[PATCH] Documentation for -Z cypher option to ssh-keygen
Loïc
loic at venez.fr
Sun Apr 26 07:30:20 AEST 2020
Hi All,
Reading code learns a lot. I discovered the -Z option of ssh-keygen
which exists since 2013.
Here is a patch to document this option in ssh-keygen.1 man page. It
also document the -a option in the places where it is useful.
Tell me if this is helpful or not.
---
ssh-keygen.1 | 22 +++++++++++++++++++++-
1 file changed, 21 insertions(+), 1 deletion(-)
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 059c1b0341e8..018b2f205012 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -47,17 +47,21 @@
.Op Fl b Ar bits
.Op Fl C Ar comment
.Op Fl f Ar output_keyfile
-.Op Fl m Ar format
+.Op Fl m Ar key_format
.Op Fl t Cm dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa
.Op Fl N Ar new_passphrase
.Op Fl O Ar option
.Op Fl w Ar provider
+.Op Fl a Ar rounds
+.Op Fl Z Ar cipher_name
.Nm ssh-keygen
.Fl p
.Op Fl f Ar keyfile
.Op Fl m Ar format
.Op Fl N Ar new_passphrase
.Op Fl P Ar old_passphrase
+.Op Fl a Ar rounds
+.Op Fl Z Ar cipher_name
.Nm ssh-keygen
.Fl i
.Op Fl f Ar input_keyfile
@@ -74,6 +78,8 @@
.Op Fl C Ar comment
.Op Fl f Ar keyfile
.Op Fl P Ar passphrase
+.Op Fl a Ar rounds
+.Op Fl Z Ar cipher_name
.Nm ssh-keygen
.Fl l
.Op Fl v
@@ -735,6 +741,20 @@ The default serial number is zero.
When generating a KRL, the
.Fl z
flag is used to specify a KRL version number.
+.It Fl Z Ar cipher_name
+When saving a private key, this option specfies the cipher to use to
encrypt
+the private key part of the file.
+See the
+.Cm Ciphers
+keyword in
+.Xr ssh_config 5
+for more information.
+.Pp
+The list of available ciphers may also be obtained using
+.Qq ssh -Q cipher .
+.Pp
+The default value is
+.Qq aes256-ctr .
.El
.Sh MODULI GENERATION
.Nm
--
2.17.1
More information about the openssh-unix-dev
mailing list