[PATCH] Documentation for -Z cypher option to ssh-keygen

[Loïc]

Hi All,

Reading code learns a lot. I discovered the -Z option of ssh-keygen
which exists since 2013.

Here is a patch to document this option in ssh-keygen.1 man page. It
also document the -a option in the places where it is useful.

Tell me if this is helpful or not.

---
 ssh-keygen.1 | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 059c1b0341e8..018b2f205012 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -47,17 +47,21 @@
 .Op Fl b Ar bits
 .Op Fl C Ar comment
 .Op Fl f Ar output_keyfile
-.Op Fl m Ar format
+.Op Fl m Ar key_format
 .Op Fl t Cm dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa
 .Op Fl N Ar new_passphrase
 .Op Fl O Ar option
 .Op Fl w Ar provider
+.Op Fl a Ar rounds
+.Op Fl Z Ar cipher_name
 .Nm ssh-keygen
 .Fl p
 .Op Fl f Ar keyfile
 .Op Fl m Ar format
 .Op Fl N Ar new_passphrase
 .Op Fl P Ar old_passphrase
+.Op Fl a Ar rounds
+.Op Fl Z Ar cipher_name
 .Nm ssh-keygen
 .Fl i
 .Op Fl f Ar input_keyfile
@@ -74,6 +78,8 @@
 .Op Fl C Ar comment
 .Op Fl f Ar keyfile
 .Op Fl P Ar passphrase
+.Op Fl a Ar rounds
+.Op Fl Z Ar cipher_name
 .Nm ssh-keygen
 .Fl l
 .Op Fl v
@@ -735,6 +741,20 @@ The default serial number is zero.
 When generating a KRL, the
 .Fl z
 flag is used to specify a KRL version number.
+.It Fl Z Ar cipher_name
+When saving a private key, this option specfies the cipher to use to
encrypt
+the private key part of the file.
+See the
+.Cm Ciphers
+keyword in
+.Xr ssh_config 5
+for more information.
+.Pp
+The list of available ciphers may also be obtained using
+.Qq ssh -Q cipher .
+.Pp
+The default value is
+.Qq aes256-ctr .
 .El
 .Sh MODULI GENERATION
 .Nm
-- 
2.17.1