diff options
| author | Jason McIntyre <jmc@cvs.openbsd.org> | 2010-04-16 06:47:05 +0000 |
|---|---|---|
| committer | Jason McIntyre <jmc@cvs.openbsd.org> | 2010-04-16 06:47:05 +0000 |
| commit | 1dbed24dd6935562a1ae3ed70d6fc79975211edc (patch) | |
| tree | 71f597bebc1ec4417f20484357d6f0c5e7b45b72 /usr.bin | |
| parent | 59824ce3647af61391b84e93841290d2578a1b33 (diff) | |
tweak previous; ok djm
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/ssh/ssh-keygen.1 | 6 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh-keygen.c | 5 |
2 files changed, 6 insertions, 5 deletions
diff --git a/usr.bin/ssh/ssh-keygen.1 b/usr.bin/ssh/ssh-keygen.1 index aacd4d3dc24..26ae31f5e47 100644 --- a/usr.bin/ssh/ssh-keygen.1 +++ b/usr.bin/ssh/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.93 2010/04/16 01:47:26 djm Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.94 2010/04/16 06:47:04 jmc Exp $ .\" .\" -*- nroff -*- .\" @@ -506,7 +506,7 @@ that both ends of a connection share common moduli. supports signing of keys to produce certificates that may be used for user or host authentication. Certificates consist of a public key, some identity information, zero or -more principal (user or host) names and an optional set of options that +more principal (user or host) names and a set of options that are signed by a Certification Authority (CA) key. Clients or servers may then trust only the CA key and verify its signature on a certificate rather than trusting many user/host keys. @@ -546,7 +546,7 @@ To generate a certificate for a specified set of principals: .Dl "$ ssh-keygen -s ca_key -I key_id -h -n host.domain user_key.pub" .Pp Additional limitations on the validity and use of user certificates may -be specified through certificate options.. +be specified through certificate options. A certificate option may disable features of the SSH session, may be valid only when presented from particular source addresses or may force the use of a specific command. diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c index 58b1e400eb8..5f3083fc39e 100644 --- a/usr.bin/ssh/ssh-keygen.c +++ b/usr.bin/ssh/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.186 2010/04/16 01:47:26 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.187 2010/04/16 06:47:04 jmc Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -1523,7 +1523,7 @@ usage(void) fprintf(stderr, " -M memory Amount of memory (MB) to use for generating DH-GEX moduli.\n"); fprintf(stderr, " -n name,... User/host principal names to include in certificate\n"); fprintf(stderr, " -N phrase Provide new passphrase.\n"); - fprintf(stderr, " -O cnstr Specify a certificate option.\n"); + fprintf(stderr, " -O option Specify a certificate option.\n"); fprintf(stderr, " -P phrase Provide old passphrase.\n"); fprintf(stderr, " -p Change passphrase of private key file.\n"); fprintf(stderr, " -q Quiet.\n"); @@ -1537,6 +1537,7 @@ usage(void) fprintf(stderr, " -v Verbose.\n"); fprintf(stderr, " -W gen Generator to use for generating DH-GEX moduli.\n"); fprintf(stderr, " -y Read private key file and print public key.\n"); + fprintf(stderr, " -z serial Specify a serial number.\n"); exit(1); } |