tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upstream commit 

tidy up -O somewhat; ok djm

Upstream-ID: 804405f716bf7ef15c1f36ab48581ca16aeb4d52
This commit is contained in:
jmc@openbsd.org 2017-05-02 07:13:31 +00:00 committed by Damien Miller
parent d1c6b7fdbd
commit 6b84897f7f
1 changed files with 66 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

125
ssh-keygen.1
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-keygen.1,v 1.136 2017/04/30 23:18:44 djm Exp $ .\" $OpenBSD: ssh-keygen.1,v 1.137 2017/05/02 07:13:31 jmc Exp $
.\" .\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi> .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -35,7 +35,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.Dd $Mdocdate: April 30 2017 $ .Dd $Mdocdate: May 2 2017 $
.Dt SSH-KEYGEN 1 .Dt SSH-KEYGEN 1
.Os .Os
.Sh NAME .Sh NAME
@ -422,70 +422,22 @@ section for details.
.It Fl O Ar option .It Fl O Ar option
Specify a certificate option when signing a key. Specify a certificate option when signing a key.
This option may be specified multiple times. This option may be specified multiple times.
Please see the See also the
.Sx CERTIFICATES .Sx CERTIFICATES
section for details. section for further details.
At present, no standard options are valid for host keys.
The options that are valid for user certificates are: The options that are valid for user certificates are:
.Bl -tag -width Ds .Pp
.Bl -tag -width Ds -compact
.It Ic clear .It Ic clear
Clear all enabled permissions. Clear all enabled permissions.
This is useful for clearing the default set of permissions so permissions may This is useful for clearing the default set of permissions so permissions may
be added individually. be added individually.
.It Ic force-command Ns = Ns Ar command .Pp
Forces the execution of
.Ar command
instead of any shell or command specified by the user when
the certificate is used for authentication.
.It Ic no-agent-forwarding
Disable
.Xr ssh-agent 1
forwarding (permitted by default).
.It Ic no-port-forwarding
Disable port forwarding (permitted by default).
.It Ic no-pty
Disable PTY allocation (permitted by default).
.It Ic no-user-rc
Disable execution of
.Pa ~/.ssh/rc
by
.Xr sshd 8
(permitted by default).
.It Ic no-x11-forwarding
Disable X11 forwarding (permitted by default).
.It Ic permit-agent-forwarding
Allows
.Xr ssh-agent 1
forwarding.
.It Ic permit-port-forwarding
Allows port forwarding.
.It Ic permit-pty
Allows PTY allocation.
.It Ic permit-user-rc
Allows execution of
.Pa ~/.ssh/rc
by
.Xr sshd 8 .
.It Ic permit-x11-forwarding
Allows X11 forwarding.
.It Ic source-address Ns = Ns Ar address_list
Restrict the source addresses from which the certificate is considered valid.
The
.Ar address_list
is a comma-separated list of one or more address/netmask pairs in CIDR
format.
.It Ic extension : Ns Ar name Ns Op Ns = Ns Ar contents
Includes an arbitrary certificate extension.
.It Ic critical : Ns Ar name Ns Op Ns = Ns Ar contents .It Ic critical : Ns Ar name Ns Op Ns = Ns Ar contents
Includes an arbitrary certificate critical option. .It Ic extension : Ns Ar name Ns Op Ns = Ns Ar contents
.El Includes an arbitrary certificate critical option or extension.
.Pp The specified
At present, no standard options are valid for host keys.
.Pp
For non-standard certificate extensions or options included using
.Ic extension
or
.Ic option ,
the specified
.Ar name .Ar name
should include a domain suffix, e.g.\& should include a domain suffix, e.g.\&
.Dq name@example.com . .Dq name@example.com .
@ -496,6 +448,61 @@ encoded as a string, otherwise the extension/option is created with no
contents (usually indicating a flag). contents (usually indicating a flag).
Extensions may be ignored by a client or server that does not recognise them, Extensions may be ignored by a client or server that does not recognise them,
whereas unknown critical options will cause the certificate to be refused. whereas unknown critical options will cause the certificate to be refused.
.Pp
.It Ic force-command Ns = Ns Ar command
Forces the execution of
.Ar command
instead of any shell or command specified by the user when
the certificate is used for authentication.
.Pp
.It Ic no-agent-forwarding
Disable
.Xr ssh-agent 1
forwarding (permitted by default).
.Pp
.It Ic no-port-forwarding
Disable port forwarding (permitted by default).
.Pp
.It Ic no-pty
Disable PTY allocation (permitted by default).
.Pp
.It Ic no-user-rc
Disable execution of
.Pa ~/.ssh/rc
by
.Xr sshd 8
(permitted by default).
.Pp
.It Ic no-x11-forwarding
Disable X11 forwarding (permitted by default).
.Pp
.It Ic permit-agent-forwarding
Allows
.Xr ssh-agent 1
forwarding.
.Pp
.It Ic permit-port-forwarding
Allows port forwarding.
.Pp
.It Ic permit-pty
Allows PTY allocation.
.Pp
.It Ic permit-user-rc
Allows execution of
.Pa ~/.ssh/rc
by
.Xr sshd 8 .
.Pp
.It Ic permit-x11-forwarding
Allows X11 forwarding.
.Pp
.It Ic source-address Ns = Ns Ar address_list
Restrict the source addresses from which the certificate is considered valid.
The
.Ar address_list
is a comma-separated list of one or more address/netmask pairs in CIDR
format.
.El
.It Fl o .It Fl o
Causes Causes
.Nm .Nm