summaryrefslogtreecommitdiff
path: root/ssh-keygen.1
diff options
context:
space:
mode:
Diffstat (limited to 'ssh-keygen.1')
-rw-r--r--ssh-keygen.1451
1 files changed, 278 insertions, 173 deletions
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 957d2f0f0..7af564297 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: ssh-keygen.1,v 1.171 2019/10/03 17:07:50 jmc Exp $ 1.\" $OpenBSD: ssh-keygen.1,v 1.201 2020/02/07 03:57:31 djm Exp $
2.\" 2.\"
3.\" Author: Tatu Ylonen <ylo@cs.hut.fi> 3.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,12 +35,12 @@
35.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 35.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
36.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 36.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
37.\" 37.\"
38.Dd $Mdocdate: October 3 2019 $ 38.Dd $Mdocdate: February 7 2020 $
39.Dt SSH-KEYGEN 1 39.Dt SSH-KEYGEN 1
40.Os 40.Os
41.Sh NAME 41.Sh NAME
42.Nm ssh-keygen 42.Nm ssh-keygen
43.Nd authentication key generation, management and conversion 43.Nd OpenSSH authentication key utility
44.Sh SYNOPSIS 44.Sh SYNOPSIS
45.Nm ssh-keygen 45.Nm ssh-keygen
46.Op Fl q 46.Op Fl q
@@ -48,8 +48,10 @@
48.Op Fl C Ar comment 48.Op Fl C Ar comment
49.Op Fl f Ar output_keyfile 49.Op Fl f Ar output_keyfile
50.Op Fl m Ar format 50.Op Fl m Ar format
51.Op Fl t Cm dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa
51.Op Fl N Ar new_passphrase 52.Op Fl N Ar new_passphrase
52.Op Fl t Cm dsa | ecdsa | ed25519 | rsa 53.Op Fl O Ar option
54.Op Fl w Ar provider
53.Nm ssh-keygen 55.Nm ssh-keygen
54.Fl p 56.Fl p
55.Op Fl f Ar keyfile 57.Op Fl f Ar keyfile
@@ -90,6 +92,9 @@
90.Fl H 92.Fl H
91.Op Fl f Ar known_hosts_file 93.Op Fl f Ar known_hosts_file
92.Nm ssh-keygen 94.Nm ssh-keygen
95.Fl K
96.Op Fl w Ar provider
97.Nm ssh-keygen
93.Fl R Ar hostname 98.Fl R Ar hostname
94.Op Fl f Ar known_hosts_file 99.Op Fl f Ar known_hosts_file
95.Nm ssh-keygen 100.Nm ssh-keygen
@@ -97,20 +102,14 @@
97.Op Fl g 102.Op Fl g
98.Op Fl f Ar input_keyfile 103.Op Fl f Ar input_keyfile
99.Nm ssh-keygen 104.Nm ssh-keygen
100.Fl G Ar output_file 105.Fl M Cm generate
101.Op Fl v 106.Op Fl O Ar option
102.Op Fl b Ar bits 107.Ar output_file
103.Op Fl M Ar memory
104.Op Fl S Ar start_point
105.Nm ssh-keygen 108.Nm ssh-keygen
106.Fl f Ar input_file 109.Fl M Cm screen
107.Fl T Ar output_file 110.Op Fl f Ar input_file
108.Op Fl v 111.Op Fl O Ar option
109.Op Fl a Ar rounds 112.Ar output_file
110.Op Fl J Ar num_lines
111.Op Fl j Ar start_line
112.Op Fl K Ar checkpt
113.Op Fl W Ar generator
114.Nm ssh-keygen 113.Nm ssh-keygen
115.Fl I Ar certificate_identity 114.Fl I Ar certificate_identity
116.Fl s Ar ca_key 115.Fl s Ar ca_key
@@ -139,6 +138,10 @@
139.Fl f Ar krl_file 138.Fl f Ar krl_file
140.Ar 139.Ar
141.Nm ssh-keygen 140.Nm ssh-keygen
141.Fl Y Cm find-principals
142.Fl s Ar signature_file
143.Fl f Ar allowed_signers_file
144.Nm ssh-keygen
142.Fl Y Cm check-novalidate 145.Fl Y Cm check-novalidate
143.Fl n Ar namespace 146.Fl n Ar namespace
144.Fl s Ar signature_file 147.Fl s Ar signature_file
@@ -188,7 +191,9 @@ with public key authentication runs this once to create the authentication
188key in 191key in
189.Pa ~/.ssh/id_dsa , 192.Pa ~/.ssh/id_dsa ,
190.Pa ~/.ssh/id_ecdsa , 193.Pa ~/.ssh/id_ecdsa ,
191.Pa ~/.ssh/id_ed25519 194.Pa ~/.ssh/id_ecdsa_sk ,
195.Pa ~/.ssh/id_ed25519 ,
196.Pa ~/.ssh/id_ed25519_sk
192or 197or
193.Pa ~/.ssh/id_rsa . 198.Pa ~/.ssh/id_rsa .
194Additionally, the system administrator may use this to generate host keys, 199Additionally, the system administrator may use this to generate host keys,
@@ -264,11 +269,6 @@ When saving a private key, this option specifies the number of KDF
264(key derivation function) rounds used. 269(key derivation function) rounds used.
265Higher numbers result in slower passphrase verification and increased 270Higher numbers result in slower passphrase verification and increased
266resistance to brute-force password cracking (should the keys be stolen). 271resistance to brute-force password cracking (should the keys be stolen).
267.Pp
268When screening DH-GEX candidates (using the
269.Fl T
270command),
271this option specifies the number of primality tests to perform.
272.It Fl B 272.It Fl B
273Show the bubblebabble digest of specified private or public key file. 273Show the bubblebabble digest of specified private or public key file.
274.It Fl b Ar bits 274.It Fl b Ar bits
@@ -282,7 +282,7 @@ flag determines the key length by selecting from one of three elliptic
282curve sizes: 256, 384 or 521 bits. 282curve sizes: 256, 384 or 521 bits.
283Attempting to use bit lengths other than these three values for ECDSA keys 283Attempting to use bit lengths other than these three values for ECDSA keys
284will fail. 284will fail.
285Ed25519 keys have a fixed length and the 285ECDSA-SK, Ed25519 and Ed25519-SK keys have a fixed length and the
286.Fl b 286.Fl b
287flag will be ignored. 287flag will be ignored.
288.It Fl C Ar comment 288.It Fl C Ar comment
@@ -329,12 +329,6 @@ used in conjunction with the
329option to print found keys in a hashed format. 329option to print found keys in a hashed format.
330.It Fl f Ar filename 330.It Fl f Ar filename
331Specifies the filename of the key file. 331Specifies the filename of the key file.
332.It Fl G Ar output_file
333Generate candidate primes for DH-GEX.
334These primes must be screened for
335safety (using the
336.Fl T
337option) before use.
338.It Fl g 332.It Fl g
339Use generic DNS format when printing fingerprint resource records using the 333Use generic DNS format when printing fingerprint resource records using the
340.Fl r 334.Fl r
@@ -375,24 +369,10 @@ This option allows importing keys from other software, including several
375commercial SSH implementations. 369commercial SSH implementations.
376The default import format is 370The default import format is
377.Dq RFC4716 . 371.Dq RFC4716 .
378.It Fl J Ar num_lines 372.It Fl K
379Exit after screening the specified number of lines 373Download resident keys from a FIDO authenticator.
380while performing DH candidate screening using the 374Public and private key files will be written to the current directory for
381.Fl T 375each downloaded key.
382option.
383.It Fl j Ar start_line
384Start screening at the specified line number
385while performing DH candidate screening using the
386.Fl T
387option.
388.It Fl K Ar checkpt
389Write the last line processed to the file
390.Ar checkpt
391while performing DH candidate screening using the
392.Fl T
393option.
394This will be used to skip lines in the input file that have already been
395processed if the job is restarted.
396.It Fl k 376.It Fl k
397Generate a KRL file. 377Generate a KRL file.
398In this mode, 378In this mode,
@@ -415,9 +395,26 @@ If combined with
415.Fl v , 395.Fl v ,
416a visual ASCII art representation of the key is supplied with the 396a visual ASCII art representation of the key is supplied with the
417fingerprint. 397fingerprint.
418.It Fl M Ar memory 398.It Fl M Cm generate
419Specify the amount of memory to use (in megabytes) when generating 399Generate candidate Diffie-Hellman Group Exchange (DH-GEX) parameters for
420candidate moduli for DH-GEX. 400eventual use by the
401.Sq diffie-hellman-group-exchange-*
402key exchange methods.
403The numbers generated by this operation must be further screened before
404use.
405See the
406.Sx MODULI GENERATION
407section for more information.
408.It Fl M Cm screen
409Screen candidate parameters for Diffie-Hellman Group Exchange.
410This will accept a list of candidate numbers and test that they are
411safe (Sophie Germain) primes with acceptable group generators.
412The results of this operation may be added to the
413.Pa /etc/moduli
414file.
415See the
416.Sx MODULI GENERATION
417section for more information.
421.It Fl m Ar key_format 418.It Fl m Ar key_format
422Specify a key format for key generation, the 419Specify a key format for key generation, the
423.Fl i 420.Fl i
@@ -453,90 +450,67 @@ Please see the
453.Sx CERTIFICATES 450.Sx CERTIFICATES
454section for details. 451section for details.
455.It Fl O Ar option 452.It Fl O Ar option
456Specify a certificate option when signing a key. 453Specify a key/value option.
457This option may be specified multiple times. 454These are specific to the operation that
458See also the 455.Nm
459.Sx CERTIFICATES 456has been requested to perform.
460section for further details.
461.Pp
462At present, no standard options are valid for host keys.
463The options that are valid for user certificates are:
464.Pp
465.Bl -tag -width Ds -compact
466.It Ic clear
467Clear all enabled permissions.
468This is useful for clearing the default set of permissions so permissions may
469be added individually.
470.Pp
471.It Ic critical : Ns Ar name Ns Op Ns = Ns Ar contents
472.It Ic extension : Ns Ar name Ns Op Ns = Ns Ar contents
473Includes an arbitrary certificate critical option or extension.
474The specified
475.Ar name
476should include a domain suffix, e.g.\&
477.Dq name@example.com .
478If
479.Ar contents
480is specified then it is included as the contents of the extension/option
481encoded as a string, otherwise the extension/option is created with no
482contents (usually indicating a flag).
483Extensions may be ignored by a client or server that does not recognise them,
484whereas unknown critical options will cause the certificate to be refused.
485.Pp
486.It Ic force-command Ns = Ns Ar command
487Forces the execution of
488.Ar command
489instead of any shell or command specified by the user when
490the certificate is used for authentication.
491.Pp
492.It Ic no-agent-forwarding
493Disable
494.Xr ssh-agent 1
495forwarding (permitted by default).
496.Pp 457.Pp
497.It Ic no-port-forwarding 458When signing certificates, one of the options listed in the
498Disable port forwarding (permitted by default). 459.Sx CERTIFICATES
460section may be specified here.
499.Pp 461.Pp
500.It Ic no-pty 462When performing moduli generation or screening, one of the options
501Disable PTY allocation (permitted by default). 463listed in the
464.Sx MODULI GENERATION
465section may be specified.
502.Pp 466.Pp
503.It Ic no-user-rc 467When generating a key that will be hosted on a FIDO authenticator,
504Disable execution of 468this flag may be used to specify key-specific options.
505.Pa ~/.ssh/rc 469Those supported at present are:
506by 470.Bl -tag -width Ds
471.It Cm application
472Override the default FIDO application/origin string of
473.Dq ssh: .
474This may be useful when generating host or domain-specific resident keys.
475The specified application string must begin with
476.Dq ssh: .
477.It Cm challenge Ns = Ns Ar path
478Specifies a path to a challenge string that will be passed to the
479FIDO token during key generation.
480The challenge string may be used as part of an out-of-band
481protocol for key enrollment
482(a random challenge is used by default).
483.It Cm device
484Explicitly specify a
485.Xr fido 4
486device to use, rather than letting the token middleware select one.
487.It Cm no-touch-required
488Indicate that the generated private key should not require touch
489events (user presence) when making signatures.
490Note that
507.Xr sshd 8 491.Xr sshd 8
508(permitted by default). 492will refuse such signatures by default, unless overridden via
509.Pp 493an authorized_keys option.
510.It Ic no-x11-forwarding 494.It Cm resident
511Disable X11 forwarding (permitted by default). 495Indicate that the key should be stored on the FIDO authenticator itself.
512.Pp 496Resident keys may be supported on FIDO2 tokens and typically require that
513.It Ic permit-agent-forwarding 497a PIN be set on the token prior to generation.
514Allows 498Resident keys may be loaded off the token using
515.Xr ssh-agent 1 499.Xr ssh-add 1 .
516forwarding. 500.It Cm user
517.Pp 501A username to be associated with a resident key,
518.It Ic permit-port-forwarding 502overriding the empty default username.
519Allows port forwarding. 503Specifying a username may be useful when generating multiple resident keys
520.Pp 504for the same application name.
521.It Ic permit-pty 505.It Cm write-attestation Ns = Ns Ar path
522Allows PTY allocation. 506May be used at key generation time to record the attestation certificate
523.Pp 507returned from FIDO tokens during key generation.
524.It Ic permit-user-rc 508By default this information is discarded.
525Allows execution of 509.El
526.Pa ~/.ssh/rc
527by
528.Xr sshd 8 .
529.Pp
530.It Ic permit-X11-forwarding
531Allows X11 forwarding.
532.Pp 510.Pp
533.It Ic source-address Ns = Ns Ar address_list
534Restrict the source addresses from which the certificate is considered valid.
535The 511The
536.Ar address_list 512.Fl O
537is a comma-separated list of one or more address/netmask pairs in CIDR 513option may be specified multiple times.
538format.
539.El
540.It Fl P Ar passphrase 514.It Fl P Ar passphrase
541Provides the (old) passphrase. 515Provides the (old) passphrase.
542.It Fl p 516.It Fl p
@@ -564,8 +538,6 @@ option above).
564Print the SSHFP fingerprint resource record named 538Print the SSHFP fingerprint resource record named
565.Ar hostname 539.Ar hostname
566for the specified public key file. 540for the specified public key file.
567.It Fl S Ar start
568Specify start point (in hex) when generating candidate moduli for DH-GEX.
569.It Fl s Ar ca_key 541.It Fl s Ar ca_key
570Certify (sign) a public key using the specified CA key. 542Certify (sign) a public key using the specified CA key.
571Please see the 543Please see the
@@ -579,16 +551,14 @@ by key ID or serial number.
579See the 551See the
580.Sx KEY REVOCATION LISTS 552.Sx KEY REVOCATION LISTS
581section for details. 553section for details.
582.It Fl T Ar output_file 554.It Fl t Cm dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa
583Test DH group exchange candidate primes (generated using the
584.Fl G
585option) for safety.
586.It Fl t Cm dsa | ecdsa | ed25519 | rsa
587Specifies the type of key to create. 555Specifies the type of key to create.
588The possible values are 556The possible values are
589.Dq dsa , 557.Dq dsa ,
590.Dq ecdsa , 558.Dq ecdsa ,
559.Dq ecdsa-sk ,
591.Dq ed25519 , 560.Dq ed25519 ,
561.Dq ed25519-sk ,
592or 562or
593.Dq rsa . 563.Dq rsa .
594.Pp 564.Pp
@@ -656,11 +626,38 @@ Multiple
656.Fl v 626.Fl v
657options increase the verbosity. 627options increase the verbosity.
658The maximum is 3. 628The maximum is 3.
659.It Fl W Ar generator 629.It Fl w Ar provider
660Specify desired generator when testing candidate moduli for DH-GEX. 630Specifies a path to a library that will be used when creating
661.It Fl y 631FIDO authenticator-hosted keys, overriding the default of using
662This option will read a private 632the internal USB HID support.
663OpenSSH format file and print an OpenSSH public key to stdout. 633.It Fl Y Cm find-principals
634Find the principal(s) associated with the public key of a signature,
635provided using the
636.Fl s
637flag in an authorized signers file provided using the
638.Fl f
639flag.
640The format of the allowed signers file is documented in the
641.Sx ALLOWED SIGNERS
642section below.
643If one or more matching principals are found, they are returned on
644standard output.
645.It Fl Y Cm check-novalidate
646Checks that a signature generated using
647.Nm
648.Fl Y Cm sign
649has a valid structure.
650This does not validate if a signature comes from an authorized signer.
651When testing a signature,
652.Nm
653accepts a message on standard input and a signature namespace using
654.Fl n .
655A file containing the corresponding signature must also be supplied using the
656.Fl s
657flag.
658Successful testing of the signature is signalled by
659.Nm
660returning a zero exit status.
664.It Fl Y Cm sign 661.It Fl Y Cm sign
665Cryptographically sign a file or some data using a SSH key. 662Cryptographically sign a file or some data using a SSH key.
666When signing, 663When signing,
@@ -716,22 +713,10 @@ flag.
716The revocation file may be a KRL or a one-per-line list of public keys. 713The revocation file may be a KRL or a one-per-line list of public keys.
717Successful verification by an authorized signer is signalled by 714Successful verification by an authorized signer is signalled by
718.Nm 715.Nm
719.It Fl Y Cm check-novalidate
720Checks that a signature generated using
721.Nm
722.Fl Y Cm sign
723has a valid structure.
724This does not validate if a signature comes from an authorized signer.
725When testing a signature,
726.Nm
727accepts a message on standard input and a signature namespace using
728.Fl n .
729A file containing the corresponding signature must also be supplied using the
730.Fl s
731flag.
732Successful testing of the signature is signalled by
733.Nm
734returning a zero exit status. 716returning a zero exit status.
717.It Fl y
718This option will read a private
719OpenSSH format file and print an OpenSSH public key to stdout.
735.It Fl z Ar serial_number 720.It Fl z Ar serial_number
736Specifies a serial number to be embedded in the certificate to distinguish 721Specifies a serial number to be embedded in the certificate to distinguish
737this certificate from others from the same CA. 722this certificate from others from the same CA.
@@ -757,25 +742,25 @@ These candidate primes are then tested for suitability (a CPU-intensive
757process). 742process).
758.Pp 743.Pp
759Generation of primes is performed using the 744Generation of primes is performed using the
760.Fl G 745.Fl M Cm generate
761option. 746option.
762The desired length of the primes may be specified by the 747The desired length of the primes may be specified by the
763.Fl b 748.Fl O Cm bits
764option. 749option.
765For example: 750For example:
766.Pp 751.Pp
767.Dl # ssh-keygen -G moduli-2048.candidates -b 2048 752.Dl # ssh-keygen -M generate -O bits=2048 moduli-2048.candidates
768.Pp 753.Pp
769By default, the search for primes begins at a random point in the 754By default, the search for primes begins at a random point in the
770desired length range. 755desired length range.
771This may be overridden using the 756This may be overridden using the
772.Fl S 757.Fl O Cm start
773option, which specifies a different start point (in hex). 758option, which specifies a different start point (in hex).
774.Pp 759.Pp
775Once a set of candidates have been generated, they must be screened for 760Once a set of candidates have been generated, they must be screened for
776suitability. 761suitability.
777This may be performed using the 762This may be performed using the
778.Fl T 763.Fl M Cm screen
779option. 764option.
780In this mode 765In this mode
781.Nm 766.Nm
@@ -784,16 +769,16 @@ will read candidates from standard input (or a file specified using the
784option). 769option).
785For example: 770For example:
786.Pp 771.Pp
787.Dl # ssh-keygen -T moduli-2048 -f moduli-2048.candidates 772.Dl # ssh-keygen -M screen -f moduli-2048.candidates moduli-2048
788.Pp 773.Pp
789By default, each candidate will be subjected to 100 primality tests. 774By default, each candidate will be subjected to 100 primality tests.
790This may be overridden using the 775This may be overridden using the
791.Fl a 776.Fl O Cm prime-tests
792option. 777option.
793The DH generator value will be chosen automatically for the 778The DH generator value will be chosen automatically for the
794prime under consideration. 779prime under consideration.
795If a specific generator is desired, it may be requested using the 780If a specific generator is desired, it may be requested using the
796.Fl W 781.Fl O Cm generator
797option. 782option.
798Valid generator values are 2, 3, and 5. 783Valid generator values are 2, 3, and 5.
799.Pp 784.Pp
@@ -801,6 +786,30 @@ Screened DH groups may be installed in
801.Pa /etc/moduli . 786.Pa /etc/moduli .
802It is important that this file contains moduli of a range of bit lengths and 787It is important that this file contains moduli of a range of bit lengths and
803that both ends of a connection share common moduli. 788that both ends of a connection share common moduli.
789.Pp
790A number of options are available for moduli generation and screening via the
791.Fl O
792flag:
793.Bl -tag -width Ds
794.It Ic lines Ns = Ns Ar number
795Exit after screening the specified number of lines while performing DH
796candidate screening.
797.It Ic start-line Ns = Ns Ar line-number
798Start screening at the specified line number while performing DH candidate
799screening.
800.It Ic checkpoint Ns = Ns Ar filename
801Write the last line processed to the specified file while performing DH
802candidate screening.
803This will be used to skip lines in the input file that have already been
804processed if the job is restarted.
805.It Ic memory Ns = Ns Ar mbytes
806Specify the amount of memory to use (in megabytes) when generating
807candidate moduli for DH-GEX.
808.It Ic start Ns = Ns Ar hex-value
809Specify start point (in hex) when generating candidate moduli for DH-GEX.
810.It Ic generator Ns = Ns Ar value
811Specify desired generator (in decimal) when testing candidate moduli for DH-GEX.
812.El
804.Sh CERTIFICATES 813.Sh CERTIFICATES
805.Nm 814.Nm
806supports signing of keys to produce certificates that may be used for 815supports signing of keys to produce certificates that may be used for
@@ -868,9 +877,94 @@ be specified through certificate options.
868A certificate option may disable features of the SSH session, may be 877A certificate option may disable features of the SSH session, may be
869valid only when presented from particular source addresses or may 878valid only when presented from particular source addresses or may
870force the use of a specific command. 879force the use of a specific command.
871For a list of valid certificate options, see the documentation for the 880.Pp
872.Fl O 881The options that are valid for user certificates are:
873option above. 882.Pp
883.Bl -tag -width Ds -compact
884.It Ic clear
885Clear all enabled permissions.
886This is useful for clearing the default set of permissions so permissions may
887be added individually.
888.Pp
889.It Ic critical : Ns Ar name Ns Op Ns = Ns Ar contents
890.It Ic extension : Ns Ar name Ns Op Ns = Ns Ar contents
891Includes an arbitrary certificate critical option or extension.
892The specified
893.Ar name
894should include a domain suffix, e.g.\&
895.Dq name@example.com .
896If
897.Ar contents
898is specified then it is included as the contents of the extension/option
899encoded as a string, otherwise the extension/option is created with no
900contents (usually indicating a flag).
901Extensions may be ignored by a client or server that does not recognise them,
902whereas unknown critical options will cause the certificate to be refused.
903.Pp
904.It Ic force-command Ns = Ns Ar command
905Forces the execution of
906.Ar command
907instead of any shell or command specified by the user when
908the certificate is used for authentication.
909.Pp
910.It Ic no-agent-forwarding
911Disable
912.Xr ssh-agent 1
913forwarding (permitted by default).
914.Pp
915.It Ic no-port-forwarding
916Disable port forwarding (permitted by default).
917.Pp
918.It Ic no-pty
919Disable PTY allocation (permitted by default).
920.Pp
921.It Ic no-user-rc
922Disable execution of
923.Pa ~/.ssh/rc
924by
925.Xr sshd 8
926(permitted by default).
927.Pp
928.It Ic no-x11-forwarding
929Disable X11 forwarding (permitted by default).
930.Pp
931.It Ic permit-agent-forwarding
932Allows
933.Xr ssh-agent 1
934forwarding.
935.Pp
936.It Ic permit-port-forwarding
937Allows port forwarding.
938.Pp
939.It Ic permit-pty
940Allows PTY allocation.
941.Pp
942.It Ic permit-user-rc
943Allows execution of
944.Pa ~/.ssh/rc
945by
946.Xr sshd 8 .
947.Pp
948.It Ic permit-X11-forwarding
949Allows X11 forwarding.
950.Pp
951.It Ic no-touch-required
952Do not require signatures made using this key require demonstration
953of user presence (e.g. by having the user touch the authenticator).
954This option only makes sense for the FIDO authenticator algorithms
955.Cm ecdsa-sk
956and
957.Cm ed25519-sk .
958.Pp
959.It Ic source-address Ns = Ns Ar address_list
960Restrict the source addresses from which the certificate is considered valid.
961The
962.Ar address_list
963is a comma-separated list of one or more address/netmask pairs in CIDR
964format.
965.El
966.Pp
967At present, no standard options are valid for host keys.
874.Pp 968.Pp
875Finally, certificates may be defined with a validity lifetime. 969Finally, certificates may be defined with a validity lifetime.
876The 970The
@@ -987,8 +1081,8 @@ The principals field is a pattern-list (See PATTERNS in
987consisting of one or more comma-separated USER@DOMAIN identity patterns 1081consisting of one or more comma-separated USER@DOMAIN identity patterns
988that are accepted for signing. 1082that are accepted for signing.
989When verifying, the identity presented via the 1083When verifying, the identity presented via the
990.Fl I option 1084.Fl I
991must match a principals pattern in order for the corresponding key to be 1085option must match a principals pattern in order for the corresponding key to be
992considered acceptable for verification. 1086considered acceptable for verification.
993.Pp 1087.Pp
994The options (if present) consist of comma-separated option specifications. 1088The options (if present) consist of comma-separated option specifications.
@@ -1019,14 +1113,23 @@ user1@example.com,user2@example.com ssh-rsa AAAAX1...
1019# A key that is accepted only for file signing. 1113# A key that is accepted only for file signing.
1020user2@example.com namespaces="file" ssh-ed25519 AAA41... 1114user2@example.com namespaces="file" ssh-ed25519 AAA41...
1021.Ed 1115.Ed
1116.Sh ENVIRONMENT
1117.Bl -tag -width Ds
1118.It Ev SSH_SK_PROVIDER
1119Specifies a path to a library that will be used when loading any
1120FIDO authenticator-hosted keys, overriding the default of using
1121the built-in USB HID support.
1122.El
1022.Sh FILES 1123.Sh FILES
1023.Bl -tag -width Ds -compact 1124.Bl -tag -width Ds -compact
1024.It Pa ~/.ssh/id_dsa 1125.It Pa ~/.ssh/id_dsa
1025.It Pa ~/.ssh/id_ecdsa 1126.It Pa ~/.ssh/id_ecdsa
1127.It Pa ~/.ssh/id_ecdsa_sk
1026.It Pa ~/.ssh/id_ed25519 1128.It Pa ~/.ssh/id_ed25519
1129.It Pa ~/.ssh/id_ed25519_sk
1027.It Pa ~/.ssh/id_rsa 1130.It Pa ~/.ssh/id_rsa
1028Contains the DSA, ECDSA, Ed25519 or RSA 1131Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519,
1029authentication identity of the user. 1132authenticator-hosted Ed25519 or RSA authentication identity of the user.
1030This file should not be readable by anyone but the user. 1133This file should not be readable by anyone but the user.
1031It is possible to 1134It is possible to
1032specify a passphrase when generating the key; that passphrase will be 1135specify a passphrase when generating the key; that passphrase will be
@@ -1039,10 +1142,12 @@ will read this file when a login attempt is made.
1039.Pp 1142.Pp
1040.It Pa ~/.ssh/id_dsa.pub 1143.It Pa ~/.ssh/id_dsa.pub
1041.It Pa ~/.ssh/id_ecdsa.pub 1144.It Pa ~/.ssh/id_ecdsa.pub
1145.It Pa ~/.ssh/id_ecdsa_sk.pub
1042.It Pa ~/.ssh/id_ed25519.pub 1146.It Pa ~/.ssh/id_ed25519.pub
1147.It Pa ~/.ssh/id_ed25519_sk.pub
1043.It Pa ~/.ssh/id_rsa.pub 1148.It Pa ~/.ssh/id_rsa.pub
1044Contains the DSA, ECDSA, Ed25519 or RSA 1149Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519,
1045public key for authentication. 1150authenticator-hosted Ed25519 or RSA public key for authentication.
1046The contents of this file should be added to 1151The contents of this file should be added to
1047.Pa ~/.ssh/authorized_keys 1152.Pa ~/.ssh/authorized_keys
1048on all machines 1153on all machines