diff options
| author | naddy@openbsd.org <naddy@openbsd.org> | 2020-01-17 21:13:47 +0100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2020-01-21 08:09:09 +0100 |
| commit | e8c06c4ee708720efec12cd1a6f78a3c6d76b7f0 (patch) | |
| tree | 971f5c99a3b85087c631db07dff2a66728d77129 | |
| parent | upstream: sync ssh-keygen.1 and ssh-keygen's usage() with each (diff) | |
| download | openssh-e8c06c4ee708720efec12cd1a6f78a3c6d76b7f0.tar.xz openssh-e8c06c4ee708720efec12cd1a6f78a3c6d76b7f0.zip | |
upstream: Document loading of resident keys from a FIDO
authenticator.
* Rename -O to -K to keep "-O option" available.
* Document -K.
* Trim usage() message down to synopsis, like all other commands.
ok markus@
OpenBSD-Commit-ID: 015c2c4b28f8e19107adc80351b44b23bca4c78a
| -rw-r--r-- | ssh-add.1 | 8 | ||||
| -rw-r--r-- | ssh-add.c | 40 |
2 files changed, 20 insertions, 28 deletions
@@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-add.1,v 1.77 2019/12/21 20:22:34 naddy Exp $ +.\" $OpenBSD: ssh-add.1,v 1.78 2020/01/17 20:13:47 naddy Exp $ .\" .\" Author: Tatu Ylonen <ylo@cs.hut.fi> .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -35,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 21 2019 $ +.Dd $Mdocdate: January 17 2020 $ .Dt SSH-ADD 1 .Os .Sh NAME @@ -43,7 +43,7 @@ .Nd adds private key identities to the OpenSSH authentication agent .Sh SYNOPSIS .Nm ssh-add -.Op Fl cDdkLlqvXx +.Op Fl cDdKkLlqvXx .Op Fl E Ar fingerprint_hash .Op Fl S Ar provider .Op Fl t Ar life @@ -124,6 +124,8 @@ The default is .It Fl e Ar pkcs11 Remove keys provided by the PKCS#11 shared library .Ar pkcs11 . +.It Fl K +Load resident keys from a FIDO authenticator. .It Fl k When loading keys into or deleting keys from the agent, process plain private keys only and skip certificates. @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.149 2020/01/06 02:00:46 djm Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.150 2020/01/17 20:13:47 naddy Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -606,26 +606,16 @@ do_file(int agent_fd, int deleting, int key_only, char *file, int qflag, static void usage(void) { - fprintf(stderr, "usage: %s [options] [file ...]\n", __progname); - fprintf(stderr, "Options:\n"); - fprintf(stderr, " -l List fingerprints of all identities.\n"); - fprintf(stderr, " -E hash Specify hash algorithm used for fingerprints.\n"); - fprintf(stderr, " -L List public key parameters of all identities.\n"); - fprintf(stderr, " -k Load only keys and not certificates.\n"); - fprintf(stderr, " -c Require confirmation to sign using identities\n"); - fprintf(stderr, " -m minleft Maxsign is only changed if less than minleft are left (for XMSS)\n"); - fprintf(stderr, " -M maxsign Maximum number of signatures allowed (for XMSS)\n"); - fprintf(stderr, " -t life Set lifetime (in seconds) when adding identities.\n"); - fprintf(stderr, " -d Delete identity.\n"); - fprintf(stderr, " -D Delete all identities.\n"); - fprintf(stderr, " -x Lock agent.\n"); - fprintf(stderr, " -X Unlock agent.\n"); - fprintf(stderr, " -s pkcs11 Add keys from PKCS#11 provider.\n"); - fprintf(stderr, " -e pkcs11 Remove keys provided by PKCS#11 provider.\n"); - fprintf(stderr, " -T pubkey Test if ssh-agent can access matching private key.\n"); - fprintf(stderr, " -S provider Specify security key provider.\n"); - fprintf(stderr, " -q Be quiet after a successful operation.\n"); - fprintf(stderr, " -v Be more verbose.\n"); + fprintf(stderr, +"usage: ssh-add [-cDdKkLlqvXx] [-E fingerprint_hash] [-S provider] [-t life]\n" +#ifdef WITH_XMSS +" [-M maxsign] [-m minleft]\n" +#endif +" [file ...]\n" +" ssh-add -s pkcs11\n" +" ssh-add -e pkcs11\n" +" ssh-add -T pubkey ...\n" + ); } int @@ -665,7 +655,7 @@ main(int argc, char **argv) skprovider = getenv("SSH_SK_PROVIDER"); - while ((ch = getopt(argc, argv, "vklLcdDTxXE:e:M:m:Oqs:S:t:")) != -1) { + while ((ch = getopt(argc, argv, "vkKlLcdDTxXE:e:M:m:qs:S:t:")) != -1) { switch (ch) { case 'v': if (log_level == SYSLOG_LEVEL_INFO) @@ -681,15 +671,15 @@ main(int argc, char **argv) case 'k': key_only = 1; break; + case 'K': + do_download = 1; + break; case 'l': case 'L': if (lflag != 0) fatal("-%c flag already specified", lflag); lflag = ch; break; - case 'O': - do_download = 1; - break; case 'x': case 'X': if (xflag != 0) |