[openssh-commits] [openssh] 04/10: upstream: Document loading of resident keys from a FIDO

Tue Jan 21 18:09:42 AEDT 2020

This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit e8c06c4ee708720efec12cd1a6f78a3c6d76b7f0
Author: naddy at openbsd.org <naddy at openbsd.org>
Date:   Fri Jan 17 20:13:47 2020 +0000

    upstream: Document loading of resident keys from a FIDO
    
    authenticator.
    
    * Rename -O to -K to keep "-O option" available.
    * Document -K.
    * Trim usage() message down to synopsis, like all other commands.
    
    ok markus@
    
    OpenBSD-Commit-ID: 015c2c4b28f8e19107adc80351b44b23bca4c78a
---
 ssh-add.1 |  8 +++++---
 ssh-add.c | 40 +++++++++++++++-------------------------
 2 files changed, 20 insertions(+), 28 deletions(-)

diff --git a/ssh-add.1 b/ssh-add.1
index 45af7357..7c592d8d 100644
--- a/ssh-add.1
+++ b/ssh-add.1
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ssh-add.1,v 1.77 2019/12/21 20:22:34 naddy Exp $
+.\"	$OpenBSD: ssh-add.1,v 1.78 2020/01/17 20:13:47 naddy Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo at cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 21 2019 $
+.Dd $Mdocdate: January 17 2020 $
 .Dt SSH-ADD 1
 .Os
 .Sh NAME
@@ -43,7 +43,7 @@
 .Nd adds private key identities to the OpenSSH authentication agent
 .Sh SYNOPSIS
 .Nm ssh-add
-.Op Fl cDdkLlqvXx
+.Op Fl cDdKkLlqvXx
 .Op Fl E Ar fingerprint_hash
 .Op Fl S Ar provider
 .Op Fl t Ar life
@@ -124,6 +124,8 @@ The default is
 .It Fl e Ar pkcs11
 Remove keys provided by the PKCS#11 shared library
 .Ar pkcs11 .
+.It Fl K
+Load resident keys from a FIDO authenticator.
 .It Fl k
 When loading keys into or deleting keys from the agent, process plain private
 keys only and skip certificates.
diff --git a/ssh-add.c b/ssh-add.c
index fbb2578d..980caa46 100644
--- a/ssh-add.c
+++ b/ssh-add.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-add.c,v 1.149 2020/01/06 02:00:46 djm Exp $ */
+/* $OpenBSD: ssh-add.c,v 1.150 2020/01/17 20:13:47 naddy Exp $ */
 /*
  * Author: Tatu Ylonen <ylo at cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -606,26 +606,16 @@ do_file(int agent_fd, int deleting, int key_only, char *file, int qflag,
 static void
 usage(void)
 {
-	fprintf(stderr, "usage: %s [options] [file ...]\n", __progname);
-	fprintf(stderr, "Options:\n");
-	fprintf(stderr, "  -l          List fingerprints of all identities.\n");
-	fprintf(stderr, "  -E hash     Specify hash algorithm used for fingerprints.\n");
-	fprintf(stderr, "  -L          List public key parameters of all identities.\n");
-	fprintf(stderr, "  -k          Load only keys and not certificates.\n");
-	fprintf(stderr, "  -c          Require confirmation to sign using identities\n");
-	fprintf(stderr, "  -m minleft  Maxsign is only changed if less than minleft are left (for XMSS)\n");
-	fprintf(stderr, "  -M maxsign  Maximum number of signatures allowed (for XMSS)\n");
-	fprintf(stderr, "  -t life     Set lifetime (in seconds) when adding identities.\n");
-	fprintf(stderr, "  -d          Delete identity.\n");
-	fprintf(stderr, "  -D          Delete all identities.\n");
-	fprintf(stderr, "  -x          Lock agent.\n");
-	fprintf(stderr, "  -X          Unlock agent.\n");
-	fprintf(stderr, "  -s pkcs11   Add keys from PKCS#11 provider.\n");
-	fprintf(stderr, "  -e pkcs11   Remove keys provided by PKCS#11 provider.\n");
-	fprintf(stderr, "  -T pubkey   Test if ssh-agent can access matching private key.\n");
-	fprintf(stderr, "  -S provider Specify security key provider.\n");
-	fprintf(stderr, "  -q          Be quiet after a successful operation.\n");
-	fprintf(stderr, "  -v          Be more verbose.\n");
+	fprintf(stderr,
+"usage: ssh-add [-cDdKkLlqvXx] [-E fingerprint_hash] [-S provider] [-t life]\n"
+#ifdef WITH_XMSS
+"               [-M maxsign] [-m minleft]\n"
+#endif
+"               [file ...]\n"
+"       ssh-add -s pkcs11\n"
+"       ssh-add -e pkcs11\n"
+"       ssh-add -T pubkey ...\n"
+	);
 }
 
 int
@@ -665,7 +655,7 @@ main(int argc, char **argv)
 
 	skprovider = getenv("SSH_SK_PROVIDER");
 
-	while ((ch = getopt(argc, argv, "vklLcdDTxXE:e:M:m:Oqs:S:t:")) != -1) {
+	while ((ch = getopt(argc, argv, "vkKlLcdDTxXE:e:M:m:qs:S:t:")) != -1) {
 		switch (ch) {
 		case 'v':
 			if (log_level == SYSLOG_LEVEL_INFO)
@@ -681,15 +671,15 @@ main(int argc, char **argv)
 		case 'k':
 			key_only = 1;
 			break;
+		case 'K':
+			do_download = 1;
+			break;
 		case 'l':
 		case 'L':
 			if (lflag != 0)
 				fatal("-%c flag already specified", lflag);
 			lflag = ch;
 			break;
-		case 'O':
-			do_download = 1;
-			break;
 		case 'x':
 		case 'X':
 			if (xflag != 0)

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
