upstream: use better markup for challenge and write-attestation, and

rejig the challenge text a little;

ok djm

OpenBSD-Commit-ID: 9f351e6da9edfdc907d5c3fdaf2e9ff3ab0a7a6f

ssh-keygen.1

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ssh-keygen.1,v 1.198 2020/02/02 07:36:50 jmc Exp $
+.\"	$OpenBSD: ssh-keygen.1,v 1.199 2020/02/03 08:15:37 jmc Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: February 2 2020 $
+.Dd $Mdocdate: February 3 2020 $
 .Dt SSH-KEYGEN 1
 .Os
 .Sh NAME
@@ -472,14 +472,12 @@ Those supported at present are:
 Override the default FIDO application/origin string of
 .Dq ssh: .
 This may be useful when generating host or domain-specific resident keys.
-.It Cm challenge=path
+.It Cm challenge Ns = Ns Ar path
 Specifies a path to a challenge string that will be passed to the
 FIDO token during key generation.
-The challenge string is optional, but may be used as part of an out-of-band
+The challenge string may be used as part of an out-of-band
-protocol for key enrollment.
+protocol for key enrollment
-If no
+(a random challenge is used by default).
-.Cm challenge
-is specified, a random challenge is used.
 .It Cm device
 Explicitly specify a
 .Xr fido 4
@@ -502,7 +500,7 @@ A username to be associated with a resident key,
 overriding the empty default username.
 Specifying a username may be useful when generating multiple resident keys
 for the same application name.
-.It Cm write-attestation=path
+.It Cm write-attestation Ns = Ns Ar path
 May be used at key generation time to record the attestation certificate
 returned from FIDO tokens during key generation.
 By default this information is discarded.