[openssh-commits] [openssh] 01/01: upstream: Document ssh-keygen -Z, sanity check its argument earlier and
git+noreply at mindrot.org
git+noreply at mindrot.org
Fri Nov 27 21:37:35 AEDT 2020
This is an automated email from the git hooks/post-receive script.
dtucker pushed a commit to branch master
in repository openssh.
commit 57bf03f0217554afb8980f6697a7a0b88658d0a9
Author: dtucker at openbsd.org <dtucker at openbsd.org>
Date: Fri Nov 27 10:12:30 2020 +0000
upstream: Document ssh-keygen -Z, sanity check its argument earlier and
provide a better error message if it's not correct. Prompted by bz#2879, ok
djm@ jmc@
OpenBSD-Commit-ID: 484178a173e92230fb1803fb4f206d61f7b58005
---
ssh-keygen.1 | 13 +++++++++++--
ssh-keygen.c | 9 ++++++---
2 files changed, 17 insertions(+), 5 deletions(-)
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index e09d6475..43c8aa2f 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-keygen.1,v 1.211 2020/11/17 11:23:58 dtucker Exp $
+.\" $OpenBSD: ssh-keygen.1,v 1.212 2020/11/27 10:12:30 dtucker Exp $
.\"
.\" Author: Tatu Ylonen <ylo at cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: November 17 2020 $
+.Dd $Mdocdate: November 27 2020 $
.Dt SSH-KEYGEN 1
.Os
.Sh NAME
@@ -53,6 +53,7 @@
.Op Fl O Ar option
.Op Fl t Cm dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa
.Op Fl w Ar provider
+.Op Fl Z Ar cipher
.Nm ssh-keygen
.Fl p
.Op Fl a Ar rounds
@@ -60,6 +61,7 @@
.Op Fl m Ar format
.Op Fl N Ar new_passphrase
.Op Fl P Ar old_passphrase
+.Op Fl Z Ar cipher
.Nm ssh-keygen
.Fl i
.Op Fl f Ar input_keyfile
@@ -740,6 +742,13 @@ returning a zero exit status.
.It Fl y
This option will read a private
OpenSSH format file and print an OpenSSH public key to stdout.
+.It Fl Z Ar cipher
+Specifies the cipher to use for encryption when writing an OpenSSH-format
+private key file.
+The list of available ciphers may be obtained using
+.Qq ssh -Q cipher .
+The default is
+.Dq aes256-ctr .
.It Fl z Ar serial_number
Specifies a serial number to be embedded in the certificate to distinguish
this certificate from others from the same CA.
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 9ce7befa..fd11ffad 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.424 2020/11/08 22:37:24 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.425 2020/11/27 10:12:30 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo at cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -3067,9 +3067,9 @@ usage(void)
"usage: ssh-keygen [-q] [-a rounds] [-b bits] [-C comment] [-f output_keyfile]\n"
" [-m format] [-N new_passphrase] [-O option]\n"
" [-t dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa]\n"
- " [-w provider]\n"
+ " [-w provider] [-Z cipher]\n"
" ssh-keygen -p [-a rounds] [-f keyfile] [-m format] [-N new_passphrase]\n"
- " [-P old_passphrase]\n"
+ " [-P old_passphrase] [-Z cipher]\n"
" ssh-keygen -i [-f input_keyfile] [-m key_format]\n"
" ssh-keygen -e [-f input_keyfile] [-m key_format]\n"
" ssh-keygen -y [-f input_keyfile]\n"
@@ -3258,6 +3258,9 @@ main(int argc, char **argv)
break;
case 'Z':
openssh_format_cipher = optarg;
+ if (cipher_by_name(openssh_format_cipher) == NULL)
+ fatal("Invalid OpenSSH-format cipher '%s'",
+ openssh_format_cipher);
break;
case 'C':
identity_comment = optarg;
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list