1. 20 Oct, 2018 1 commit
  2. 12 Sep, 2018 2 commits
  3. 08 Aug, 2018 1 commit
    • djm@openbsd.org's avatar
      upstream: Use new private key format by default. This format is · ed7bd5d9
      djm@openbsd.org authored
      suported by OpenSSH >= 6.5 (released January 2014), so it should be supported
      by most OpenSSH versions in active use.
      
      It is possible to convert new-format private keys to the older
      format using "ssh-keygen -f /path/key -pm PEM".
      
      ok deraadt dtucker
      
      OpenBSD-Commit-ID: e3bd4f2509a2103bfa2f710733426af3ad6d8ab8
      ed7bd5d9
  4. 14 Mar, 2018 1 commit
  5. 06 Feb, 2018 1 commit
    • djm@openbsd.org's avatar
      upstream commit · 130283d5
      djm@openbsd.org authored
      certificate options are case-sensitive; fix case on one
      that had it wrong.
      
      move a badly-place sentence to a less bad place
      
      OpenBSD-Commit-ID: 231e516bba860699a1eece6d48532d825f5f747b
      130283d5
  6. 03 Nov, 2017 1 commit
    • djm@openbsd.org@openbsd.org's avatar
      upstream commit · d52131a9
      djm@openbsd.org@openbsd.org authored
      allow certificate validity intervals that specify only a
      start or stop time (we already support specifying both or neither)
      
      OpenBSD-Commit-ID: 9be486545603c003030bdb5c467d1318b46b4e42
      d52131a9
  7. 21 Jul, 2017 2 commits
    • jmc@openbsd.org's avatar
      upstream commit · dc44dd3a
      jmc@openbsd.org authored
      slightly rework previous, to avoid an article issue;
      
      Upstream-ID: 15a315f0460ddd3d4e2ade1f16d6c640a8c41b30
      dc44dd3a
    • djm@openbsd.org's avatar
      upstream commit · 853edbe0
      djm@openbsd.org authored
      When generating all hostkeys (ssh-keygen -A), clobber
      existing keys if they exist but are zero length. zero-length keys could
      previously be made if ssh-keygen failed part way through generating them, so
      avoid that case too. bz#2561 reported by Krzysztof Cieplucha; ok dtucker@
      
      Upstream-ID: f662201c28ab8e1f086b5d43c59cddab5ade4044
      853edbe0
  8. 28 Jun, 2017 1 commit
    • djm@openbsd.org's avatar
      upstream commit · a98339ed
      djm@openbsd.org authored
      Allow ssh-keygen to use a key held in ssh-agent as a CA when
      signing certificates. bz#2377 ok markus
      
      Upstream-ID: fb42e920b592edcbb5b50465739a867c09329c8f
      a98339ed
  9. 07 May, 2017 5 commits
    • naddy@openbsd.org's avatar
      upstream commit · 2e9c324b
      naddy@openbsd.org authored
      remove superfluous protocol 2 mentions; ok jmc@
      
      Upstream-ID: 0aaf7567c9f2e50fac5906b6a500a39c33c4664d
      2e9c324b
    • jmc@openbsd.org's avatar
      upstream commit · 2b6f799e
      jmc@openbsd.org authored
      more protocol 1 stuff to go; ok djm
      
      Upstream-ID: 307a30441d2edda480fd1661d998d36665671e47
      2b6f799e
    • jmc@openbsd.org's avatar
      upstream commit · f10c0d32
      jmc@openbsd.org authored
      rsa1 is no longer valid;
      
      Upstream-ID: 9953d09ed9841c44b7dcf7019fa874783a709d89
      f10c0d32
    • jmc@openbsd.org's avatar
      upstream commit · 8b60ce8d
      jmc@openbsd.org authored
      more -O shuffle; ok djm
      
      Upstream-ID: c239991a3a025cdbb030b73e990188dd9bfbeceb
      8b60ce8d
    • jmc@openbsd.org's avatar
      upstream commit · 6b84897f
      jmc@openbsd.org authored
      tidy up -O somewhat; ok djm
      
      Upstream-ID: 804405f716bf7ef15c1f36ab48581ca16aeb4d52
      6b84897f
  10. 01 May, 2017 1 commit
    • djm@openbsd.org's avatar
      upstream commit · 873d3e7d
      djm@openbsd.org authored
      remove KEY_RSA1
      
      ok markus@
      
      Upstream-ID: 7408517b077c892a86b581e19f82a163069bf133
      873d3e7d
  11. 30 Apr, 2017 2 commits
    • jmc@openbsd.org's avatar
      upstream commit · d4084cd2
      jmc@openbsd.org authored
      tweak previous;
      
      Upstream-ID: a3abc6857455299aa42a046d232b7984568bceb9
      d4084cd2
    • djm@openbsd.org's avatar
      upstream commit · 249516e4
      djm@openbsd.org authored
      allow ssh-keygen to include arbitrary string or flag
      certificate extensions and critical options. ok markus@ dtucker@
      
      Upstream-ID: 2cf28dd6c5489eb9fc136e0b667ac3ea10241646
      249516e4
  12. 24 Jun, 2016 1 commit
    • jmc@openbsd.org's avatar
      upstream commit · b6cf84b5
      jmc@openbsd.org authored
      keys stored in openssh format can have comments too; diff
      from yonas yanfa, tweaked a bit;
      
      ok djm
      
      Upstream-ID: 03d48536da6e51510d73ade6fcd44ace731ceb27
      b6cf84b5
  13. 04 May, 2016 1 commit
  14. 03 May, 2016 1 commit
    • djm@openbsd.org's avatar
      upstream commit · cdcd9419
      djm@openbsd.org authored
      make nethack^wrandomart fingerprint flag more readily
       searchable pointed out by Matt Johnston
      
      Upstream-ID: cb40d0235dc153c478c1aad3bc60b195422a54fb
      cdcd9419
  15. 17 Feb, 2016 1 commit
    • jmc@openbsd.org's avatar
      upstream commit · a685ae8d
      jmc@openbsd.org authored
      since these pages now clearly tell folks to avoid v1,
       normalise the docs from a v2 perspective (i.e. stop pointing out which bits
       are v2 only);
      
      ok/tweaks djm ok markus
      
      Upstream-ID: eb474f8c36fb6a532dc05c282f7965e38dcfa129
      a685ae8d
  16. 16 Nov, 2015 1 commit
    • djm@openbsd.org's avatar
      upstream commit · 94bc0b72
      djm@openbsd.org authored
      support multiple certificates (one per line) and
       reading from standard input (using "-f -") for "ssh-keygen -L"; ok dtucker@
      
      Upstream-ID: ecbadeeef3926e5be6281689b7250a32a80e88db
      94bc0b72
  17. 09 Nov, 2015 1 commit
    • jmc@openbsd.org's avatar
      upstream commit · 8b29008b
      jmc@openbsd.org authored
      "commandline" -> "command line", since there are so few
       examples of the former in the pages, so many of the latter, and in some of
       these pages we had multiple spellings;
      
      prompted by tj
      
      Upstream-ID: 78459d59bff74223f8139d9001ccd56fc4310659
      8b29008b
  18. 21 Aug, 2015 1 commit
    • naddy@openbsd.org's avatar
      upstream commit · 05291e52
      naddy@openbsd.org authored
      In the certificates section, be consistent about using
       "host_key" and "user_key" for the respective key types.  ok sthen@ deraadt@
      
      Upstream-ID: 9e037ea3b15577b238604c5533e082a3947f13cb
      05291e52
  19. 15 Jul, 2015 1 commit
    • djm@openbsd.org's avatar
      upstream commit · 933935ce
      djm@openbsd.org authored
      refuse to generate or accept RSA keys smaller than 1024
       bits; feedback and ok dtucker@
      
      Upstream-ID: 7ea3d31271366ba264f06e34a3539bf1ac30f0ba
      933935ce
  20. 25 Feb, 2015 1 commit
  21. 21 Dec, 2014 1 commit
    • djm@openbsd.org's avatar
      upstream commit · 56d1c83c
      djm@openbsd.org authored
      Add FingerprintHash option to control algorithm used for
       key fingerprints. Default changes from MD5 to SHA256 and format from hex to
       base64.
      
      Feedback and ok naddy@ markus@
      56d1c83c
  22. 13 Oct, 2014 1 commit
  23. 20 Apr, 2014 2 commits
    • Damien Miller's avatar
      - jmc@cvs.openbsd.org 2014/03/31 13:39:34 · 43b156cf
      Damien Miller authored
           [ssh-keygen.1]
           the text for the -K option was inserted in the wrong place in -r1.108;
           fix From: Matthew Clarke
      43b156cf
    • Damien Miller's avatar
      - deraadt@cvs.openbsd.org 2014/03/15 17:28:26 · f0858de6
      Damien Miller authored
           [ssh-agent.c ssh-keygen.1 ssh-keygen.c]
           Improve usage() and documentation towards the standard form.
           In particular, this line saves a lot of man page reading time.
             usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 | rsa | rsa1]
                               [-N new_passphrase] [-C comment] [-f output_keyfile]
           ok schwarze jmc
      f0858de6
  24. 06 Feb, 2014 1 commit
  25. 29 Dec, 2013 1 commit
  26. 18 Dec, 2013 2 commits
  27. 18 Jul, 2013 1 commit
    • Damien Miller's avatar
      - jmc@cvs.openbsd.org 2013/06/27 14:05:37 · fecfd118
      Damien Miller authored
           [ssh-keygen.1 ssh.1 ssh_config.5 sshd.8 sshd_config.5]
           do not use Sx for sections outwith the man page - ingo informs me that
           stuff like html will render with broken links;
      
           issue reported by Eric S. Raymond, via djm
      fecfd118
  28. 20 Jan, 2013 4 commits