diff options
author | djm@openbsd.org <djm@openbsd.org> | 2020-01-23 23:31:52 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2020-01-25 11:27:29 +1100 |
commit | 72a8bea2d748c8bd7f076a8b39a52082c79ae95f (patch) | |
tree | 14bea4a63d81af371d75708384811f5829a38267 /ssh-keygen.1 | |
parent | 0585b5697201f5d8b32e6f1b0fee7e188268d30d (diff) | |
download | openssh-git-72a8bea2d748c8bd7f076a8b39a52082c79ae95f.tar.gz |
upstream: ssh-keygen -Y find-principals fixes based on feedback
from Markus:
use "principals" instead of principal, as allowed_signers lines may list
multiple.
When the signing key is a certificate, emit only principals that match
the certificate principal list.
NB. the command -Y name changes: "find-principal" => "find-principals"
ok markus@
OpenBSD-Commit-ID: ab575946ff9a55624cd4e811bfd338bf3b1d0faf
Diffstat (limited to 'ssh-keygen.1')
-rw-r--r-- | ssh-keygen.1 | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 5d33902f..b4a87392 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.195 2020/01/23 07:16:38 jmc Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.196 2020/01/23 23:31:52 djm Exp $ .\" .\" Author: Tatu Ylonen <ylo@cs.hut.fi> .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -138,7 +138,7 @@ .Fl f Ar krl_file .Ar .Nm ssh-keygen -.Fl Y Cm find-principal +.Fl Y Cm find-principals .Fl s Ar signature_file .Fl f Ar allowed_signers_file .Nm ssh-keygen @@ -618,8 +618,8 @@ The maximum is 3. Specifies a path to a library that will be used when creating FIDO authenticator-hosted keys, overriding the default of using the internal USB HID support. -.It Fl Y Cm find-principal -Find the principal associated with the public key of a signature, +.It Fl Y Cm find-principals +Find the principal(s) associated with the public key of a signature, provided using the .Fl s flag in an authorized signers file provided using the @@ -628,7 +628,8 @@ flag. The format of the allowed signers file is documented in the .Sx ALLOWED SIGNERS section below. -If a matching principal is found, it is returned on standard output. +If one or more matching principals are found, they are returned on +standard output. .It Fl Y Cm check-novalidate Checks that a signature generated using .Nm |