===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh-keygen.1,v
retrieving revision 1.216
retrieving revision 1.217
diff -u -r1.216 -r1.217
--- src/usr.bin/ssh/ssh-keygen.1	2021/08/11 08:54:17	1.216
+++ src/usr.bin/ssh/ssh-keygen.1	2021/11/27 07:14:46	1.217
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ssh-keygen.1,v 1.216 2021/08/11 08:54:17 djm Exp $
+.\"	$OpenBSD: ssh-keygen.1,v 1.217 2021/11/27 07:14:46 djm Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: August 11 2021 $
+.Dd $Mdocdate: November 27 2021 $
 .Dt SSH-KEYGEN 1
 .Os
 .Sh NAME
@@ -151,6 +151,11 @@
 .Fl s Ar signature_file
 .Fl f Ar allowed_signers_file
 .Nm ssh-keygen
+.Fl Y Cm match-principals
+.Op Fl O Ar option
+.Fl I Ar signer_identity
+.Fl f Ar allowed_signers_file
+.Nm ssh-keygen
 .Fl Y Cm check-novalidate
 .Op Fl O Ar option
 .Fl n Ar namespace
@@ -681,6 +686,14 @@
 The format of the allowed signers file is documented in the
 .Sx ALLOWED SIGNERS
 section below.
+If one or more matching principals are found, they are returned on
+standard output.
+.It Fl Y Cm match-principals
+Find principal matching the principal name provided using the
+.Fl I
+flag in the authorized signers file specified using the
+.Fl f
+flag.
 If one or more matching principals are found, they are returned on
 standard output.
 .It Fl Y Cm check-novalidate