| version 1.189, 2020/01/06 02:00:46 |
version 1.190, 2020/01/06 07:43:28 |
|
|
| .Sx MODULI GENERATION |
.Sx MODULI GENERATION |
| section may be specified. |
section may be specified. |
| .Pp |
.Pp |
| When generating a key that will be hosted on a FIDO authenticator, this |
When generating a key that will be hosted on a FIDO authenticator, |
| flag may be used to specify key-specific options. |
this flag may be used to specify key-specific options. |
| The FIDO authenticator options are supported at present are: |
Those supported at present are: |
| .Pp |
.Bl -tag -width Ds |
| .Cm application |
.It Cm application |
| overrides the default FIDO application/origin string of |
Override the default FIDO application/origin string of |
| .Dq ssh: . |
.Dq ssh: . |
| This option may be useful when generating host or domain-specific resident |
This may be useful when generating host or domain-specific resident keys. |
| keys. |
.It Cm device |
| .Cm device |
Explicitly specify a |
| explicitly specify a device to generate the key on, rather than accepting |
|
| the authenticator middleware's automatic selection. |
|
| .Xr fido 4 |
.Xr fido 4 |
| device to use, rather than letting the token middleware select one. |
device to use, rather than letting the token middleware select one. |
| .Cm no-touch-required |
.It Cm no-touch-required |
| indicates that the generated private key should not require touch |
Indicate that the generated private key should not require touch |
| events (user presence) when making signatures. |
events (user presence) when making signatures. |
| Note that |
Note that |
| .Xr sshd 8 |
.Xr sshd 8 |
| will refuse such signatures by default, unless overridden via |
will refuse such signatures by default, unless overridden via |
| an authorized_keys option. |
an authorized_keys option. |
| .Pp |
.It Cm resident |
| .Cm resident |
Indicate that the key should be stored on the FIDO authenticator itself. |
| indicates that the key should be stored on the FIDO authenticator itself. |
|
| Resident keys may be supported on FIDO2 tokens and typically require that |
Resident keys may be supported on FIDO2 tokens and typically require that |
| a PIN be set on the token prior to generation. |
a PIN be set on the token prior to generation. |
| Resident keys may be loaded off the token using |
Resident keys may be loaded off the token using |
| .Xr ssh-add 1 . |
.Xr ssh-add 1 . |
| .Cm user |
.It Cm user |
| allows specification of a username to be associated with a resident key, |
A username to be associated with a resident key, |
| overriding the empty default username. |
overriding the empty default username. |
| Specifying a username may be useful when generating multiple resident keys |
Specifying a username may be useful when generating multiple resident keys |
| for the same application name. |
for the same application name. |
| |
.El |
| .Pp |
.Pp |
| The |
The |
| .Fl O |
.Fl O |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh-keygen.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh