upstream: ssh-agent support for U2F/FIDO keys

feedback & ok markus@

OpenBSD-Commit-ID: bb544a44bc32e45d2ec8bf652db2046f38360acb

1 files changed, 11 insertions, 9 deletions

diff --git a/ssh-agent.1 b/ssh-agent.1
index 83b2b41c..7719384f 100644
--- a/ssh-agent.1
+++ b/ssh-agent.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-agent.1,v 1.64 2016/11/30 06:54:26 jmc Exp $
+.\" $OpenBSD: ssh-agent.1,v 1.65 2019/10/31 21:22:01 djm Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: November 30 2016 $
+.Dd $Mdocdate: October 31 2019 $
 .Dt SSH-AGENT 1
 .Os
 .Sh NAME
@@ -46,7 +46,7 @@
 .Op Fl \&Dd
 .Op Fl a Ar bind_address
 .Op Fl E Ar fingerprint_hash
-.Op Fl P Ar pkcs11_whitelist
+.Op Fl P Ar provider_whitelist
 .Op Fl t Ar life
 .Op Ar command Op Ar arg ...
 .Nm ssh-agent
@@ -122,15 +122,17 @@ The default is
 Kill the current agent (given by the
 .Ev SSH_AGENT_PID
 environment variable).
-.It Fl P Ar pkcs11_whitelist
-Specify a pattern-list of acceptable paths for PKCS#11 shared libraries
-that may be added using the
+.It Fl P Ar provider_whitelist
+Specify a pattern-list of acceptable paths for PKCS#11 and security key shared
+libraries that may be used with the
 .Fl s
-option to
+or
+.Fl S
+options to
 .Xr ssh-add 1 .
-The default is to allow loading PKCS#11 libraries from
+The default is to allow loading libraries from
 .Dq /usr/lib/*,/usr/local/lib/* .
-PKCS#11 libraries that do not match the whitelist will be refused.
+Libraries that do not match the whitelist will be refused.
 See PATTERNS in
 .Xr ssh_config 5
 for a description of pattern-list syntax.