version 1.188, 2020/01/03 07:33:33 |
version 1.189, 2020/01/06 02:00:46 |
|
|
.Pp |
.Pp |
When generating a key that will be hosted on a FIDO authenticator, this |
When generating a key that will be hosted on a FIDO authenticator, this |
flag may be used to specify key-specific options. |
flag may be used to specify key-specific options. |
Two FIDO authenticator options are supported at present: |
The FIDO authenticator options are supported at present are: |
.Pp |
.Pp |
|
.Cm application |
|
overrides the default FIDO application/origin string of |
|
.Dq ssh: . |
|
This option may be useful when generating host or domain-specific resident |
|
keys. |
|
.Cm device |
|
explicitly specify a device to generate the key on, rather than accepting |
|
the authenticator middleware's automatic selection. |
|
.Xr fido 4 |
|
device to use, rather than letting the token middleware select one. |
.Cm no-touch-required |
.Cm no-touch-required |
indicates that the generated private key should not require touch |
indicates that the generated private key should not require touch |
events (user presence) when making signatures. |
events (user presence) when making signatures. |
|
|
a PIN be set on the token prior to generation. |
a PIN be set on the token prior to generation. |
Resident keys may be loaded off the token using |
Resident keys may be loaded off the token using |
.Xr ssh-add 1 . |
.Xr ssh-add 1 . |
|
.Cm user |
|
allows specification of a username to be associated with a resident key, |
|
overriding the empty default username. |
|
Specifying a username may be useful when generating multiple resident keys |
|
for the same application name. |
.Pp |
.Pp |
The |
The |
.Fl O |
.Fl O |