- jmc@cvs.openbsd.org 2013/01/18 07:57:47
[ssh-keygen.1] tweak previous;
This commit is contained in:
parent
da5cc5d09a
commit
ac5542b6b8
|
@ -2,6 +2,10 @@
|
|||
- (djm) [cipher-aes.c cipher-ctr.c openbsd-compat/openssl-compat.h]
|
||||
Move prototypes for replacement ciphers to openssl-compat.h; fix EVP
|
||||
prototypes for openssl-1.0.0-fips.
|
||||
- (djm) OpenBSD CVS Sync
|
||||
- jmc@cvs.openbsd.org 2013/01/18 07:57:47
|
||||
[ssh-keygen.1]
|
||||
tweak previous;
|
||||
|
||||
20130118
|
||||
- (djm) OpenBSD CVS Sync
|
||||
|
|
31
ssh-keygen.1
31
ssh-keygen.1
|
@ -1,4 +1,4 @@
|
|||
.\" $OpenBSD: ssh-keygen.1,v 1.111 2013/01/17 23:00:01 djm Exp $
|
||||
.\" $OpenBSD: ssh-keygen.1,v 1.112 2013/01/18 07:57:47 jmc Exp $
|
||||
.\"
|
||||
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
|
@ -35,7 +35,7 @@
|
|||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
.\"
|
||||
.Dd $Mdocdate: January 17 2013 $
|
||||
.Dd $Mdocdate: January 18 2013 $
|
||||
.Dt SSH-KEYGEN 1
|
||||
.Os
|
||||
.Sh NAME
|
||||
|
@ -126,8 +126,8 @@
|
|||
.Fl k
|
||||
.Fl f Ar krl_file
|
||||
.Op Fl u
|
||||
.Op Fl s ca_public
|
||||
.Op Fl z version_number
|
||||
.Op Fl s Ar ca_public
|
||||
.Op Fl z Ar version_number
|
||||
.Ar
|
||||
.Nm ssh-keygen
|
||||
.Fl Q
|
||||
|
@ -158,7 +158,8 @@ section for details.
|
|||
Finally,
|
||||
.Nm
|
||||
can be used to generate and update Key Revocation Lists, and to test whether
|
||||
given keys have been revoked by one. See the
|
||||
given keys have been revoked by one.
|
||||
See the
|
||||
.Sx KEY REVOCATION LISTS
|
||||
section for details.
|
||||
.Pp
|
||||
|
@ -480,7 +481,7 @@ section for details.
|
|||
.Pp
|
||||
When generating a KRL,
|
||||
.Fl s
|
||||
specifies a path to a CA public key file used to revoke certificated directly
|
||||
specifies a path to a CA public key file used to revoke certificates directly
|
||||
by key ID or serial number.
|
||||
See the
|
||||
.Sx KEY REVOCATION LISTS
|
||||
|
@ -499,6 +500,12 @@ for protocol version 1 and
|
|||
or
|
||||
.Dq rsa
|
||||
for protocol version 2.
|
||||
.It Fl u
|
||||
Update a KRL.
|
||||
When specified with
|
||||
.Fl k ,
|
||||
keys listed via the command-line are added to the existing KRL rather than
|
||||
a new KRL being created.
|
||||
.It Fl V Ar validity_interval
|
||||
Specify a validity interval when signing a certificate.
|
||||
A validity interval may consist of a single time, indicating that the
|
||||
|
@ -522,12 +529,6 @@ For example:
|
|||
(valid from 12:30 PM, January 1st, 2010 to 12:30 PM, January 1st, 2011),
|
||||
.Dq -1d:20110101
|
||||
(valid from yesterday to midnight, January 1st, 2011).
|
||||
.It Fl u
|
||||
Update a KRL.
|
||||
When specified with
|
||||
.Fl k ,
|
||||
keys listed via the command-line are added to the existing KRL rather than
|
||||
a new KRL being created.
|
||||
.It Fl v
|
||||
Verbose mode.
|
||||
Causes
|
||||
|
@ -689,7 +690,7 @@ Please refer to those manual pages for details.
|
|||
.Nm
|
||||
is able to manage OpenSSH format Key Revocation Lists (KRLs).
|
||||
These binary files specify keys or certificates to be revoked using a
|
||||
compact format; taking as little a one bit per certificate if they are being
|
||||
compact format, taking as little a one bit per certificate if they are being
|
||||
revoked by serial number.
|
||||
.Pp
|
||||
KRLs may be generated using the
|
||||
|
@ -712,7 +713,7 @@ followed by a colon and some directive-specific information.
|
|||
.Bl -tag -width Ds
|
||||
.It Cm serial : Ar serial_number Op -serial_number
|
||||
Revokes a certificate with the specified serial number.
|
||||
Serial numbers are 64 bit values, not including zero and may be expressed
|
||||
Serial numbers are 64-bit values, not including zero and may be expressed
|
||||
in decimal, hex or octal.
|
||||
If two serial numbers are specified separated by a hyphen, then the range
|
||||
of serial numbers including and between each is revoked.
|
||||
|
@ -730,7 +731,7 @@ command-line using the
|
|||
option.
|
||||
.It Cm key : Ar public_key
|
||||
Revokes the specified key.
|
||||
In a certificate is listed, then it is revoked as a plain public key.
|
||||
If a certificate is listed, then it is revoked as a plain public key.
|
||||
.It Cm sha1 : Ar public_key
|
||||
Revokes the specified key by its SHA1 hash.
|
||||
.El
|
||||
|
|
Loading…
Reference in New Issue