tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- deraadt@cvs.openbsd.org 2014/03/15 17:28:26 

[ssh-agent.c ssh-keygen.1 ssh-keygen.c]
     Improve usage() and documentation towards the standard form.
     In particular, this line saves a lot of man page reading time.
       usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1]
                         [-N new_passphrase] [-C comment] [-f output_keyfile]
     ok schwarze jmc
This commit is contained in:
Damien Miller 2014-04-20 13:01:30 +10:00
parent 94bfe0fbd6
commit f0858de6e1
4 changed files with 44 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
ChangeLog
View File

@ -18,6 +18,13 @@
- naddy@cvs.openbsd.org 2014/03/12 13:06:59 - naddy@cvs.openbsd.org 2014/03/12 13:06:59
[ssh-keyscan.1] [ssh-keyscan.1]
scan for Ed25519 keys by default too scan for Ed25519 keys by default too
- deraadt@cvs.openbsd.org 2014/03/15 17:28:26
[ssh-agent.c ssh-keygen.1 ssh-keygen.c]
Improve usage() and documentation towards the standard form.
In particular, this line saves a lot of man page reading time.
usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1]
[-N new_passphrase] [-C comment] [-f output_keyfile]
ok schwarze jmc
20140401 20140401
- (djm) On platforms that support it, use prctl() to prevent sftp-server - (djm) On platforms that support it, use prctl() to prevent sftp-server

15
ssh-agent.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-agent.c,v 1.183 2014/02/02 03:44:31 djm Exp $ */ /* $OpenBSD: ssh-agent.c,v 1.184 2014/03/15 17:28:26 deraadt Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -1001,15 +1001,10 @@ check_parent_exists(void)
static void static void
usage(void) usage(void)
{ {
fprintf(stderr, "usage: %s [options] [command [arg ...]]\n", fprintf(stderr,
__progname); "usage: ssh-agent [-c | -s] [-d] [-a bind_address] [-t life]\n"
fprintf(stderr, "Options:\n"); " [command [arg ...]]\n"
fprintf(stderr, " -c Generate C-shell commands on stdout.\n"); " ssh-agent [-c | -s] -k\n");
fprintf(stderr, " -s Generate Bourne shell commands on stdout.\n");
fprintf(stderr, " -k Kill the current agent.\n");
fprintf(stderr, " -d Debug mode.\n");
fprintf(stderr, " -a socket Bind agent socket to given name.\n");
fprintf(stderr, " -t life Default identity lifetime (seconds).\n");
exit(1); exit(1);
} }

8
ssh-keygen.1
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-keygen.1,v 1.120 2014/02/05 20:13:25 naddy Exp $ .\" $OpenBSD: ssh-keygen.1,v 1.121 2014/03/15 17:28:26 deraadt Exp $
.\" .\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi> .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -35,7 +35,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.Dd $Mdocdate: February 5 2014 $ .Dd $Mdocdate: March 15 2014 $
.Dt SSH-KEYGEN 1 .Dt SSH-KEYGEN 1
.Os .Os
.Sh NAME .Sh NAME
@ -46,7 +46,7 @@
.Nm ssh-keygen .Nm ssh-keygen
.Op Fl q .Op Fl q
.Op Fl b Ar bits .Op Fl b Ar bits
.Op Fl t Ar type .Op Fl t Cm dsa | ecdsa | ed25519 | rsa | rsa1
.Op Fl N Ar new_passphrase .Op Fl N Ar new_passphrase
.Op Fl C Ar comment .Op Fl C Ar comment
.Op Fl f Ar output_keyfile .Op Fl f Ar output_keyfile
@ -514,7 +514,7 @@ section for details.
Test DH group exchange candidate primes (generated using the Test DH group exchange candidate primes (generated using the
.Fl G .Fl G
option) for safety. option) for safety.
.It Fl t Ar type .It Fl t Cm dsa | ecdsa | ed25519 | rsa | rsa1
Specifies the type of key to create. Specifies the type of key to create.
The possible values are The possible values are
.Dq rsa1 .Dq rsa1

77
ssh-keygen.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-keygen.c,v 1.242 2014/03/12 04:50:32 djm Exp $ */ /* $OpenBSD: ssh-keygen.c,v 1.243 2014/03/15 17:28:26 deraadt Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -2149,56 +2149,35 @@ do_check_krl(struct passwd *pw, int argc, char **argv)
static void static void
usage(void) usage(void)
{ {
fprintf(stderr, "usage: %s [options]\n", __progname); fprintf(stderr,
fprintf(stderr, "Options:\n"); "usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1]\n"
fprintf(stderr, " -A Generate non-existent host keys for all key types.\n"); " [-N new_passphrase] [-C comment] [-f output_keyfile]\n"
fprintf(stderr, " -a number Number of KDF rounds for new key format or moduli primality tests.\n"); " ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]\n"
fprintf(stderr, " -B Show bubblebabble digest of key file.\n"); " ssh-keygen -i [-m key_format] [-f input_keyfile]\n"
fprintf(stderr, " -b bits Number of bits in the key to create.\n"); " ssh-keygen -e [-m key_format] [-f input_keyfile]\n"
fprintf(stderr, " -C comment Provide new comment.\n"); " ssh-keygen -y [-f input_keyfile]\n"
fprintf(stderr, " -c Change comment in private and public key files.\n"); " ssh-keygen -c [-P passphrase] [-C comment] [-f keyfile]\n"
" ssh-keygen -l [-f input_keyfile]\n"
" ssh-keygen -B [-f input_keyfile]\n");
#ifdef ENABLE_PKCS11 #ifdef ENABLE_PKCS11
fprintf(stderr, " -D pkcs11 Download public key from pkcs11 token.\n"); fprintf(stderr,
" ssh-keygen -D pkcs11\n");
#endif #endif
fprintf(stderr, " -e Export OpenSSH to foreign format key file.\n"); fprintf(stderr,
fprintf(stderr, " -F hostname Find hostname in known hosts file.\n"); " ssh-keygen -F hostname [-f known_hosts_file] [-l]\n"
fprintf(stderr, " -f filename Filename of the key file.\n"); " ssh-keygen -H [-f known_hosts_file]\n"
fprintf(stderr, " -G file Generate candidates for DH-GEX moduli.\n"); " ssh-keygen -R hostname [-f known_hosts_file]\n"
fprintf(stderr, " -g Use generic DNS resource record format.\n"); " ssh-keygen -r hostname [-f input_keyfile] [-g]\n"
fprintf(stderr, " -H Hash names in known_hosts file.\n"); " ssh-keygen -G output_file [-v] [-b bits] [-M memory] [-S start_point]\n"
fprintf(stderr, " -h Generate host certificate instead of a user certificate.\n"); " ssh-keygen -T output_file -f input_file [-v] [-a rounds] [-J num_lines]\n"
fprintf(stderr, " -I key_id Key identifier to include in certificate.\n"); " [-j start_line] [-K checkpt] [-W generator]\n"
fprintf(stderr, " -i Import foreign format to OpenSSH key file.\n"); " ssh-keygen -s ca_key -I certificate_identity [-h] [-n principals]\n"
fprintf(stderr, " -J number Screen this number of moduli lines.\n"); " [-O option] [-V validity_interval] [-z serial_number] file ...\n"
fprintf(stderr, " -j number Start screening moduli at specified line.\n"); " ssh-keygen -L [-f input_keyfile]\n"
fprintf(stderr, " -K checkpt Write checkpoints to this file.\n"); " ssh-keygen -A\n"
fprintf(stderr, " -k Generate a KRL file.\n"); " ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z version_number]\n"
fprintf(stderr, " -L Print the contents of a certificate.\n"); " file ...\n"
fprintf(stderr, " -l Show fingerprint of key file.\n"); " ssh-keygen -Q -f krl_file file ...\n");
fprintf(stderr, " -M memory Amount of memory (MB) to use for generating DH-GEX moduli.\n");
fprintf(stderr, " -m key_fmt Conversion format for -e/-i (PEM|PKCS8|RFC4716).\n");
fprintf(stderr, " -N phrase Provide new passphrase.\n");
fprintf(stderr, " -n name,... User/host principal names to include in certificate\n");
fprintf(stderr, " -O option Specify a certificate option.\n");
fprintf(stderr, " -o Enforce new private key format.\n");
fprintf(stderr, " -P phrase Provide old passphrase.\n");
fprintf(stderr, " -p Change passphrase of private key file.\n");
fprintf(stderr, " -Q Test whether key(s) are revoked in KRL.\n");
fprintf(stderr, " -q Quiet.\n");
fprintf(stderr, " -R hostname Remove host from known_hosts file.\n");
fprintf(stderr, " -r hostname Print DNS resource record.\n");
fprintf(stderr, " -S start Start point (hex) for generating DH-GEX moduli.\n");
fprintf(stderr, " -s ca_key Certify keys with CA key.\n");
fprintf(stderr, " -T file Screen candidates for DH-GEX moduli.\n");
fprintf(stderr, " -t type Specify type of key to create.\n");
fprintf(stderr, " -u Update KRL rather than creating a new one.\n");
fprintf(stderr, " -V from:to Specify certificate validity interval.\n");
fprintf(stderr, " -v Verbose.\n");
fprintf(stderr, " -W gen Generator to use for generating DH-GEX moduli.\n");
fprintf(stderr, " -y Read private key file and print public key.\n");
fprintf(stderr, " -Z cipher Specify a cipher for new private key format.\n");
fprintf(stderr, " -z serial Specify a serial number.\n");
exit(1); exit(1);
} }