On 4 August 2018 at 18:15, Jeremy Evans <[email protected]> wrote:
[...]
> I checked -A and that also respects -o, so I documented that. I'm
> not sure how much it matters as the host keys -A generates are not
> password protected, but maybe there are other reasons to use the
> newer format.
The host keys must be unencrypted if you want sshd to be able to start
at boot time, which most people do.
> I think the documentation for -e should be updated to specify it only
> exports public keys (assuming I'm reading the code correctly), or
> ssh-keygen should be updated to write private keys for the RFC4716
> format if the input file is a private key (since that's what the
> documentation currently implies). But that should probably be a
> separate commit.
I'll check the history but my recollection was that it was supposed to
be able to export private keys as RFC4716 format.
> I also noticed that the -f flag with -A was documented in ssh-keygen(1)
> but not in usage, so I updated usage to match ssh-keygen(1).
>
> OKs for the diff below?
ok dtucker except for:
> +.Op Fl oq
this doesn't look right? -o and -q are distinct orthogonal flags.
[...]
> + "usage: ssh-keygen [-oq] [-a rounds] [-b bits] [-t dsa | ecdsa |
> ed25519 | rsa]\n"
ditto.
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
