[openssh-commits] [openssh] 04/10: upstream: Document loading of resident keys from a FIDO
git+noreply at mindrot.org
git+noreply at mindrot.org
Tue Jan 21 18:09:42 AEDT 2020
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit e8c06c4ee708720efec12cd1a6f78a3c6d76b7f0
Author: naddy at openbsd.org <naddy at openbsd.org>
Date: Fri Jan 17 20:13:47 2020 +0000
upstream: Document loading of resident keys from a FIDO
authenticator.
* Rename -O to -K to keep "-O option" available.
* Document -K.
* Trim usage() message down to synopsis, like all other commands.
ok markus@
OpenBSD-Commit-ID: 015c2c4b28f8e19107adc80351b44b23bca4c78a
---
ssh-add.1 | 8 +++++---
ssh-add.c | 40 +++++++++++++++-------------------------
2 files changed, 20 insertions(+), 28 deletions(-)
diff --git a/ssh-add.1 b/ssh-add.1
index 45af7357..7c592d8d 100644
--- a/ssh-add.1
+++ b/ssh-add.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-add.1,v 1.77 2019/12/21 20:22:34 naddy Exp $
+.\" $OpenBSD: ssh-add.1,v 1.78 2020/01/17 20:13:47 naddy Exp $
.\"
.\" Author: Tatu Ylonen <ylo at cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: December 21 2019 $
+.Dd $Mdocdate: January 17 2020 $
.Dt SSH-ADD 1
.Os
.Sh NAME
@@ -43,7 +43,7 @@
.Nd adds private key identities to the OpenSSH authentication agent
.Sh SYNOPSIS
.Nm ssh-add
-.Op Fl cDdkLlqvXx
+.Op Fl cDdKkLlqvXx
.Op Fl E Ar fingerprint_hash
.Op Fl S Ar provider
.Op Fl t Ar life
@@ -124,6 +124,8 @@ The default is
.It Fl e Ar pkcs11
Remove keys provided by the PKCS#11 shared library
.Ar pkcs11 .
+.It Fl K
+Load resident keys from a FIDO authenticator.
.It Fl k
When loading keys into or deleting keys from the agent, process plain private
keys only and skip certificates.
diff --git a/ssh-add.c b/ssh-add.c
index fbb2578d..980caa46 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-add.c,v 1.149 2020/01/06 02:00:46 djm Exp $ */
+/* $OpenBSD: ssh-add.c,v 1.150 2020/01/17 20:13:47 naddy Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -606,26 +606,16 @@ do_file(int agent_fd, int deleting, int key_only, char *file, int qflag,
static void
usage(void)
{
- fprintf(stderr, "usage: %s [options] [file ...]\n", __progname);
- fprintf(stderr, "Options:\n");
- fprintf(stderr, " -l List fingerprints of all identities.\n");
- fprintf(stderr, " -E hash Specify hash algorithm used for fingerprints.\n");
- fprintf(stderr, " -L List public key parameters of all identities.\n");
- fprintf(stderr, " -k Load only keys and not certificates.\n");
- fprintf(stderr, " -c Require confirmation to sign using identities\n");
- fprintf(stderr, " -m minleft Maxsign is only changed if less than minleft are left (for XMSS)\n");
- fprintf(stderr, " -M maxsign Maximum number of signatures allowed (for XMSS)\n");
- fprintf(stderr, " -t life Set lifetime (in seconds) when adding identities.\n");
- fprintf(stderr, " -d Delete identity.\n");
- fprintf(stderr, " -D Delete all identities.\n");
- fprintf(stderr, " -x Lock agent.\n");
- fprintf(stderr, " -X Unlock agent.\n");
- fprintf(stderr, " -s pkcs11 Add keys from PKCS#11 provider.\n");
- fprintf(stderr, " -e pkcs11 Remove keys provided by PKCS#11 provider.\n");
- fprintf(stderr, " -T pubkey Test if ssh-agent can access matching private key.\n");
- fprintf(stderr, " -S provider Specify security key provider.\n");
- fprintf(stderr, " -q Be quiet after a successful operation.\n");
- fprintf(stderr, " -v Be more verbose.\n");
+ fprintf(stderr,
+"usage: ssh-add [-cDdKkLlqvXx] [-E fingerprint_hash] [-S provider] [-t life]\n"
+#ifdef WITH_XMSS
+" [-M maxsign] [-m minleft]\n"
+#endif
+" [file ...]\n"
+" ssh-add -s pkcs11\n"
+" ssh-add -e pkcs11\n"
+" ssh-add -T pubkey ...\n"
+ );
}
int
@@ -665,7 +655,7 @@ main(int argc, char **argv)
skprovider = getenv("SSH_SK_PROVIDER");
- while ((ch = getopt(argc, argv, "vklLcdDTxXE:e:M:m:Oqs:S:t:")) != -1) {
+ while ((ch = getopt(argc, argv, "vkKlLcdDTxXE:e:M:m:qs:S:t:")) != -1) {
switch (ch) {
case 'v':
if (log_level == SYSLOG_LEVEL_INFO)
@@ -681,15 +671,15 @@ main(int argc, char **argv)
case 'k':
key_only = 1;
break;
+ case 'K':
+ do_download = 1;
+ break;
case 'l':
case 'L':
if (lflag != 0)
fatal("-%c flag already specified", lflag);
lflag = ch;
break;
- case 'O':
- do_download = 1;
- break;
case 'x':
case 'X':
if (xflag != 0)
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list