version 1.179, 2019/11/30 07:07:59 |
version 1.180, 2019/12/21 20:22:34 |
|
|
.It Ic no-touch-required |
.It Ic no-touch-required |
Do not require signatures made using this key require demonstration |
Do not require signatures made using this key require demonstration |
of user presence (e.g. by having the user touch the key). |
of user presence (e.g. by having the user touch the key). |
This option only makes sense for the Security Key algorithms |
This option only makes sense for the FIDO authenticator algorithms |
.Cm ecdsa-sk |
.Cm ecdsa-sk |
and |
and |
.Cm ed25519-sk . |
.Cm ed25519-sk . |
|
|
.It Fl W Ar generator |
.It Fl W Ar generator |
Specify desired generator when testing candidate moduli for DH-GEX. |
Specify desired generator when testing candidate moduli for DH-GEX. |
.It Fl w Ar provider |
.It Fl w Ar provider |
Specifies a path to a security key provider library that will be used when |
Specifies a path to a library that will be used when creating |
creating any security key-hosted keys, overriding the default of the |
FIDO authenticator-hosted keys, overriding the default of using |
internal support for USB HID keys. |
the internal USB HID support. |
.It Fl x Ar flags |
.It Fl x Ar flags |
Specifies the security key flags to use when enrolling a security key-hosted |
Specifies the authenticator flags to use when enrolling an authenticator-hosted |
key. |
key. |
Flags may be specified by name or directly as a hexadecimal value. |
Flags may be specified by name or directly as a hexadecimal value. |
Only one named flag is supported at present: |
Only one named flag is supported at present: |
|
|
.Sh ENVIRONMENT |
.Sh ENVIRONMENT |
.Bl -tag -width Ds |
.Bl -tag -width Ds |
.It Ev SSH_SK_PROVIDER |
.It Ev SSH_SK_PROVIDER |
Specifies the path to a security key provider library used to interact with |
Specifies the path to a library used to interact with FIDO authenticators. |
hardware security keys. |
|
.El |
.El |
.Sh FILES |
.Sh FILES |
.Bl -tag -width Ds -compact |
.Bl -tag -width Ds -compact |
|
|
.It Pa ~/.ssh/id_ed25519 |
.It Pa ~/.ssh/id_ed25519 |
.It Pa ~/.ssh/id_ed25519_sk |
.It Pa ~/.ssh/id_ed25519_sk |
.It Pa ~/.ssh/id_rsa |
.It Pa ~/.ssh/id_rsa |
Contains the DSA, ECDSA, security key-hosted ECDSA, Ed25519, |
Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519, |
security key-hosted Ed25519 or RSA authentication identity of the user. |
authenticator-hosted Ed25519 or RSA authentication identity of the user. |
This file should not be readable by anyone but the user. |
This file should not be readable by anyone but the user. |
It is possible to |
It is possible to |
specify a passphrase when generating the key; that passphrase will be |
specify a passphrase when generating the key; that passphrase will be |
|
|
.It Pa ~/.ssh/id_ed25519.pub |
.It Pa ~/.ssh/id_ed25519.pub |
.It Pa ~/.ssh/id_ed25519_sk.pub |
.It Pa ~/.ssh/id_ed25519_sk.pub |
.It Pa ~/.ssh/id_rsa.pub |
.It Pa ~/.ssh/id_rsa.pub |
Contains the DSA, ECDSA, security key-hosted ECDSA, Ed25519, |
Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519, |
security key-hosted Ed25519 or RSA public key for authentication. |
authenticator-hosted Ed25519 or RSA public key for authentication. |
The contents of this file should be added to |
The contents of this file should be added to |
.Pa ~/.ssh/authorized_keys |
.Pa ~/.ssh/authorized_keys |
on all machines |
on all machines |