Commit Graph

148 Commits

Author SHA1 Message Date
djm@openbsd.org 63bba57a32 upstream: fix option letter pasto in previous
OpenBSD-Commit-ID: e26c8bf2f2a808f3c47960e1e490d2990167ec39
2018-12-27 14:30:17 +11:00
djm@openbsd.org 737e4edd82 upstream: mention that the ssh-keygen -F (find host in
authorized_keys) and -R (remove host from authorized_keys) options may accept
either a bare hostname or a [hostname]:port combo. bz#2935

OpenBSD-Commit-ID: 5535cf4ce78375968b0d2cd7aa316fa3eb176780
2018-12-27 14:30:17 +11:00
djm@openbsd.org f0fcd7e650 upstream: fix edit mistake; spotted by jmc@
OpenBSD-Commit-ID: dd724e1c52c9d6084f4cd260ec7e1b2b138261c6
2018-09-12 16:49:21 +10:00
djm@openbsd.org 9405c6214f upstream: allow key revocation by SHA256 hash and allow ssh-keygen
to create KRLs using SHA256/base64 key fingerprints; ok markus@

OpenBSD-Commit-ID: a0590fd34e7f1141f2873ab3acc57442560e6a94
2018-09-12 16:49:21 +10:00
djm@openbsd.org ed7bd5d93f upstream: Use new private key format by default. This format is
suported by OpenSSH >= 6.5 (released January 2014), so it should be supported
by most OpenSSH versions in active use.

It is possible to convert new-format private keys to the older
format using "ssh-keygen -f /path/key -pm PEM".

ok deraadt dtucker

OpenBSD-Commit-ID: e3bd4f2509a2103bfa2f710733426af3ad6d8ab8
2018-08-08 11:18:05 +10:00
djm@openbsd.org bf0fbf2b11 upstream: add valid-before="[time]" authorized_keys option. A
simple way of giving a key an expiry date. ok markus@

OpenBSD-Commit-ID: 1793b4dd5184fa87f42ed33c7b0f4f02bc877947
2018-03-14 18:55:32 +11:00
djm@openbsd.org 130283d5c2 upstream commit
certificate options are case-sensitive; fix case on one
that had it wrong.

move a badly-place sentence to a less bad place

OpenBSD-Commit-ID: 231e516bba860699a1eece6d48532d825f5f747b
2018-02-07 07:50:46 +11:00
djm@openbsd.org@openbsd.org d52131a983 upstream commit
allow certificate validity intervals that specify only a
start or stop time (we already support specifying both or neither)

OpenBSD-Commit-ID: 9be486545603c003030bdb5c467d1318b46b4e42
2017-11-03 16:20:41 +11:00
jmc@openbsd.org dc44dd3a9e upstream commit
slightly rework previous, to avoid an article issue;

Upstream-ID: 15a315f0460ddd3d4e2ade1f16d6c640a8c41b30
2017-07-21 14:17:33 +10:00
djm@openbsd.org 853edbe057 upstream commit
When generating all hostkeys (ssh-keygen -A), clobber
existing keys if they exist but are zero length. zero-length keys could
previously be made if ssh-keygen failed part way through generating them, so
avoid that case too. bz#2561 reported by Krzysztof Cieplucha; ok dtucker@

Upstream-ID: f662201c28ab8e1f086b5d43c59cddab5ade4044
2017-07-21 14:17:32 +10:00
djm@openbsd.org a98339edbc upstream commit
Allow ssh-keygen to use a key held in ssh-agent as a CA when
signing certificates. bz#2377 ok markus

Upstream-ID: fb42e920b592edcbb5b50465739a867c09329c8f
2017-06-28 11:13:19 +10:00
naddy@openbsd.org 2e9c324b3a upstream commit
remove superfluous protocol 2 mentions; ok jmc@

Upstream-ID: 0aaf7567c9f2e50fac5906b6a500a39c33c4664d
2017-05-08 09:18:27 +10:00
jmc@openbsd.org 2b6f799e9b upstream commit
more protocol 1 stuff to go; ok djm

Upstream-ID: 307a30441d2edda480fd1661d998d36665671e47
2017-05-08 09:18:05 +10:00
jmc@openbsd.org f10c0d32cd upstream commit
rsa1 is no longer valid;

Upstream-ID: 9953d09ed9841c44b7dcf7019fa874783a709d89
2017-05-08 09:18:05 +10:00
jmc@openbsd.org 8b60ce8d81 upstream commit
more -O shuffle; ok djm

Upstream-ID: c239991a3a025cdbb030b73e990188dd9bfbeceb
2017-05-08 09:18:04 +10:00
jmc@openbsd.org 6b84897f7f upstream commit
tidy up -O somewhat; ok djm

Upstream-ID: 804405f716bf7ef15c1f36ab48581ca16aeb4d52
2017-05-08 09:18:04 +10:00
djm@openbsd.org 873d3e7d9a upstream commit
remove KEY_RSA1

ok markus@

Upstream-ID: 7408517b077c892a86b581e19f82a163069bf133
2017-05-01 10:05:01 +10:00
jmc@openbsd.org d4084cd230 upstream commit
tweak previous;

Upstream-ID: a3abc6857455299aa42a046d232b7984568bceb9
2017-05-01 09:35:38 +10:00
djm@openbsd.org 249516e428 upstream commit
allow ssh-keygen to include arbitrary string or flag
certificate extensions and critical options. ok markus@ dtucker@

Upstream-ID: 2cf28dd6c5489eb9fc136e0b667ac3ea10241646
2017-05-01 09:35:38 +10:00
jmc@openbsd.org b6cf84b51b upstream commit
keys stored in openssh format can have comments too; diff
from yonas yanfa, tweaked a bit;

ok djm

Upstream-ID: 03d48536da6e51510d73ade6fcd44ace731ceb27
2016-06-24 13:35:28 +10:00
jmc@openbsd.org 9283884e64 upstream commit
correct article;

Upstream-ID: 1fbd5b7ab16d2d9834ec79c3cedd4738fa42a168
2016-05-05 00:01:49 +10:00
djm@openbsd.org cdcd941994 upstream commit
make nethack^wrandomart fingerprint flag more readily
 searchable pointed out by Matt Johnston

Upstream-ID: cb40d0235dc153c478c1aad3bc60b195422a54fb
2016-05-04 01:58:46 +10:00
jmc@openbsd.org a685ae8d1c upstream commit
since these pages now clearly tell folks to avoid v1,
 normalise the docs from a v2 perspective (i.e. stop pointing out which bits
 are v2 only);

ok/tweaks djm ok markus

Upstream-ID: eb474f8c36fb6a532dc05c282f7965e38dcfa129
2016-02-18 09:24:40 +11:00
djm@openbsd.org 94bc0b72c2 upstream commit
support multiple certificates (one per line) and
 reading from standard input (using "-f -") for "ssh-keygen -L"; ok dtucker@

Upstream-ID: ecbadeeef3926e5be6281689b7250a32a80e88db
2015-11-16 11:31:36 +11:00
jmc@openbsd.org 8b29008bbe upstream commit
"commandline" -> "command line", since there are so few
 examples of the former in the pages, so many of the latter, and in some of
 these pages we had multiple spellings;

prompted by tj

Upstream-ID: 78459d59bff74223f8139d9001ccd56fc4310659
2015-11-09 14:25:35 +11:00
naddy@openbsd.org 05291e5288 upstream commit
In the certificates section, be consistent about using
 "host_key" and "user_key" for the respective key types.  ok sthen@ deraadt@

Upstream-ID: 9e037ea3b15577b238604c5533e082a3947f13cb
2015-08-21 13:43:24 +10:00
djm@openbsd.org 933935ce8d upstream commit
refuse to generate or accept RSA keys smaller than 1024
 bits; feedback and ok dtucker@

Upstream-ID: 7ea3d31271366ba264f06e34a3539bf1ac30f0ba
2015-07-15 15:36:02 +10:00
naddy@openbsd.org 6288e3a935 upstream commit
add -v (show ASCII art) to -l's synopsis; ok djm@
2015-02-26 04:32:08 +11:00
djm@openbsd.org 56d1c83cdd upstream commit
Add FingerprintHash option to control algorithm used for
 key fingerprints. Default changes from MD5 to SHA256 and format from hex to
 base64.

Feedback and ok naddy@ markus@
2014-12-22 09:32:29 +11:00
sobrado@openbsd.org f70b22bcdd upstream commit
improve capitalization for the Ed25519 public-key
 signature system.

ok djm@
2014-10-13 11:37:32 +11:00
Damien Miller 43b156cf72 - jmc@cvs.openbsd.org 2014/03/31 13:39:34
[ssh-keygen.1]
     the text for the -K option was inserted in the wrong place in -r1.108;
     fix From: Matthew Clarke
2014-04-20 13:23:03 +10:00
Damien Miller f0858de6e1 - deraadt@cvs.openbsd.org 2014/03/15 17:28:26
[ssh-agent.c ssh-keygen.1 ssh-keygen.c]
     Improve usage() and documentation towards the standard form.
     In particular, this line saves a lot of man page reading time.
       usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1]
                         [-N new_passphrase] [-C comment] [-f output_keyfile]
     ok schwarze jmc
2014-04-20 13:01:30 +10:00
Damien Miller 6ce35b6cc4 - naddy@cvs.openbsd.org 2014/02/05 20:13:25
[ssh-keygen.1 ssh-keygen.c]
     tweak synopsis: calling ssh-keygen without any arguments is fine; ok jmc@
     while here, fix ordering in usage(); requested by jmc@
2014-02-07 09:24:14 +11:00
Damien Miller 137977180b - tedu@cvs.openbsd.org 2013/12/21 07:10:47
[ssh-keygen.1]
     small typo
2013-12-29 17:47:14 +11:00
Damien Miller 8ba0ead698 - naddy@cvs.openbsd.org 2013/12/07 11:58:46
[ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8 ssh.1]
     [ssh_config.5 sshd.8 sshd_config.5]
     add missing mentions of ed25519; ok djm@
2013-12-18 17:46:27 +11:00
Damien Miller 4f752cf71c - djm@cvs.openbsd.org 2013/12/07 08:08:26
[ssh-keygen.1]
     document -a and -o wrt new key format
2013-12-18 17:45:35 +11:00
Damien Miller fecfd118d6 - jmc@cvs.openbsd.org 2013/06/27 14:05:37
[ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5]
     do not use Sx for sections outwith the man page - ingo informs me that
     stuff like html will render with broken links;

     issue reported by Eric S. Raymond, via djm
2013-07-18 16:11:50 +10:00
Damien Miller a0a7ee8bf4 - jmc@cvs.openbsd.org 2013/01/19 07:13:25
[ssh-keygen.1]
     fix some formatting; ok djm
2013-01-20 22:35:06 +11:00
Damien Miller 881a7a2c5d - jmc@cvs.openbsd.org 2013/01/18 21:48:43
[ssh-keygen.1]
     command-line (adj.) -> command line (n.);
2013-01-20 22:34:46 +11:00
Damien Miller 072fdcd198 - jmc@cvs.openbsd.org 2013/01/18 08:39:04
[ssh-keygen.1]
     add -Q to the options list; ok djm
2013-01-20 22:34:04 +11:00
Damien Miller ac5542b6b8 - jmc@cvs.openbsd.org 2013/01/18 07:57:47
[ssh-keygen.1]
     tweak previous;
2013-01-20 22:33:02 +11:00
Damien Miller f3747bf401 - djm@cvs.openbsd.org 2013/01/17 23:00:01
[auth.c key.c key.h ssh-keygen.1 ssh-keygen.c sshd_config.5]
     [krl.c krl.h PROTOCOL.krl]
     add support for Key Revocation Lists (KRLs). These are a compact way to
     represent lists of revoked keys and certificates, taking as little as
     a single bit of incremental cost to revoke a certificate by serial number.
     KRLs are loaded via the existing RevokedKeys sshd_config option.
     feedback and ok markus@
2013-01-18 11:44:04 +11:00
Darren Tucker 3ee50c5d9f - jmc@cvs.openbsd.org 2012/08/15 18:25:50
[ssh-keygen.1]
     a little more info on certificate validity;
     requested by Ross L Richardson, and provided by djm
2012-09-06 21:18:11 +10:00
Damien Miller dfceafe8b1 - dtucker@cvs.openbsd.org 2012/07/06 00:41:59
[moduli.c ssh-keygen.1 ssh-keygen.c]
     Add options to specify starting line number and number of lines to process
     when screening moduli candidates.  This allows processing of different
     parts of a candidate moduli file in parallel.  man page help jmc@, ok djm@
2012-07-06 13:44:19 +10:00
Damien Miller 390d0561fc - dtucker@cvs.openbsd.org 2011/10/16 11:02:46
[moduli.c ssh-keygen.1 ssh-keygen.c]
     Add optional checkpoints for moduli screening.  feedback & ok deraadt
2011-10-18 16:05:19 +11:00
Damien Miller 6232a16a9a - deraadt@cvs.openbsd.org 2011/09/07 02:18:31
[ssh-keygen.1]
     typo (they vs the) found by Lawrence Teo
2011-09-22 21:36:00 +10:00
Damien Miller ad21032e65 - djm@cvs.openbsd.org 2011/04/13 04:09:37
[ssh-keygen.1]
     mention valid -b sizes for ECDSA keys; bz#1862
2011-05-05 14:15:54 +10:00
Damien Miller 085c90fa20 - djm@cvs.openbsd.org 2011/04/13 04:02:48
[ssh-keygen.1]
     improve wording; bz#1861
2011-05-05 14:15:33 +10:00
Damien Miller 3ca1eb373f - jmc@cvs.openbsd.org 2011/03/24 15:29:30
[ssh-keygen.1]
     zap trailing whitespace;
2011-05-05 14:13:50 +10:00
Damien Miller 4a4d161545 - stevesk@cvs.openbsd.org 2011/03/23 16:24:56
[ssh-keygen.1]
     -q not used in /etc/rc now so remove statement.
2011-05-05 14:06:39 +10:00