version 1.205, 2020/07/15 07:50:46 |
version 1.206, 2020/08/27 01:06:18 |
|
|
overriding the empty default username. |
overriding the empty default username. |
Specifying a username may be useful when generating multiple resident keys |
Specifying a username may be useful when generating multiple resident keys |
for the same application name. |
for the same application name. |
|
.It Cm verify-required |
|
Indicate that this private key should require user verification for |
|
each signature. |
|
Not all FIDO tokens support support this option. |
|
Currently PIN authentication is the only supported verification method, |
|
but other methods may be supported in the future. |
.It Cm write-attestation Ns = Ns Ar path |
.It Cm write-attestation Ns = Ns Ar path |
May be used at key generation time to record the attestation certificate |
May be used at key generation time to record the attestation certificate |
returned from FIDO tokens during key generation. |
returned from FIDO tokens during key generation. |
|
|
Allows X11 forwarding. |
Allows X11 forwarding. |
.Pp |
.Pp |
.It Ic no-touch-required |
.It Ic no-touch-required |
Do not require signatures made using this key require demonstration |
Do not require signatures made using this key include demonstration |
of user presence (e.g. by having the user touch the authenticator). |
of user presence (e.g. by having the user touch the authenticator). |
This option only makes sense for the FIDO authenticator algorithms |
This option only makes sense for the FIDO authenticator algorithms |
.Cm ecdsa-sk |
.Cm ecdsa-sk |
|
|
.Ar address_list |
.Ar address_list |
is a comma-separated list of one or more address/netmask pairs in CIDR |
is a comma-separated list of one or more address/netmask pairs in CIDR |
format. |
format. |
|
.Pp |
|
.It Ic verify-required |
|
Require signatures made using this key indicate that the user was first |
|
verified. |
|
This option only makes sense for the FIDO authenticator algorithms |
|
.Cm ecdsa-sk |
|
and |
|
.Cm ed25519-sk . |
|
Currently PIN authentication is the only supported verification method, |
|
but other methods may be supported in the future. |
.El |
.El |
.Pp |
.Pp |
At present, no standard options are valid for host keys. |
At present, no standard options are valid for host keys. |