diff options
| author |   jmc <jmc@openbsd.org> | 2013-01-18 07:57:47 +0000 |
|---|---|---|
| committer | jmc <jmc@openbsd.org> | 2013-01-18 07:57:47 +0000 |
| commit | f24da78483c6953334d0e904a0eb2bcd10eb39d5 (patch) | |
| tree | 994971413a1dcfa5c71a64c3fb72d938509d4cf8 | |
| parent | Clean up and rework workunit completion for RAID 0. Ensure that we remove (diff) | |
| download | wireguard-openbsd-f24da78483c6953334d0e904a0eb2bcd10eb39d5.tar.xz wireguard-openbsd-f24da78483c6953334d0e904a0eb2bcd10eb39d5.zip | |
tweak previous;
| -rw-r--r-- | usr.bin/ssh/ssh-keygen.1 | 31 | ||||
| -rw-r--r-- | usr.bin/ssh/sshd_config.5 | 6 |
2 files changed, 19 insertions, 18 deletions
diff --git a/usr.bin/ssh/ssh-keygen.1 b/usr.bin/ssh/ssh-keygen.1 index 52f4b6ea626..ac97678d300 100644 --- a/usr.bin/ssh/ssh-keygen.1 +++ b/usr.bin/ssh/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.111 2013/01/17 23:00:01 djm Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.112 2013/01/18 07:57:47 jmc Exp $ .\" .\" Author: Tatu Ylonen <ylo@cs.hut.fi> .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -35,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: January 17 2013 $ +.Dd $Mdocdate: January 18 2013 $ .Dt SSH-KEYGEN 1 .Os .Sh NAME @@ -126,8 +126,8 @@ .Fl k .Fl f Ar krl_file .Op Fl u -.Op Fl s ca_public -.Op Fl z version_number +.Op Fl s Ar ca_public +.Op Fl z Ar version_number .Ar .Nm ssh-keygen .Fl Q @@ -158,7 +158,8 @@ section for details. Finally, .Nm can be used to generate and update Key Revocation Lists, and to test whether -given keys have been revoked by one. See the +given keys have been revoked by one. +See the .Sx KEY REVOCATION LISTS section for details. .Pp @@ -480,7 +481,7 @@ section for details. .Pp When generating a KRL, .Fl s -specifies a path to a CA public key file used to revoke certificated directly +specifies a path to a CA public key file used to revoke certificates directly by key ID or serial number. See the .Sx KEY REVOCATION LISTS @@ -499,6 +500,12 @@ for protocol version 1 and or .Dq rsa for protocol version 2. +.It Fl u +Update a KRL. +When specified with +.Fl k , +keys listed via the command-line are added to the existing KRL rather than +a new KRL being created. .It Fl V Ar validity_interval Specify a validity interval when signing a certificate. A validity interval may consist of a single time, indicating that the @@ -522,12 +529,6 @@ For example: (valid from 12:30 PM, January 1st, 2010 to 12:30 PM, January 1st, 2011), .Dq -1d:20110101 (valid from yesterday to midnight, January 1st, 2011). -.It Fl u -Update a KRL. -When specified with -.Fl k , -keys listed via the command-line are added to the existing KRL rather than -a new KRL being created. .It Fl v Verbose mode. Causes @@ -689,7 +690,7 @@ Please refer to those manual pages for details. .Nm is able to manage OpenSSH format Key Revocation Lists (KRLs). These binary files specify keys or certificates to be revoked using a -compact format; taking as little a one bit per certificate if they are being +compact format, taking as little a one bit per certificate if they are being revoked by serial number. .Pp KRLs may be generated using the @@ -712,7 +713,7 @@ followed by a colon and some directive-specific information. .Bl -tag -width Ds .It Cm serial : Ar serial_number Op -serial_number Revokes a certificate with the specified serial number. -Serial numbers are 64 bit values, not including zero and may be expressed +Serial numbers are 64-bit values, not including zero and may be expressed in decimal, hex or octal. If two serial numbers are specified separated by a hyphen, then the range of serial numbers including and between each is revoked. @@ -730,7 +731,7 @@ command-line using the option. .It Cm key : Ar public_key Revokes the specified key. -In a certificate is listed, then it is revoked as a plain public key. +If a certificate is listed, then it is revoked as a plain public key. .It Cm sha1 : Ar public_key Revokes the specified key by its SHA1 hash. .El diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5 index 42b26773cf4..2eefb682c47 100644 --- a/usr.bin/ssh/sshd_config.5 +++ b/usr.bin/ssh/sshd_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.154 2013/01/17 23:00:01 djm Exp $ -.Dd $Mdocdate: January 17 2013 $ +.\" $OpenBSD: sshd_config.5,v 1.155 2013/01/18 08:00:49 jmc Exp $ +.Dd $Mdocdate: January 18 2013 $ .Dt SSHD_CONFIG 5 .Os .Sh NAME @@ -1001,7 +1001,7 @@ Note that if this file is not readable, then public key authentication will be refused for all users. Keys may be specified as a text file, listing one public key per line, or as an OpenSSH Key Revocation List (KRL) as generated by -.Xr ssh-keygen 1 +.Xr ssh-keygen 1 . For more information on KRLs, see the .Sx KEY REVOCATION LISTS section in |