=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh-agent.1,v retrieving revision 1.64 retrieving revision 1.65 diff -u -r1.64 -r1.65 --- src/usr.bin/ssh/ssh-agent.1 2016/11/30 06:54:26 1.64 +++ src/usr.bin/ssh/ssh-agent.1 2019/10/31 21:22:01 1.65 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-agent.1,v 1.64 2016/11/30 06:54:26 jmc Exp $ +.\" $OpenBSD: ssh-agent.1,v 1.65 2019/10/31 21:22:01 djm Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: November 30 2016 $ +.Dd $Mdocdate: October 31 2019 $ .Dt SSH-AGENT 1 .Os .Sh NAME @@ -46,7 +46,7 @@ .Op Fl \&Dd .Op Fl a Ar bind_address .Op Fl E Ar fingerprint_hash -.Op Fl P Ar pkcs11_whitelist +.Op Fl P Ar provider_whitelist .Op Fl t Ar life .Op Ar command Op Ar arg ... .Nm ssh-agent @@ -122,15 +122,17 @@ Kill the current agent (given by the .Ev SSH_AGENT_PID environment variable). -.It Fl P Ar pkcs11_whitelist -Specify a pattern-list of acceptable paths for PKCS#11 shared libraries -that may be added using the +.It Fl P Ar provider_whitelist +Specify a pattern-list of acceptable paths for PKCS#11 and security key shared +libraries that may be used with the .Fl s -option to +or +.Fl S +options to .Xr ssh-add 1 . -The default is to allow loading PKCS#11 libraries from +The default is to allow loading libraries from .Dq /usr/lib/*,/usr/local/lib/* . -PKCS#11 libraries that do not match the whitelist will be refused. +Libraries that do not match the whitelist will be refused. See PATTERNS in .Xr ssh_config 5 for a description of pattern-list syntax.