version 1.197, 2020/01/28 08:01:34 |
version 1.198, 2020/02/02 07:36:50 |
|
|
Override the default FIDO application/origin string of |
Override the default FIDO application/origin string of |
.Dq ssh: . |
.Dq ssh: . |
This may be useful when generating host or domain-specific resident keys. |
This may be useful when generating host or domain-specific resident keys. |
|
.It Cm challenge=path |
|
Specifies a path to a challenge string that will be passed to the |
|
FIDO token during key generation. |
|
The challenge string is optional, but may be used as part of an out-of-band |
|
protocol for key enrollment. |
|
If no |
|
.Cm challenge |
|
is specified, a random challenge is used. |
.It Cm device |
.It Cm device |
Explicitly specify a |
Explicitly specify a |
.Xr fido 4 |
.Xr fido 4 |
|
|
.Xr sshd 8 |
.Xr sshd 8 |
will refuse such signatures by default, unless overridden via |
will refuse such signatures by default, unless overridden via |
an authorized_keys option. |
an authorized_keys option. |
.It Cm challenge=path |
|
Specifies a path to a challenge string that will be passed to the |
|
FIDO token during key generation. |
|
The challenge string is optional, but may be used as part of an out-of-band |
|
protocol for key enrollment. |
|
If no |
|
.Cm challenge |
|
is specified, a random challenge is used. |
|
.It Cm resident |
.It Cm resident |
Indicate that the key should be stored on the FIDO authenticator itself. |
Indicate that the key should be stored on the FIDO authenticator itself. |
Resident keys may be supported on FIDO2 tokens and typically require that |
Resident keys may be supported on FIDO2 tokens and typically require that |