diff options
| author | Christian Weisgerber <naddy@cvs.openbsd.org> | 2020-01-17 20:13:48 +0000 |
|---|---|---|
| committer | Christian Weisgerber <naddy@cvs.openbsd.org> | 2020-01-17 20:13:48 +0000 |
| commit | 033dac07bdc355d1e9ab5047eae3cf41f38348f7 (patch) | |
| tree | 69f3839c54add96706f58776f58df281f42395c4 /usr.bin | |
| parent | 82884d226adff68ebf109420e07c8ffad20b81d0 (diff) | |
Document loading of resident keys from a FIDO authenticator.
* Rename -O to -K to keep "-O option" available.
* Document -K.
* Trim usage() message down to synopsis, like all other commands.
ok markus@
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/ssh/ssh-add.1 | 8 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh-add.c | 40 |
2 files changed, 20 insertions, 28 deletions
diff --git a/usr.bin/ssh/ssh-add.1 b/usr.bin/ssh/ssh-add.1 index 45af7357a10..7c592d8db54 100644 --- a/usr.bin/ssh/ssh-add.1 +++ b/usr.bin/ssh/ssh-add.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-add.1,v 1.77 2019/12/21 20:22:34 naddy Exp $ +.\" $OpenBSD: ssh-add.1,v 1.78 2020/01/17 20:13:47 naddy Exp $ .\" .\" Author: Tatu Ylonen <ylo@cs.hut.fi> .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -35,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: December 21 2019 $ +.Dd $Mdocdate: January 17 2020 $ .Dt SSH-ADD 1 .Os .Sh NAME @@ -43,7 +43,7 @@ .Nd adds private key identities to the OpenSSH authentication agent .Sh SYNOPSIS .Nm ssh-add -.Op Fl cDdkLlqvXx +.Op Fl cDdKkLlqvXx .Op Fl E Ar fingerprint_hash .Op Fl S Ar provider .Op Fl t Ar life @@ -124,6 +124,8 @@ The default is .It Fl e Ar pkcs11 Remove keys provided by the PKCS#11 shared library .Ar pkcs11 . +.It Fl K +Load resident keys from a FIDO authenticator. .It Fl k When loading keys into or deleting keys from the agent, process plain private keys only and skip certificates. diff --git a/usr.bin/ssh/ssh-add.c b/usr.bin/ssh/ssh-add.c index e6c5cd92d54..80d3a1e067a 100644 --- a/usr.bin/ssh/ssh-add.c +++ b/usr.bin/ssh/ssh-add.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-add.c,v 1.149 2020/01/06 02:00:46 djm Exp $ */ +/* $OpenBSD: ssh-add.c,v 1.150 2020/01/17 20:13:47 naddy Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -599,26 +599,16 @@ do_file(int agent_fd, int deleting, int key_only, char *file, int qflag, static void usage(void) { - fprintf(stderr, "usage: %s [options] [file ...]\n", __progname); - fprintf(stderr, "Options:\n"); - fprintf(stderr, " -l List fingerprints of all identities.\n"); - fprintf(stderr, " -E hash Specify hash algorithm used for fingerprints.\n"); - fprintf(stderr, " -L List public key parameters of all identities.\n"); - fprintf(stderr, " -k Load only keys and not certificates.\n"); - fprintf(stderr, " -c Require confirmation to sign using identities\n"); - fprintf(stderr, " -m minleft Maxsign is only changed if less than minleft are left (for XMSS)\n"); - fprintf(stderr, " -M maxsign Maximum number of signatures allowed (for XMSS)\n"); - fprintf(stderr, " -t life Set lifetime (in seconds) when adding identities.\n"); - fprintf(stderr, " -d Delete identity.\n"); - fprintf(stderr, " -D Delete all identities.\n"); - fprintf(stderr, " -x Lock agent.\n"); - fprintf(stderr, " -X Unlock agent.\n"); - fprintf(stderr, " -s pkcs11 Add keys from PKCS#11 provider.\n"); - fprintf(stderr, " -e pkcs11 Remove keys provided by PKCS#11 provider.\n"); - fprintf(stderr, " -T pubkey Test if ssh-agent can access matching private key.\n"); - fprintf(stderr, " -S provider Specify security key provider.\n"); - fprintf(stderr, " -q Be quiet after a successful operation.\n"); - fprintf(stderr, " -v Be more verbose.\n"); + fprintf(stderr, +"usage: ssh-add [-cDdKkLlqvXx] [-E fingerprint_hash] [-S provider] [-t life]\n" +#ifdef WITH_XMSS +" [-M maxsign] [-m minleft]\n" +#endif +" [file ...]\n" +" ssh-add -s pkcs11\n" +" ssh-add -e pkcs11\n" +" ssh-add -T pubkey ...\n" + ); } int @@ -658,7 +648,7 @@ main(int argc, char **argv) skprovider = getenv("SSH_SK_PROVIDER"); - while ((ch = getopt(argc, argv, "vklLcdDTxXE:e:M:m:Oqs:S:t:")) != -1) { + while ((ch = getopt(argc, argv, "vkKlLcdDTxXE:e:M:m:qs:S:t:")) != -1) { switch (ch) { case 'v': if (log_level == SYSLOG_LEVEL_INFO) @@ -674,15 +664,15 @@ main(int argc, char **argv) case 'k': key_only = 1; break; + case 'K': + do_download = 1; + break; case 'l': case 'L': if (lflag != 0) fatal("-%c flag already specified", lflag); lflag = ch; break; - case 'O': - do_download = 1; - break; case 'x': case 'X': if (xflag != 0) |