).
 .It Ic no-pty
-Disable PTY allocation. (permitted by default)
+Disable PTY allocation (permitted by default).
 .It Ic no-user-rc
 Disable execution of
 .Pa ~/.ssh/rc
 by
-.Xr sshd 8 .
+.Xr sshd 8
-(permitted by default)
+(permitted by default).
 .It Ic clear
 Clear all enabled permissions.
 This is useful for clearing the default set of permissions so permissions may
@@ -504,7 +506,8 @@ the X.509 certificates used in
 .Nm
 supports two types of certificates: user and host.
 User certificates authenticate users to servers, whereas host certificates
-authenticate server hosts to users. To generate a user certificate:
+authenticate server hosts to users.
+To generate a user certificate:
 .Pp
 .Dl $ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub
 .Pp

diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 772caf7ad..d704f0660 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: ssh-keygen.1,v 1.84 2010/02/26 20:29:54 djm Exp $	1	.\" $OpenBSD: ssh-keygen.1,v 1.85 2010/02/26 22:09:28 jmc Exp $
2	.\"	2	.\"
3	.\" -- nroff --	3	.\" -- nroff --
4	.\"	4	.\"
@@ -107,6 +107,7 @@
107	.Op Fl a Ar num_trials	107	.Op Fl a Ar num_trials
108	.Op Fl W Ar generator	108	.Op Fl W Ar generator
109	.Nm ssh-keygen	109	.Nm ssh-keygen
		110	.Bk -words
110	.Fl s Ar ca_key	111	.Fl s Ar ca_key
111	.Fl I Ar certificate_identity	112	.Fl I Ar certificate_identity
112	.Op Fl h	113	.Op Fl h
@@ -114,6 +115,7 @@
114	.Op Fl O Ar constraint	115	.Op Fl O Ar constraint
115	.Op Fl V Ar validity_interval	116	.Op Fl V Ar validity_interval
116	.Ar	117	.Ar
		118	.Ek
117	.Sh DESCRIPTION	119	.Sh DESCRIPTION
118	.Nm	120	.Nm
119	generates, manages and converts authentication keys for	121	generates, manages and converts authentication keys for
@@ -259,7 +261,7 @@ certificate.
259	Please see the	261	Please see the
260	.Sx CERTIFICATES	262	.Sx CERTIFICATES
261	section for details.	263	section for details.
262	.It Fl I	264	.It Fl I Ar certificate_identity
263	Specify the key identity when signing a public key.	265	Specify the key identity when signing a public key.
264	Please see the	266	Please see the
265	.Sx CERTIFICATES	267	.Sx CERTIFICATES
@@ -303,21 +305,21 @@ section for details.
303	The constraints that are valid for user certificates are:	305	The constraints that are valid for user certificates are:
304	.Bl -tag -width Ds	306	.Bl -tag -width Ds
305	.It Ic no-x11-forwarding	307	.It Ic no-x11-forwarding
306	Disable X11 forwarding. (permitted by default)	308	Disable X11 forwarding (permitted by default).
307	.It Ic no-agent-forwarding	309	.It Ic no-agent-forwarding
308	Disable	310	Disable
309	.Xr ssh-agent 1	311	.Xr ssh-agent 1
310	forwarding. (permitted by default)	312	forwarding (permitted by default).
311	.It Ic no-port-forwarding	313	.It Ic no-port-forwarding
312	Disable port forwarding. (permitted by default)	314	Disable port forwarding (permitted by default).
313	.It Ic no-pty	315	.It Ic no-pty
314	Disable PTY allocation. (permitted by default)	316	Disable PTY allocation (permitted by default).
315	.It Ic no-user-rc	317	.It Ic no-user-rc
316	Disable execution of	318	Disable execution of
317	.Pa ~/.ssh/rc	319	.Pa ~/.ssh/rc
318	by	320	by
319	.Xr sshd 8 .	321	.Xr sshd 8
320	(permitted by default)	322	(permitted by default).
321	.It Ic clear	323	.It Ic clear
322	Clear all enabled permissions.	324	Clear all enabled permissions.
323	This is useful for clearing the default set of permissions so permissions may	325	This is useful for clearing the default set of permissions so permissions may
@@ -504,7 +506,8 @@ the X.509 certificates used in
504	.Nm	506	.Nm
505	supports two types of certificates: user and host.	507	supports two types of certificates: user and host.
506	User certificates authenticate users to servers, whereas host certificates	508	User certificates authenticate users to servers, whereas host certificates
507	authenticate server hosts to users. To generate a user certificate:	509	authenticate server hosts to users.
		510	To generate a user certificate:
508	.Pp	511	.Pp
509	.Dl $ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub	512	.Dl $ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub
510	.Pp	513	.Pp