| version 1.205, 2020/07/15 07:50:46 |
version 1.206, 2020/08/27 01:06:18 |
|
|
| overriding the empty default username. |
overriding the empty default username. |
| Specifying a username may be useful when generating multiple resident keys |
Specifying a username may be useful when generating multiple resident keys |
| for the same application name. |
for the same application name. |
| |
.It Cm verify-required |
| |
Indicate that this private key should require user verification for |
| |
each signature. |
| |
Not all FIDO tokens support support this option. |
| |
Currently PIN authentication is the only supported verification method, |
| |
but other methods may be supported in the future. |
| .It Cm write-attestation Ns = Ns Ar path |
.It Cm write-attestation Ns = Ns Ar path |
| May be used at key generation time to record the attestation certificate |
May be used at key generation time to record the attestation certificate |
| returned from FIDO tokens during key generation. |
returned from FIDO tokens during key generation. |
|
|
| Allows X11 forwarding. |
Allows X11 forwarding. |
| .Pp |
.Pp |
| .It Ic no-touch-required |
.It Ic no-touch-required |
| Do not require signatures made using this key require demonstration |
Do not require signatures made using this key include demonstration |
| of user presence (e.g. by having the user touch the authenticator). |
of user presence (e.g. by having the user touch the authenticator). |
| This option only makes sense for the FIDO authenticator algorithms |
This option only makes sense for the FIDO authenticator algorithms |
| .Cm ecdsa-sk |
.Cm ecdsa-sk |
|
|
| .Ar address_list |
.Ar address_list |
| is a comma-separated list of one or more address/netmask pairs in CIDR |
is a comma-separated list of one or more address/netmask pairs in CIDR |
| format. |
format. |
| |
.Pp |
| |
.It Ic verify-required |
| |
Require signatures made using this key indicate that the user was first |
| |
verified. |
| |
This option only makes sense for the FIDO authenticator algorithms |
| |
.Cm ecdsa-sk |
| |
and |
| |
.Cm ed25519-sk . |
| |
Currently PIN authentication is the only supported verification method, |
| |
but other methods may be supported in the future. |
| .El |
.El |
| .Pp |
.Pp |
| At present, no standard options are valid for host keys. |
At present, no standard options are valid for host keys. |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh-keygen.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh