On 08/14 04:05, Darren Tucker wrote:
> On 4 August 2018 at 18:15, Jeremy Evans <[email protected]> wrote:
> > I think the documentation for -e should be updated to specify it only
> > exports public keys (assuming I'm reading the code correctly), or
> > ssh-keygen should be updated to write private keys for the RFC4716
> > format if the input file is a private key (since that's what the
> > documentation currently implies). But that should probably be a
> > separate commit.
>
> I'll check the history but my recollection was that it was supposed to
> be able to export private keys as RFC4716 format.
OK.
> > I also noticed that the -f flag with -A was documented in ssh-keygen(1)
> > but not in usage, so I updated usage to match ssh-keygen(1).
> >
> > OKs for the diff below?
After I sent this email, djm@ made changes in ssh-keygen.1 1.148 and
ssh-keygen.c 1.319 to ignore the -o option and make new format
private keys the default, so I think the previous diff to document
-o is no longer useful.
Here's a new diff to document -a, which I think is still useful. OKs?
Index: ssh-keygen.1
===================================================================
RCS file: /cvs/src/usr.bin/ssh/ssh-keygen.1,v
retrieving revision 1.148
diff -u -p -r1.148 ssh-keygen.1
--- ssh-keygen.1 8 Aug 2018 01:16:01 -0000 1.148
+++ ssh-keygen.1 13 Aug 2018 18:29:33 -0000
@@ -45,6 +45,7 @@
.Bk -words
.Nm ssh-keygen
.Op Fl q
+.Op Fl a Ar rounds
.Op Fl b Ar bits
.Op Fl t Cm dsa | ecdsa | ed25519 | rsa
.Op Fl N Ar new_passphrase
@@ -52,6 +53,7 @@
.Op Fl f Ar output_keyfile
.Nm ssh-keygen
.Fl p
+.Op Fl a Ar rounds
.Op Fl P Ar old_passphrase
.Op Fl N Ar new_passphrase
.Op Fl f Ar keyfile
Index: ssh-keygen.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/ssh-keygen.c,v
retrieving revision 1.319
diff -u -p -r1.319 ssh-keygen.c
--- ssh-keygen.c 8 Aug 2018 01:16:01 -0000 1.319
+++ ssh-keygen.c 13 Aug 2018 18:29:34 -0000
@@ -2282,9 +2282,10 @@ static void
usage(void)
{
fprintf(stderr,
- "usage: ssh-keygen [-q] [-b bits] [-t dsa | ecdsa | ed25519 |
rsa]\n"
+ "usage: ssh-keygen [-q] [-a rounds] [-b bits] [-t dsa | ecdsa |
ed25519 | rsa]\n"
" [-N new_passphrase] [-C comment] [-f
output_keyfile]\n"
- " ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f
keyfile]\n"
+ " ssh-keygen -p [-a rounds] [-P old_passphrase] [-N
new_passphrase]\n"
+ " [-f keyfile]\n"
" ssh-keygen -i [-m key_format] [-f input_keyfile]\n"
" ssh-keygen -e [-m key_format] [-f input_keyfile]\n"
" ssh-keygen -y [-f input_keyfile]\n"
> ok dtucker except for:
>
> > +.Op Fl oq
>
> this doesn't look right? -o and -q are distinct orthogonal flags.
>
> [...]
> > + "usage: ssh-keygen [-oq] [-a rounds] [-b bits] [-t dsa | ecdsa
> > | ed25519 | rsa]\n"
>
> ditto.
Are orthogonal flags without arguments not supposed to be combined? It
seems most of our man pages combine orthogonal flags without arguments.
Some examples:
ls [-1AaCcdFfgHhikLlmnopqRrSsTtux] [file ...]
col [-bfhx] [-l num]
ex [-FRrSsv] [-c cmd] [-t tag] [-w size] [file ...]
I'm not an expert on our documentation, but it appears the rule is that
arguments are separated if they accept arguments, and combined if they
do not accept arguments. If that is not accurate, hopefully jmc@ can
correct me.
Thanks,
Jeremy
