version 1.219, 2022/01/05 04:50:11 |
version 1.220, 2022/02/06 00:29:03 |
|
|
.It Fl h |
.It Fl h |
When signing a key, create a host certificate instead of a user |
When signing a key, create a host certificate instead of a user |
certificate. |
certificate. |
Please see the |
See the |
.Sx CERTIFICATES |
.Sx CERTIFICATES |
section for details. |
section for details. |
.It Fl I Ar certificate_identity |
.It Fl I Ar certificate_identity |
Specify the key identity when signing a public key. |
Specify the key identity when signing a public key. |
Please see the |
See the |
.Sx CERTIFICATES |
.Sx CERTIFICATES |
section for details. |
section for details. |
.It Fl i |
.It Fl i |
|
|
Specify one or more principals (user or host names) to be included in |
Specify one or more principals (user or host names) to be included in |
a certificate when signing a key. |
a certificate when signing a key. |
Multiple principals may be specified, separated by commas. |
Multiple principals may be specified, separated by commas. |
Please see the |
See the |
.Sx CERTIFICATES |
.Sx CERTIFICATES |
section for details. |
section for details. |
.It Fl O Ar option |
.It Fl O Ar option |
|
|
.It Cm write-attestation Ns = Ns Ar path |
.It Cm write-attestation Ns = Ns Ar path |
May be used at key generation time to record the attestation data |
May be used at key generation time to record the attestation data |
returned from FIDO tokens during key generation. |
returned from FIDO tokens during key generation. |
Please note that this information is potentially sensitive. |
This information is potentially sensitive. |
By default, this information is discarded. |
By default, this information is discarded. |
.El |
.El |
.Pp |
.Pp |
|
|
for the specified public key file. |
for the specified public key file. |
.It Fl s Ar ca_key |
.It Fl s Ar ca_key |
Certify (sign) a public key using the specified CA key. |
Certify (sign) a public key using the specified CA key. |
Please see the |
See the |
.Sx CERTIFICATES |
.Sx CERTIFICATES |
section for details. |
section for details. |
.Pp |
.Pp |
|
|
.Xr sshd 8 |
.Xr sshd 8 |
or |
or |
.Xr ssh 1 . |
.Xr ssh 1 . |
Please refer to those manual pages for details. |
Refer to those manual pages for details. |
.Sh KEY REVOCATION LISTS |
.Sh KEY REVOCATION LISTS |
.Nm |
.Nm |
is able to manage OpenSSH format Key Revocation Lists (KRLs). |
is able to manage OpenSSH format Key Revocation Lists (KRLs). |