| version 1.213, 2021/05/12 11:34:30 |
version 1.214, 2021/07/23 03:37:52 |
|
|
| .Ar |
.Ar |
| .Nm ssh-keygen |
.Nm ssh-keygen |
| .Fl Y Cm find-principals |
.Fl Y Cm find-principals |
| |
.Op Fl O Ar option |
| .Fl s Ar signature_file |
.Fl s Ar signature_file |
| .Fl f Ar allowed_signers_file |
.Fl f Ar allowed_signers_file |
| .Nm ssh-keygen |
.Nm ssh-keygen |
| .Fl Y Cm check-novalidate |
.Fl Y Cm check-novalidate |
| |
.Op Fl O Ar option |
| .Fl n Ar namespace |
.Fl n Ar namespace |
| .Fl s Ar signature_file |
.Fl s Ar signature_file |
| .Nm ssh-keygen |
.Nm ssh-keygen |
|
|
| .Ar |
.Ar |
| .Nm ssh-keygen |
.Nm ssh-keygen |
| .Fl Y Cm verify |
.Fl Y Cm verify |
| |
.Op Fl O Ar option |
| .Fl f Ar allowed_signers_file |
.Fl f Ar allowed_signers_file |
| .Fl I Ar signer_identity |
.Fl I Ar signer_identity |
| .Fl n Ar namespace |
.Fl n Ar namespace |
|
|
| By default, this information is discarded. |
By default, this information is discarded. |
| .El |
.El |
| .Pp |
.Pp |
| |
When performing signature-related options using the |
| |
.Fl Y |
| |
flag, the following options are accepted: |
| |
.Bl -tag -width Ds |
| |
.It Cm verify-time Ns = Ns Ar timestamp |
| |
Specifies a time to use when validating signatures instead of the current |
| |
time. |
| |
The time may be specified as a date in YYYYMMDD format or a time |
| |
in YYYYMMDDHHMM[SS] format. |
| |
.El |
| |
.Pp |
| The |
The |
| .Fl O |
.Fl O |
| option may be specified multiple times. |
option may be specified multiple times. |
|
|
| .It Cm cert-authority |
.It Cm cert-authority |
| Indicates that this key is accepted as a certificate authority (CA) and |
Indicates that this key is accepted as a certificate authority (CA) and |
| that certificates signed by this CA may be accepted for verification. |
that certificates signed by this CA may be accepted for verification. |
| .It Cm namespaces="namespace-list" |
.It Cm namespaces Ns = Ns "namespace-list" |
| Specifies a pattern-list of namespaces that are accepted for this key. |
Specifies a pattern-list of namespaces that are accepted for this key. |
| If this option is present, the signature namespace embedded in the |
If this option is present, the signature namespace embedded in the |
| signature object and presented on the verification command-line must |
signature object and presented on the verification command-line must |
| match the specified list before the key will be considered acceptable. |
match the specified list before the key will be considered acceptable. |
| |
.It Cm valid-after Ns = Ns "timestamp" |
| |
Indicates that the key is valid for use at or after the specified timestamp, |
| |
which may be a date in YYYYMMDD format or a time in YYYYMMDDHHMM[SS] format, |
| |
.It Cm valid-before Ns = Ns "timestamp" |
| |
Indicates that the key is valid for use at or before the specified timestamp. |
| .El |
.El |
| .Pp |
.Pp |
| When verifying signatures made by certificates, the expected principal |
When verifying signatures made by certificates, the expected principal |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh-keygen.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh