On Mon, Jul 13, 2020 at 10:36:45PM +0200, Solene Rapenne wrote: > On Thu, 25 Jun 2020 18:02:23 +0100 > Jason McIntyre <j...@kerhand.co.uk>: > > > On Thu, Jun 25, 2020 at 06:40:36PM +0200, Solene Rapenne wrote: > > > I found that ssh-keygen(1) missed mention of -a flag in SYNOPSIS. > > > > > > > i think this got accidently removed in -r1.184: > > > > remove single letter flags for moduli operations > > > > > The following patch adds mention to [-a rounds] with default (no > > > flag), -p, -c, -K and -A > > > > > > > i'm definitely not the right person to ok that > > > > > All the functions triggered by these flags use the rounds variable > > > defined with -a parameter (default 0) > > > > > > > > > I also propose a small wording change, in the sentence: > > > "After a key is generated, instructions below detail [...]" > > > > > > I thought below refered to the list of options after that sentence, > > > but it may be a mistake of mine here. > > > > > > > i wanted to ask about this text too. it's unclear to me. after a key is > > generated, ssh-keygen asks where to save it. i wonder why we use the > > wording "should be placed to be activated"? it seems odd, but maybe > > there's a reason. > > > > jmc > > I don't really understand the whole sentence but I thought it was > due to my english understanding. > > New patch adding [-a rounds] in ssh-keygen usage(). I'm not sure > if the first line of usage() output is ok or too long now. >
morning. it does indeed look horrible, but somehow the page currently has -t in the wrong place, so that may help. i suggest you try to get it like this: ... [-f output_keyfile] [-m format] [-N new_passphrase] [-O option] [-t ...] [-w provider] in the man source, that will mean rearranging -t to list it after -O and before -w. that will format a bit more nicely too. jmc > Index: ssh-keygen.1 > =================================================================== > RCS file: /cvs/src/usr.bin/ssh/ssh-keygen.1,v > retrieving revision 1.203 > diff -u -p -r1.203 ssh-keygen.1 > --- ssh-keygen.1 3 Apr 2020 02:26:56 -0000 1.203 > +++ ssh-keygen.1 13 Jul 2020 20:34:14 -0000 > @@ -44,6 +44,7 @@ > .Sh SYNOPSIS > .Nm ssh-keygen > .Op Fl q > +.Op Fl a Ar rounds > .Op Fl b Ar bits > .Op Fl C Ar comment > .Op Fl f Ar output_keyfile > @@ -54,6 +55,7 @@ > .Op Fl w Ar provider > .Nm ssh-keygen > .Fl p > +.Op Fl a Ar rounds > .Op Fl f Ar keyfile > .Op Fl m Ar format > .Op Fl N Ar new_passphrase > @@ -71,6 +73,7 @@ > .Op Fl f Ar input_keyfile > .Nm ssh-keygen > .Fl c > +.Op Fl a Ar rounds > .Op Fl C Ar comment > .Op Fl f Ar keyfile > .Op Fl P Ar passphrase > @@ -93,6 +96,7 @@ > .Op Fl f Ar known_hosts_file > .Nm ssh-keygen > .Fl K > +.Op Fl a Ar rounds > .Op Fl w Ar provider > .Nm ssh-keygen > .Fl R Ar hostname > @@ -125,6 +129,7 @@ > .Op Fl f Ar input_keyfile > .Nm ssh-keygen > .Fl A > +.Op Fl a Ar rounds > .Op Fl f Ar prefix_path > .Nm ssh-keygen > .Fl k > @@ -248,7 +253,9 @@ keys may be converted using this option > .Fl p > (change passphrase) flag. > .Pp > -After a key is generated, instructions below detail where the keys > +After a key is generated, > +.Nm > +will ask where the keys > should be placed to be activated. > .Pp > The options are as follows: > Index: ssh-keygen.c > =================================================================== > RCS file: /cvs/src/usr.bin/ssh/ssh-keygen.c,v > retrieving revision 1.413 > diff -u -p -r1.413 ssh-keygen.c > --- ssh-keygen.c 26 Jun 2020 05:02:03 -0000 1.413 > +++ ssh-keygen.c 13 Jul 2020 20:34:15 -0000 > @@ -3013,15 +3013,15 @@ static void > usage(void) > { > fprintf(stderr, > - "usage: ssh-keygen [-q] [-b bits] [-C comment] [-f output_keyfile] > [-m format]\n" > + "usage: ssh-keygen [-q] [-a rounds] [-b bits] [-C comment] [-f > output_keyfile] [-m format]\n" > " [-t dsa | ecdsa | ecdsa-sk | ed25519 | > ed25519-sk | rsa]\n" > " [-N new_passphrase] [-O option] [-w provider]\n" > - " ssh-keygen -p [-f keyfile] [-m format] [-N > new_passphrase]\n" > + " ssh-keygen -p [-a rounds] [-f keyfile] [-m format] [-N > new_passphrase]\n" > " [-P old_passphrase]\n" > " ssh-keygen -i [-f input_keyfile] [-m key_format]\n" > " ssh-keygen -e [-f input_keyfile] [-m key_format]\n" > " ssh-keygen -y [-f input_keyfile]\n" > - " ssh-keygen -c [-C comment] [-f keyfile] [-P passphrase]\n" > + " ssh-keygen -c [-a rounds] [-C comment] [-f keyfile] [-P > passphrase]\n" > " ssh-keygen -l [-v] [-E fingerprint_hash] [-f > input_keyfile]\n" > " ssh-keygen -B [-f input_keyfile]\n"); > #ifdef ENABLE_PKCS11 > @@ -3031,7 +3031,7 @@ usage(void) > fprintf(stderr, > " ssh-keygen -F hostname [-lv] [-f known_hosts_file]\n" > " ssh-keygen -H [-f known_hosts_file]\n" > - " ssh-keygen -K [-w provider]\n" > + " ssh-keygen -K [-a rounds] [-w provider]\n" > " ssh-keygen -R hostname [-f known_hosts_file]\n" > " ssh-keygen -r hostname [-g] [-f input_keyfile]\n" > #ifdef WITH_OPENSSL > @@ -3042,7 +3042,7 @@ usage(void) > " [-n principals] [-O option] [-V > validity_interval]\n" > " [-z serial_number] file ...\n" > " ssh-keygen -L [-f input_keyfile]\n" > - " ssh-keygen -A [-f prefix_path]\n" > + " ssh-keygen -A [-a rounds] [-f prefix_path]\n" > " ssh-keygen -k -f krl_file [-u] [-s ca_public] [-z > version_number]\n" > " file ...\n" > " ssh-keygen -Q [-l] -f krl_file [file ...]\n" >