From d651f5c9fe37e61491eee46c49ba9fa03dbc0e6a Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 10 Feb 2023 04:56:30 +0000 Subject: upstream: let ssh-keygen and ssh-keyscan accept -Ohashalg=sha1|sha256 when outputting SSHFP fingerprints to allow algorithm selection. bz3493 ok dtucker@ OpenBSD-Commit-ID: e6e07fe21318a873bd877f333e189eb963a11b3d --- ssh-keygen.1 | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) (limited to 'ssh-keygen.1') diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 8b1f617d..715c9cc6 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.226 2022/09/10 08:50:53 jsg Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.227 2023/02/10 04:56:30 djm Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -35,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: September 10 2022 $ +.Dd $Mdocdate: February 10 2023 $ .Dt SSH-KEYGEN 1 .Os .Sh NAME @@ -518,6 +518,21 @@ suffixed with a Z character, which causes them to be interpreted in the UTC time zone. .El .Pp +When generating SSHFP DNS records from public keys using the +.Fl r +flag, the following options are accepted: +.Bl -tag -width Ds +.It Cm hashalg Ns = Ns Ar algorithm +Selects a hash algorithm to use when printing SSHFP records using the +.Fl D +flag. +Valid algorithms are +.Dq sha1 +and +.Dq sha256. +The default is to print both. +.El +.Pp The .Fl O option may be specified multiple times. -- cgit v1.2.1