use better markup for challenge and write-attestation,

and rejig the challenge text a little;

ok djm

1 files changed, 7 insertions, 9 deletions

diff --git a/usr.bin/ssh/ssh-keygen.1 b/usr.bin/ssh/ssh-keygen.1
index 3494fbceb68..f0e76aab15e 100644
--- a/usr.bin/ssh/ssh-keygen.1
+++ b/usr.bin/ssh/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ssh-keygen.1,v 1.198 2020/02/02 07:36:50 jmc Exp $
+.\"	$OpenBSD: ssh-keygen.1,v 1.199 2020/02/03 08:15:37 jmc Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: February 2 2020 $
+.Dd $Mdocdate: February 3 2020 $
 .Dt SSH-KEYGEN 1
 .Os
 .Sh NAME
@@ -472,14 +472,12 @@ Those supported at present are:
 Override the default FIDO application/origin string of
 .Dq ssh: .
 This may be useful when generating host or domain-specific resident keys.
-.It Cm challenge=path
+.It Cm challenge Ns = Ns Ar path
 Specifies a path to a challenge string that will be passed to the
 FIDO token during key generation.
-The challenge string is optional, but may be used as part of an out-of-band
-protocol for key enrollment.
-If no
-.Cm challenge
-is specified, a random challenge is used.
+The challenge string may be used as part of an out-of-band
+protocol for key enrollment
+(a random challenge is used by default).
 .It Cm device
 Explicitly specify a
 .Xr fido 4
@@ -502,7 +500,7 @@ A username to be associated with a resident key,
 overriding the empty default username.
 Specifying a username may be useful when generating multiple resident keys
 for the same application name.
-.It Cm write-attestation=path
+.It Cm write-attestation Ns = Ns Ar path
 May be used at key generation time to record the attestation certificate
 returned from FIDO tokens during key generation.
 By default this information is discarded.