=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/PROTOCOL.certkeys,v retrieving revision 1.15 retrieving revision 1.18 diff -u -r1.15 -r1.18 --- src/usr.bin/ssh/PROTOCOL.certkeys 2018/07/03 11:39:54 1.15 +++ src/usr.bin/ssh/PROTOCOL.certkeys 2021/06/04 04:02:21 1.18 @@ -36,6 +36,7 @@ ecdsa-sha2-nistp256-cert-v01@openssh.com ecdsa-sha2-nistp384-cert-v01@openssh.com ecdsa-sha2-nistp521-cert-v01@openssh.com + ssh-ed25519-cert-v01@openssh.com Two additional types exist for RSA certificates to force use of SHA-2 signatures (SHA-256 and SHA-512 respectively): @@ -259,6 +260,14 @@ certificates may be presented from any source address. +verify-required empty Flag indicating that signatures made + with this certificate must assert FIDO + user verification (e.g. PIN or + biometric). This option only make sense + for the U2F/FIDO security key types that + support this feature in their signature + formats. + Extensions ---------- @@ -279,6 +288,13 @@ Name Format Description ----------------------------------------------------------------------------- +no-touch-required empty Flag indicating that signatures made + with this certificate need not assert + FIDO user presence. This option only + make sense for the U2F/FIDO security + key types that support this feature in + their signature formats. + permit-X11-forwarding empty Flag indicating that X11 forwarding should be permitted. X11 forwarding will be refused if this option is absent. @@ -303,4 +319,4 @@ of this script will not be permitted if this option is not present. -$OpenBSD: PROTOCOL.certkeys,v 1.15 2018/07/03 11:39:54 djm Exp $ +$OpenBSD: PROTOCOL.certkeys,v 1.18 2021/06/04 04:02:21 djm Exp $