https://bugzilla.mindrot.org/show_bug.cgi?id=3028
Bug ID: 3028 Summary: Discrepancy with URL man pages. Product: Portable OpenSSH Version: 7.4p1 Hardware: ix86 OS: Linux Status: NEW Severity: trivial Priority: P5 Component: ssh-keygen Assignee: unassigned-b...@mindrot.org Reporter: donald.p.richar...@aexp.com For the man pages under the URL, https://man.openbsd.org/ssh-keygen, the option -U states: -U When used in combination with -s, this option indicates that a CA key resides in a ssh-agent(1). See the CERTIFICATES section for more information. Under the CERTIFICATES section, https://man.openbsd.org/ssh-keygen#CERTIFICATES, it states: Similarly, it is possible for the CA key to be hosted in a ssh-agent(1). This is indicated by the -U flag and, again, the CA key must be identified by its public half. $ ssh-keygen -Us ca_key.pub -I key_id user_key.pub In all cases, key_id is a "key identifier" that is logged by the server when the certificate is used for authentication. I have a use case in which having a Certificates Authority's private key loaded in the ssh-agent would be very beneficial (i.e. not having the private key unsecured), and then using it to sign ssh host certificates using "ssh-keygen -Us ca_key.pub -h -I key_id host_key.pub" -- You are receiving this mail because: You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs