tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upstream: put the fido options in a list, and tidy up the text a 

little; ok djm

OpenBSD-Commit-ID: 491ce15ae52a88b7a6a2b3b6708a14b4aacdeebb
This commit is contained in:
jmc@openbsd.org 2020-01-06 07:43:28 +00:00 committed by Damien Miller
parent 30f704ebc0
commit cd53476383
1 changed files with 17 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
ssh-keygen.1
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-keygen.1,v 1.189 2020/01/06 02:00:46 djm Exp $ .\" $OpenBSD: ssh-keygen.1,v 1.190 2020/01/06 07:43:28 jmc Exp $
.\" .\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi> .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -460,39 +460,37 @@ listed in the
.Sx MODULI GENERATION .Sx MODULI GENERATION
section may be specified. section may be specified.
.Pp .Pp
When generating a key that will be hosted on a FIDO authenticator, this When generating a key that will be hosted on a FIDO authenticator,
flag may be used to specify key-specific options. this flag may be used to specify key-specific options.
The FIDO authenticator options are supported at present are: Those supported at present are:
.Pp .Bl -tag -width Ds
.Cm application .It Cm application
overrides the default FIDO application/origin string of Override the default FIDO application/origin string of
.Dq ssh: . .Dq ssh: .
This option may be useful when generating host or domain-specific resident This may be useful when generating host or domain-specific resident keys.
keys. .It Cm device
.Cm device Explicitly specify a
explicitly specify a device to generate the key on, rather than accepting
the authenticator middleware's automatic selection.
.Xr fido 4 .Xr fido 4
device to use, rather than letting the token middleware select one. device to use, rather than letting the token middleware select one.
.Cm no-touch-required .It Cm no-touch-required
indicates that the generated private key should not require touch Indicate that the generated private key should not require touch
events (user presence) when making signatures. events (user presence) when making signatures.
Note that Note that
.Xr sshd 8 .Xr sshd 8
will refuse such signatures by default, unless overridden via will refuse such signatures by default, unless overridden via
an authorized_keys option. an authorized_keys option.
.Pp .It Cm resident
.Cm resident Indicate that the key should be stored on the FIDO authenticator itself.
indicates that the key should be stored on the FIDO authenticator itself.
Resident keys may be supported on FIDO2 tokens and typically require that Resident keys may be supported on FIDO2 tokens and typically require that
a PIN be set on the token prior to generation. a PIN be set on the token prior to generation.
Resident keys may be loaded off the token using Resident keys may be loaded off the token using
.Xr ssh-add 1 . .Xr ssh-add 1 .
.Cm user .It Cm user
allows specification of a username to be associated with a resident key, A username to be associated with a resident key,
overriding the empty default username. overriding the empty default username.
Specifying a username may be useful when generating multiple resident keys Specifying a username may be useful when generating multiple resident keys
for the same application name. for the same application name.
.El
.Pp .Pp
The The
.Fl O .Fl O