version 1.196, 2020/01/23 23:31:52 |
version 1.197, 2020/01/28 08:01:34 |
|
|
.Xr sshd 8 |
.Xr sshd 8 |
will refuse such signatures by default, unless overridden via |
will refuse such signatures by default, unless overridden via |
an authorized_keys option. |
an authorized_keys option. |
|
.It Cm challenge=path |
|
Specifies a path to a challenge string that will be passed to the |
|
FIDO token during key generation. |
|
The challenge string is optional, but may be used as part of an out-of-band |
|
protocol for key enrollment. |
|
If no |
|
.Cm challenge |
|
is specified, a random challenge is used. |
.It Cm resident |
.It Cm resident |
Indicate that the key should be stored on the FIDO authenticator itself. |
Indicate that the key should be stored on the FIDO authenticator itself. |
Resident keys may be supported on FIDO2 tokens and typically require that |
Resident keys may be supported on FIDO2 tokens and typically require that |
|
|
overriding the empty default username. |
overriding the empty default username. |
Specifying a username may be useful when generating multiple resident keys |
Specifying a username may be useful when generating multiple resident keys |
for the same application name. |
for the same application name. |
|
.It Cm write-attestation=path |
|
May be used at key generation time to record the attestation certificate |
|
returned from FIDO tokens during key generation. |
|
By default this information is discarded. |
.El |
.El |
.Pp |
.Pp |
The |
The |