tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-27 15:54:22 +02:00
Code Issues Packages Projects Releases Wiki Activity

upstream: Document loading of resident keys from a FIDO

Browse Source 
authenticator.

* Rename -O to -K to keep "-O option" available.
* Document -K.
* Trim usage() message down to synopsis, like all other commands.

ok markus@

OpenBSD-Commit-ID: 015c2c4b28f8e19107adc80351b44b23bca4c78a
This commit is contained in:
naddy@openbsd.org 2020-01-17 20:13:47 +00:00 committed by Damien Miller
parent 0d005d6372
commit e8c06c4ee7
2 changed files with 20 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ssh-add.1
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-add.1,v 1.77 2019/12/21 20:22:34 naddy Exp $ .\" $OpenBSD: ssh-add.1,v 1.78 2020/01/17 20:13:47 naddy Exp $
.\" .\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi> .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -35,7 +35,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.Dd $Mdocdate: December 21 2019 $ .Dd $Mdocdate: January 17 2020 $
.Dt SSH-ADD 1 .Dt SSH-ADD 1
.Os .Os
.Sh NAME .Sh NAME
@ -43,7 +43,7 @@
.Nd adds private key identities to the OpenSSH authentication agent .Nd adds private key identities to the OpenSSH authentication agent
.Sh SYNOPSIS .Sh SYNOPSIS
.Nm ssh-add .Nm ssh-add
.Op Fl cDdkLlqvXx .Op Fl cDdKkLlqvXx
.Op Fl E Ar fingerprint_hash .Op Fl E Ar fingerprint_hash
.Op Fl S Ar provider .Op Fl S Ar provider
.Op Fl t Ar life .Op Fl t Ar life
@ -124,6 +124,8 @@ The default is
.It Fl e Ar pkcs11 .It Fl e Ar pkcs11
Remove keys provided by the PKCS#11 shared library Remove keys provided by the PKCS#11 shared library
.Ar pkcs11 . .Ar pkcs11 .
.It Fl K
Load resident keys from a FIDO authenticator.
.It Fl k .It Fl k
When loading keys into or deleting keys from the agent, process plain private When loading keys into or deleting keys from the agent, process plain private
keys only and skip certificates. keys only and skip certificates.

40
ssh-add.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-add.c,v 1.149 2020/01/06 02:00:46 djm Exp $ */ /* $OpenBSD: ssh-add.c,v 1.150 2020/01/17 20:13:47 naddy Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -606,26 +606,16 @@ do_file(int agent_fd, int deleting, int key_only, char *file, int qflag,
static void static void
usage(void) usage(void)
{ {
fprintf(stderr, "usage: %s [options] [file ...]\n", __progname); fprintf(stderr,
fprintf(stderr, "Options:\n"); "usage: ssh-add [-cDdKkLlqvXx] [-E fingerprint_hash] [-S provider] [-t life]\n"
fprintf(stderr, " -l List fingerprints of all identities.\n"); #ifdef WITH_XMSS
fprintf(stderr, " -E hash Specify hash algorithm used for fingerprints.\n"); " [-M maxsign] [-m minleft]\n"
fprintf(stderr, " -L List public key parameters of all identities.\n"); #endif
fprintf(stderr, " -k Load only keys and not certificates.\n"); " [file ...]\n"
fprintf(stderr, " -c Require confirmation to sign using identities\n"); " ssh-add -s pkcs11\n"
fprintf(stderr, " -m minleft Maxsign is only changed if less than minleft are left (for XMSS)\n"); " ssh-add -e pkcs11\n"
fprintf(stderr, " -M maxsign Maximum number of signatures allowed (for XMSS)\n"); " ssh-add -T pubkey ...\n"
fprintf(stderr, " -t life Set lifetime (in seconds) when adding identities.\n"); );
fprintf(stderr, " -d Delete identity.\n");
fprintf(stderr, " -D Delete all identities.\n");
fprintf(stderr, " -x Lock agent.\n");
fprintf(stderr, " -X Unlock agent.\n");
fprintf(stderr, " -s pkcs11 Add keys from PKCS#11 provider.\n");
fprintf(stderr, " -e pkcs11 Remove keys provided by PKCS#11 provider.\n");
fprintf(stderr, " -T pubkey Test if ssh-agent can access matching private key.\n");
fprintf(stderr, " -S provider Specify security key provider.\n");
fprintf(stderr, " -q Be quiet after a successful operation.\n");
fprintf(stderr, " -v Be more verbose.\n");
} }
int int
@ -665,7 +655,7 @@ main(int argc, char **argv)
skprovider = getenv("SSH_SK_PROVIDER"); skprovider = getenv("SSH_SK_PROVIDER");
while ((ch = getopt(argc, argv, "vklLcdDTxXE:e:M:m:Oqs:S:t:")) != -1) { while ((ch = getopt(argc, argv, "vkKlLcdDTxXE:e:M:m:qs:S:t:")) != -1) {
switch (ch) { switch (ch) {
case 'v': case 'v':
if (log_level == SYSLOG_LEVEL_INFO) if (log_level == SYSLOG_LEVEL_INFO)
@ -681,15 +671,15 @@ main(int argc, char **argv)
case 'k': case 'k':
key_only = 1; key_only = 1;
break; break;
case 'K':
do_download = 1;
break;
case 'l': case 'l':
case 'L': case 'L':
if (lflag != 0) if (lflag != 0)
fatal("-%c flag already specified", lflag); fatal("-%c flag already specified", lflag);
lflag = ch; lflag = ch;
break; break;
case 'O':
do_download = 1;
break;
case 'x': case 'x':
case 'X': case 'X':
if (xflag != 0) if (xflag != 0)