From 0caff05350bd5fc635674c9e051a0322faba5ae3 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Thu, 27 Aug 2020 01:08:45 +0000
Subject: upstream: Request PIN ahead of time for certain FIDO actions

When we know that a particular action will require a PIN, such as
downloading resident keys or generating a verify-required key, request
the PIN before attempting it.

joint work with Pedro Martelletto; ok markus@

OpenBSD-Commit-ID: 863182d38ef075bad1f7d20ca485752a05edb727
---
 ssh-keygen.1 | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'ssh-keygen.1')

diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 7e0558fe..e18fcde0 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ssh-keygen.1,v 1.206 2020/08/27 01:06:18 djm Exp $
+.\"	$OpenBSD: ssh-keygen.1,v 1.207 2020/08/27 01:08:45 djm Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -382,6 +382,8 @@ The default import format is
 Download resident keys from a FIDO authenticator.
 Public and private key files will be written to the current directory for
 each downloaded key.
+If multiple FIDO authenticators are attached, keys will be downloaded from
+the first touched authenticator.
 .It Fl k
 Generate a KRL file.
 In this mode,
-- 
cgit v1.2.1