===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh-keygen.1,v
retrieving revision 1.226
retrieving revision 1.227
diff -u -r1.226 -r1.227
--- src/usr.bin/ssh/ssh-keygen.1	2022/09/10 08:50:53	1.226
+++ src/usr.bin/ssh/ssh-keygen.1	2023/02/10 04:56:30	1.227
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ssh-keygen.1,v 1.226 2022/09/10 08:50:53 jsg Exp $
+.\"	$OpenBSD: ssh-keygen.1,v 1.227 2023/02/10 04:56:30 djm Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: September 10 2022 $
+.Dd $Mdocdate: February 10 2023 $
 .Dt SSH-KEYGEN 1
 .Os
 .Sh NAME
@@ -516,6 +516,21 @@
 Dates and times will be interpreted in the current system time zone unless
 suffixed with a Z character, which causes them to be interpreted in the
 UTC time zone.
+.El
+.Pp
+When generating SSHFP DNS records from public keys using the
+.Fl r
+flag, the following options are accepted:
+.Bl -tag -width Ds
+.It Cm hashalg Ns = Ns Ar algorithm
+Selects a hash algorithm to use when printing SSHFP records using the
+.Fl D
+flag.
+Valid algorithms are
+.Dq sha1
+and
+.Dq sha256.
+The default is to print both.
 .El
 .Pp
 The