diff options
Diffstat (limited to 'ssh-keygen.1')
| -rw-r--r-- | ssh-keygen.1 | 29 |
1 files changed, 19 insertions, 10 deletions
diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 5f1ec09b07a2..3525d7d17567 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.144 2017/07/08 18:32:54 jmc Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.147 2018/03/12 00:52:01 djm Exp $ .\" .\" Author: Tatu Ylonen <ylo@cs.hut.fi> .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -35,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: July 8 2017 $ +.Dd $Mdocdate: March 12 2018 $ .Dt SSH-KEYGEN 1 .Os .Sh NAME @@ -425,6 +425,8 @@ This option may be specified multiple times. See also the .Sx CERTIFICATES section for further details. +.Pp +At present, no standard options are valid for host keys. The options that are valid for user certificates are: .Pp .Bl -tag -width Ds -compact @@ -448,8 +450,6 @@ contents (usually indicating a flag). Extensions may be ignored by a client or server that does not recognise them, whereas unknown critical options will cause the certificate to be refused. .Pp -At present, no standard options are valid for host keys. -.Pp .It Ic force-command Ns = Ns Ar command Forces the execution of .Ar command @@ -494,7 +494,7 @@ Allows execution of by .Xr sshd 8 . .Pp -.It Ic permit-x11-forwarding +.It Ic permit-X11-forwarding Allows X11 forwarding. .Pp .It Ic source-address Ns = Ns Ar address_list @@ -584,13 +584,20 @@ Specify a validity interval when signing a certificate. A validity interval may consist of a single time, indicating that the certificate is valid beginning now and expiring at that time, or may consist of two times separated by a colon to indicate an explicit time interval. -The start time may be specified as a date in YYYYMMDD format, a time -in YYYYMMDDHHMMSS format or a relative time (to the current time) consisting -of a minus sign followed by a relative time in the format described in the +.Pp +The start time may be specified as the string +.Dq always +to indicate the certificate has no specified start time, +a date in YYYYMMDD format, a time in YYYYMMDDHHMM[SS] format, +a relative time (to the current time) consisting of a minus sign followed by +an interval in the format described in the TIME FORMATS section of .Xr sshd_config 5 . -The end time may be specified as a YYYYMMDD date, a YYYYMMDDHHMMSS time or -a relative time starting with a plus character. +.Pp +The end time may be specified as a YYYYMMDD date, a YYYYMMDDHHMM[SS] time, +a relative time starting with a plus character or the string +.Dq forever +to indicate that the certificate has no expirty date. .Pp For example: .Dq +52w1d @@ -601,6 +608,8 @@ For example: (valid from 12:30 PM, January 1st, 2010 to 12:30 PM, January 1st, 2011), .Dq -1d:20110101 (valid from yesterday to midnight, January 1st, 2011). +.Dq -1m:forever +(valid from one minute ago and never expiring). .It Fl v Verbose mode. Causes |