[Bug 3028] New: Discrepancy with URL man pages.
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Tue Jul 2 04:56:58 AEST 2019
https://bugzilla.mindrot.org/show_bug.cgi?id=3028
Bug ID: 3028
Summary: Discrepancy with URL man pages.
Product: Portable OpenSSH
Version: 7.4p1
Hardware: ix86
OS: Linux
Status: NEW
Severity: trivial
Priority: P5
Component: ssh-keygen
Assignee: unassigned-bugs at mindrot.org
Reporter: donald.p.richards1 at aexp.com
For the man pages under the URL, https://man.openbsd.org/ssh-keygen,
the option -U states:
-U When used in combination with -s, this option indicates that a CA
key resides in a ssh-agent(1). See the CERTIFICATES section for more
information.
Under the CERTIFICATES section,
https://man.openbsd.org/ssh-keygen#CERTIFICATES, it states:
Similarly, it is possible for the CA key to be hosted in a
ssh-agent(1). This is indicated by the -U flag and, again, the CA key
must be identified by its public half.
$ ssh-keygen -Us ca_key.pub -I key_id user_key.pub
In all cases, key_id is a "key identifier" that is logged by the server
when the certificate is used for authentication.
I have a use case in which having a Certificates Authority's private
key loaded in the ssh-agent would be very beneficial (i.e. not having
the private key unsecured), and then using it to sign ssh host
certificates using
"ssh-keygen -Us ca_key.pub -h -I key_id host_key.pub"
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list