diff options
Diffstat (limited to 'templates/man1/ssh-keygen.1.pot')
| -rw-r--r-- | templates/man1/ssh-keygen.1.pot | 2735 |
1 files changed, 2735 insertions, 0 deletions
diff --git a/templates/man1/ssh-keygen.1.pot b/templates/man1/ssh-keygen.1.pot new file mode 100644 index 00000000..fe086639 --- /dev/null +++ b/templates/man1/ssh-keygen.1.pot @@ -0,0 +1,2735 @@ +# SOME DESCRIPTIVE TITLE +# Copyright (C) YEAR Free Software Foundation, Inc. +# This file is distributed under the same license as the PACKAGE package. +# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: PACKAGE VERSION\n" +"POT-Creation-Date: 2024-03-01 17:09+0100\n" +"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" +"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" +"Language-Team: LANGUAGE <LL@li.org>\n" +"Language: \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" + +#. type: Dd +#: archlinux debian-unstable opensuse-tumbleweed +#, no-wrap +msgid "$Mdocdate: September 4 2023 $" +msgstr "" + +#. type: Dt +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "SSH-KEYGEN 1" +msgstr "" + +#. type: Sh +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "NAME" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "E<.Nm ssh-keygen>" +msgstr "" + +#. type: Nd +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "OpenSSH authentication key utility" +msgstr "" + +#. type: Sh +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "SYNOPSIS" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "" +"E<.Nm ssh-keygen> E<.Op Fl q> E<.Op Fl a Ar rounds> E<.Op Fl b Ar bits> E<." +"Op Fl C Ar comment> E<.Op Fl f Ar output_keyfile> E<.Op Fl m Ar format> E<." +"Op Fl N Ar new_passphrase> E<.Op Fl O Ar option> E<.Op Fl t Cm dsa | ecdsa | " +"ecdsa-sk | ed25519 | ed25519-sk | rsa> E<.Op Fl w Ar provider> E<.Op Fl Z Ar " +"cipher> E<.Nm ssh-keygen> E<.Fl p> E<.Op Fl a Ar rounds> E<.Op Fl f Ar " +"keyfile> E<.Op Fl m Ar format> E<.Op Fl N Ar new_passphrase> E<.Op Fl P Ar " +"old_passphrase> E<.Op Fl Z Ar cipher> E<.Nm ssh-keygen> E<.Fl i> E<.Op Fl f " +"Ar input_keyfile> E<.Op Fl m Ar key_format> E<.Nm ssh-keygen> E<.Fl e> E<.Op " +"Fl f Ar input_keyfile> E<.Op Fl m Ar key_format> E<.Nm ssh-keygen> E<.Fl y> " +"E<.Op Fl f Ar input_keyfile> E<.Nm ssh-keygen> E<.Fl c> E<.Op Fl a Ar " +"rounds> E<.Op Fl C Ar comment> E<.Op Fl f Ar keyfile> E<.Op Fl P Ar " +"passphrase> E<.Nm ssh-keygen> E<.Fl l> E<.Op Fl v> E<.Op Fl E Ar " +"fingerprint_hash> E<.Op Fl f Ar input_keyfile> E<.Nm ssh-keygen> E<.Fl B> E<." +"Op Fl f Ar input_keyfile> E<.Nm ssh-keygen> E<.Fl D Ar pkcs11> E<.Nm ssh-" +"keygen> E<.Fl F Ar hostname> E<.Op Fl lv> E<.Op Fl f Ar known_hosts_file> E<." +"Nm ssh-keygen> E<.Fl H> E<.Op Fl f Ar known_hosts_file> E<.Nm ssh-keygen> E<." +"Fl K> E<.Op Fl a Ar rounds> E<.Op Fl w Ar provider> E<.Nm ssh-keygen> E<.Fl " +"R Ar hostname> E<.Op Fl f Ar known_hosts_file> E<.Nm ssh-keygen> E<.Fl r Ar " +"hostname> E<.Op Fl g> E<.Op Fl f Ar input_keyfile> E<.Nm ssh-keygen> E<.Fl M " +"Cm generate> E<.Op Fl O Ar option> E<.Ar output_file> E<.Nm ssh-keygen> E<." +"Fl M Cm screen> E<.Op Fl f Ar input_file> E<.Op Fl O Ar option> E<.Ar " +"output_file> E<.Nm ssh-keygen> E<.Fl I Ar certificate_identity> E<.Fl s Ar " +"ca_key> E<.Op Fl hU> E<.Op Fl D Ar pkcs11_provider> E<.Op Fl n Ar " +"principals> E<.Op Fl O Ar option> E<.Op Fl V Ar validity_interval> E<.Op Fl " +"z Ar serial_number> E<.Ar> E<.Nm ssh-keygen> E<.Fl L> E<.Op Fl f Ar " +"input_keyfile> E<.Nm ssh-keygen> E<.Fl A> E<.Op Fl a Ar rounds> E<.Op Fl f " +"Ar prefix_path> E<.Nm ssh-keygen> E<.Fl k> E<.Fl f Ar krl_file> E<.Op Fl u> " +"E<.Op Fl s Ar ca_public> E<.Op Fl z Ar version_number> E<.Ar> E<.Nm ssh-" +"keygen> E<.Fl Q> E<.Op Fl l> E<.Fl f Ar krl_file> E<.Ar> E<.Nm ssh-keygen> " +"E<.Fl Y Cm find-principals> E<.Op Fl O Ar option> E<.Fl s Ar signature_file> " +"E<.Fl f Ar allowed_signers_file> E<.Nm ssh-keygen> E<.Fl Y Cm match-" +"principals> E<.Fl I Ar signer_identity> E<.Fl f Ar allowed_signers_file> E<." +"Nm ssh-keygen> E<.Fl Y Cm check-novalidate> E<.Op Fl O Ar option> E<.Fl n Ar " +"namespace> E<.Fl s Ar signature_file> E<.Nm ssh-keygen> E<.Fl Y Cm sign> E<." +"Op Fl O Ar option> E<.Fl f Ar key_file> E<.Fl n Ar namespace> E<.Ar> E<.Nm " +"ssh-keygen> E<.Fl Y Cm verify> E<.Op Fl O Ar option> E<.Fl f Ar " +"allowed_signers_file> E<.Fl I Ar signer_identity> E<.Fl n Ar namespace> E<." +"Fl s Ar signature_file> E<.Op Fl r Ar revocation_file>" +msgstr "" + +#. type: Sh +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "DESCRIPTION" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"E<.Nm> generates, manages and converts authentication keys for E<.Xr ssh " +"1>. E<.Nm> can create keys for use by SSH protocol version 2." +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable opensuse-tumbleweed +msgid "" +"The type of key to be generated is specified with the E<.Fl t> option. If " +"invoked without any arguments, E<.Nm> will generate an Ed25519 key." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"E<.Nm> is also used to generate groups for use in Diffie-Hellman group " +"exchange (DH-GEX). See the E<.Sx MODULI GENERATION> section for details." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Finally, E<.Nm> can be used to generate and update Key Revocation Lists, and " +"to test whether given keys have been revoked by one. See the E<.Sx KEY " +"REVOCATION LISTS> section for details." +msgstr "" + +#. type: Plain text +#: archlinux opensuse-leap-15-6 opensuse-tumbleweed +msgid "" +"Normally each user wishing to use SSH with public key authentication runs " +"this once to create the authentication key in E<.Pa ~/.ssh/id_dsa>, E<.Pa ~/." +"ssh/id_ecdsa>, E<.Pa ~/.ssh/id_ecdsa_sk>, E<.Pa ~/.ssh/id_ed25519>, E<.Pa ~/." +"ssh/id_ed25519_sk> or E<.Pa ~/.ssh/id_rsa>. Additionally, the system " +"administrator may use this to generate host keys, as seen in E<.Pa /etc/rc>." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Normally this program generates the key and asks for a file in which to " +"store the private key. The public key is stored in a file with the same " +"name but E<.Dq .pub> appended. The program also asks for a passphrase. The " +"passphrase may be empty to indicate no passphrase (host keys must have an " +"empty passphrase), or it may be a string of arbitrary length. A passphrase " +"is similar to a password, except it can be a phrase with a series of words, " +"punctuation, numbers, whitespace, or any string of characters you want. " +"Good passphrases are 10-30 characters long, are not simple sentences or " +"otherwise easily guessable (English prose has only 1-2 bits of entropy per " +"character, and provides very bad passphrases), and contain a mix of upper " +"and lowercase letters, numbers, and non-alphanumeric characters. The " +"passphrase can be changed later by using the E<.Fl p> option." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"There is no way to recover a lost passphrase. If the passphrase is lost or " +"forgotten, a new key must be generated and the corresponding public key " +"copied to other machines." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"E<.Nm> will by default write keys in an OpenSSH-specific format. This " +"format is preferred as it offers better protection for keys at rest as well " +"as allowing storage of key comments within the private key file itself. The " +"key comment may be useful to help identify the key. The comment is " +"initialized to E<.Dq user@host> when the key is created, but can be changed " +"using the E<.Fl c> option." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"It is still possible for E<.Nm> to write the previously-used PEM format " +"private keys using the E<.Fl m> flag. This may be used when generating new " +"keys, and existing new-format keys may be converted using this option in " +"conjunction with the E<.Fl p> (change passphrase) flag." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"After a key is generated, E<.Nm> will ask where the keys should be placed to " +"be activated." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "The options are as follows:" +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Fl A" +msgstr "" + +#. type: Plain text +#: archlinux opensuse-tumbleweed +msgid "" +"Generate host keys of all default key types (rsa, ecdsa, and ed25519) if " +"they do not already exist. The host keys are generated with the default key " +"file path, an empty passphrase, default bits for the key type, and default " +"comment. If E<.Fl f> has also been specified, its argument is used as a " +"prefix to the default path for the resulting host key files. This is used " +"by E<.Pa /etc/rc> to generate new host keys." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Fl a Ar rounds" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "" +"When saving a private key, this option specifies the number of KDF (key " +"derivation function, currently E<.Xr bcrypt_pbkdf 3>) rounds used. Higher " +"numbers result in slower passphrase verification and increased resistance to " +"brute-force password cracking (should the keys be stolen). The default is " +"16 rounds." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Fl B" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "Show the bubblebabble digest of specified private or public key file." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Fl b Ar bits" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Specifies the number of bits in the key to create. For RSA keys, the " +"minimum size is 1024 bits and the default is 3072 bits. Generally, 3072 " +"bits is considered sufficient. DSA keys must be exactly 1024 bits as " +"specified by FIPS 186-2. For ECDSA keys, the E<.Fl b> flag determines the " +"key length by selecting from one of three elliptic curve sizes: 256, 384 or " +"521 bits. Attempting to use bit lengths other than these three values for " +"ECDSA keys will fail. ECDSA-SK, Ed25519 and Ed25519-SK keys have a fixed " +"length and the E<.Fl b> flag will be ignored." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Fl C Ar comment" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "Provides a new comment." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Fl c" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Requests changing the comment in the private and public key files. The " +"program will prompt for the file containing the private keys, for the " +"passphrase if the key has one, and for the new comment." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Fl D Ar pkcs11" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Download the public keys provided by the PKCS#11 shared library E<.Ar " +"pkcs11>. When used in combination with E<.Fl s>, this option indicates that " +"a CA key resides in a PKCS#11 token (see the E<.Sx CERTIFICATES> section for " +"details)." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Fl E Ar fingerprint_hash" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Specifies the hash algorithm used when displaying key fingerprints. Valid " +"options are: E<.Dq md5> and E<.Dq sha256>. The default is E<.Dq sha256>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Fl e" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"This option will read a private or public OpenSSH key file and print to " +"stdout a public key in one of the formats specified by the E<.Fl m> option. " +"The default export format is E<.Dq RFC4716>. This option allows exporting " +"OpenSSH keys for use by other programs, including several commercial SSH " +"implementations." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Fl F Ar hostname | [hostname]:port" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Search for the specified E<.Ar hostname> (with optional port number) in a " +"E<.Pa known_hosts> file, listing any occurrences found. This option is " +"useful to find hashed host names or addresses and may also be used in " +"conjunction with the E<.Fl H> option to print found keys in a hashed format." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Fl f Ar filename" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "Specifies the filename of the key file." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Fl g" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Use generic DNS format when printing fingerprint resource records using the " +"E<.Fl r> command." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Fl H" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Hash a E<.Pa known_hosts> file. This replaces all hostnames and addresses " +"with hashed representations within the specified file; the original content " +"is moved to a file with a .old suffix. These hashes may be used normally by " +"E<.Nm ssh> and E<.Nm sshd>, but they do not reveal identifying information " +"should the file's contents be disclosed. This option will not modify " +"existing hashed hostnames and is therefore safe to use on files that mix " +"hashed and non-hashed names." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Fl h" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "" +"When signing a key, create a host certificate instead of a user " +"certificate. See the E<.Sx CERTIFICATES> section for details." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Fl I Ar certificate_identity" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "" +"Specify the key identity when signing a public key. See the E<.Sx " +"CERTIFICATES> section for details." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Fl i" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"This option will read an unencrypted private (or public) key file in the " +"format specified by the E<.Fl m> option and print an OpenSSH compatible " +"private (or public) key to stdout. This option allows importing keys from " +"other software, including several commercial SSH implementations. The " +"default import format is E<.Dq RFC4716>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Fl K" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "" +"Download resident keys from a FIDO authenticator. Public and private key " +"files will be written to the current directory for each downloaded key. If " +"multiple FIDO authenticators are attached, keys will be downloaded from the " +"first touched authenticator. See the E<.Sx FIDO AUTHENTICATOR> section for " +"more information." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Fl k" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Generate a KRL file. In this mode, E<.Nm> will generate a KRL file at the " +"location specified via the E<.Fl f> flag that revokes every key or " +"certificate presented on the command line. Keys/certificates to be revoked " +"may be specified by public key file or using the format described in the E<." +"Sx KEY REVOCATION LISTS> section." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Fl L" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "Prints the contents of one or more certificates." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Fl l" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Show fingerprint of specified public key file. For RSA and DSA keys E<.Nm> " +"tries to find the matching public key file and prints its fingerprint. If " +"combined with E<.Fl v>, a visual ASCII art representation of the key is " +"supplied with the fingerprint." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Fl M Cm generate" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Generate candidate Diffie-Hellman Group Exchange (DH-GEX) parameters for " +"eventual use by the E<.Sq diffie-hellman-group-exchange-*> key exchange " +"methods. The numbers generated by this operation must be further screened " +"before use. See the E<.Sx MODULI GENERATION> section for more information." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Fl M Cm screen" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Screen candidate parameters for Diffie-Hellman Group Exchange. This will " +"accept a list of candidate numbers and test that they are safe (Sophie " +"Germain) primes with acceptable group generators. The results of this " +"operation may be added to the E<.Pa /etc/ssh/moduli> file. See the E<.Sx " +"MODULI GENERATION> section for more information." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Fl m Ar key_format" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Specify a key format for key generation, the E<.Fl i> (import), E<.Fl e> " +"(export) conversion options, and the E<.Fl p> change passphrase operation. " +"The latter may be used to convert between OpenSSH private key and PEM " +"private key formats. The supported key formats are: E<.Dq RFC4716> (RFC " +"4716/SSH2 public or private key), E<.Dq PKCS8> (PKCS8 public or private " +"key) or E<.Dq PEM> (PEM public key). By default OpenSSH will write newly-" +"generated private keys in its own format, but when converting public keys " +"for export the default format is E<.Dq RFC4716>. Setting a format of E<.Dq " +"PEM> when generating or updating a supported private key type will cause the " +"key to be stored in the legacy PEM private key format." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Fl N Ar new_passphrase" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "Provides the new passphrase." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Fl n Ar principals" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "" +"Specify one or more principals (user or host names) to be included in a " +"certificate when signing a key. Multiple principals may be specified, " +"separated by commas. See the E<.Sx CERTIFICATES> section for details." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Fl O Ar option" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Specify a key/value option. These are specific to the operation that E<.Nm> " +"has been requested to perform." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"When signing certificates, one of the options listed in the E<.Sx " +"CERTIFICATES> section may be specified here." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"When performing moduli generation or screening, one of the options listed in " +"the E<.Sx MODULI GENERATION> section may be specified." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "" +"When generating FIDO authenticator-backed keys, the options listed in the E<." +"Sx FIDO AUTHENTICATOR> section may be specified." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "" +"When performing signature-related options using the E<.Fl Y> flag, the " +"following options are accepted:" +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +#, no-wrap +msgid "Cm hashalg Ns = Ns Ar algorithm" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "" +"Selects the hash algorithm to use for hashing the message to be signed. " +"Valid algorithms are E<.Dq sha256> and E<.Dq sha512.> The default is E<.Dq " +"sha512.>" +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +#, no-wrap +msgid "Cm print-pubkey" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "" +"Print the full public key to standard output after signature verification." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +#, no-wrap +msgid "Cm verify-time Ns = Ns Ar timestamp" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "" +"Specifies a time to use when validating signatures instead of the current " +"time. The time may be specified as a date or time in the YYYYMMDD[Z] or in " +"YYYYMMDDHHMM[SS][Z] formats. Dates and times will be interpreted in the " +"current system time zone unless suffixed with a Z character, which causes " +"them to be interpreted in the UTC time zone." +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable opensuse-tumbleweed +msgid "" +"When generating SSHFP DNS records from public keys using the E<.Fl r> flag, " +"the following options are accepted:" +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable opensuse-tumbleweed +msgid "" +"Selects a hash algorithm to use when printing SSHFP records using the E<.Fl " +"D> flag. Valid algorithms are E<.Dq sha1> and E<.Dq sha256>. The default " +"is to print both." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "The E<.Fl O> option may be specified multiple times." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Fl P Ar passphrase" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "Provides the (old) passphrase." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Fl p" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Requests changing the passphrase of a private key file instead of creating a " +"new private key. The program will prompt for the file containing the " +"private key, for the old passphrase, and twice for the new passphrase." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Fl Q" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Test whether keys have been revoked in a KRL. If the E<.Fl l> option is " +"also specified then the contents of the KRL will be printed." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Fl q" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "Silence E<.Nm ssh-keygen>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Fl R Ar hostname | [hostname]:port" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Removes all keys belonging to the specified E<.Ar hostname> (with optional " +"port number) from a E<.Pa known_hosts> file. This option is useful to " +"delete hashed hosts (see the E<.Fl H> option above)." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Fl r Ar hostname" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Print the SSHFP fingerprint resource record named E<.Ar hostname> for the " +"specified public key file." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Fl s Ar ca_key" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "" +"Certify (sign) a public key using the specified CA key. See the E<.Sx " +"CERTIFICATES> section for details." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"When generating a KRL, E<.Fl s> specifies a path to a CA public key file " +"used to revoke certificates directly by key ID or serial number. See the E<." +"Sx KEY REVOCATION LISTS> section for details." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Fl t Cm dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Specifies the type of key to create. The possible values are E<.Dq dsa>, E<." +"Dq ecdsa>, E<.Dq ecdsa-sk>, E<.Dq ed25519>, E<.Dq ed25519-sk>, or E<.Dq rsa>." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"This flag may also be used to specify the desired signature type when " +"signing certificates using an RSA CA key. The available RSA signature " +"variants are E<.Dq ssh-rsa> (SHA1 signatures, not recommended), E<.Dq rsa-" +"sha2-256>, and E<.Dq rsa-sha2-512> (the default)." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Fl U" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "" +"When used in combination with E<.Fl s> or E<.Fl Y Cm sign>, this option " +"indicates that a CA key resides in a E<.Xr ssh-agent 1>. See the E<.Sx " +"CERTIFICATES> section for more information." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Fl u" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Update a KRL. When specified with E<.Fl k>, keys listed via the command " +"line are added to the existing KRL rather than a new KRL being created." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Fl V Ar validity_interval" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Specify a validity interval when signing a certificate. A validity interval " +"may consist of a single time, indicating that the certificate is valid " +"beginning now and expiring at that time, or may consist of two times " +"separated by a colon to indicate an explicit time interval." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "The start time may be specified as:" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "" +"The string E<.Dq always> to indicate the certificate has no specified start " +"time." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "" +"A date or time in the system time zone formatted as YYYYMMDD or " +"YYYYMMDDHHMM[SS]." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "A date or time in the UTC time zone as YYYYMMDDZ or YYYYMMDDHHMM[SS]Z." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "" +"A relative time before the current system time consisting of a minus sign " +"followed by an interval in the format described in the TIME FORMATS section " +"of E<.Xr sshd_config 5>." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "" +"A raw seconds since epoch (Jan 1 1970 00:00:00 UTC) as a hexadecimal number " +"beginning with E<.Dq 0x>." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "The end time may be specified similarly to the start time:" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "" +"The string E<.Dq forever> to indicate the certificate has no specified end " +"time." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "" +"A relative time after the current system time consisting of a plus sign " +"followed by an interval in the format described in the TIME FORMATS section " +"of E<.Xr sshd_config 5>." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "For example:" +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +#, no-wrap +msgid "+52w1d" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "Valid from now to 52 weeks and one day from now." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +#, no-wrap +msgid "-4w:+4w" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "Valid from four weeks ago to four weeks from now." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +#, no-wrap +msgid "20100101123000:20110101123000" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "Valid from 12:30 PM, January 1st, 2010 to 12:30 PM, January 1st, 2011." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +#, no-wrap +msgid "20100101123000Z:20110101123000Z" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "" +"Similar, but interpreted in the UTC time zone rather than the system time " +"zone." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +#, no-wrap +msgid "-1d:20110101" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "Valid from yesterday to midnight, January 1st, 2011." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +#, no-wrap +msgid "0x1:0x2000000000" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "Valid from roughly early 1970 to May 2033." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +#, no-wrap +msgid "-1m:forever" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "Valid from one minute ago and never expiring." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Fl v" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Verbose mode. Causes E<.Nm> to print debugging messages about its " +"progress. This is helpful for debugging moduli generation. Multiple E<.Fl " +"v> options increase the verbosity. The maximum is 3." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Fl w Ar provider" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Specifies a path to a library that will be used when creating FIDO " +"authenticator-hosted keys, overriding the default of using the internal USB " +"HID support." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Fl Y Cm find-principals" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Find the principal(s) associated with the public key of a signature, " +"provided using the E<.Fl s> flag in an authorized signers file provided " +"using the E<.Fl f> flag. The format of the allowed signers file is " +"documented in the E<.Sx ALLOWED SIGNERS> section below. If one or more " +"matching principals are found, they are returned on standard output." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +#, no-wrap +msgid "Fl Y Cm match-principals" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "" +"Find principal matching the principal name provided using the E<.Fl I> flag " +"in the authorized signers file specified using the E<.Fl f> flag. If one or " +"more matching principals are found, they are returned on standard output." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Fl Y Cm check-novalidate" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Checks that a signature generated using E<.Nm> E<.Fl Y Cm sign> has a valid " +"structure. This does not validate if a signature comes from an authorized " +"signer. When testing a signature, E<.Nm> accepts a message on standard " +"input and a signature namespace using E<.Fl n>. A file containing the " +"corresponding signature must also be supplied using the E<.Fl s> flag. " +"Successful testing of the signature is signalled by E<.Nm> returning a zero " +"exit status." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Fl Y Cm sign" +msgstr "" + +#. type: Plain text +#: archlinux debian-unstable opensuse-tumbleweed +msgid "" +"Cryptographically sign a file or some data using an SSH key. When signing, " +"E<.Nm> accepts zero or more files to sign on the command-line - if no files " +"are specified then E<.Nm> will sign data presented on standard input. " +"Signatures are written to the path of the input file with E<.Dq .sig> " +"appended, or to standard output if the message to be signed was read from " +"standard input." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"The key used for signing is specified using the E<.Fl f> option and may " +"refer to either a private key, or a public key with the private half " +"available via E<.Xr ssh-agent 1>. An additional signature namespace, used " +"to prevent signature confusion across different domains of use (e.g. file " +"signing vs email signing) must be provided via the E<.Fl n> flag. " +"Namespaces are arbitrary strings, and may include: E<.Dq file> for file " +"signing, E<.Dq email> for email signing. For custom uses, it is recommended " +"to use names following a NAMESPACE@YOUR.DOMAIN pattern to generate " +"unambiguous namespaces." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Fl Y Cm verify" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Request to verify a signature generated using E<.Nm> E<.Fl Y Cm sign> as " +"described above. When verifying a signature, E<.Nm> accepts a message on " +"standard input and a signature namespace using E<.Fl n>. A file containing " +"the corresponding signature must also be supplied using the E<.Fl s> flag, " +"along with the identity of the signer using E<.Fl I> and a list of allowed " +"signers via the E<.Fl f> flag. The format of the allowed signers file is " +"documented in the E<.Sx ALLOWED SIGNERS> section below. A file containing " +"revoked keys can be passed using the E<.Fl r> flag. The revocation file may " +"be a KRL or a one-per-line list of public keys. Successful verification by " +"an authorized signer is signalled by E<.Nm> returning a zero exit status." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Fl y" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"This option will read a private OpenSSH format file and print an OpenSSH " +"public key to stdout." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +#, no-wrap +msgid "Fl Z Ar cipher" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "" +"Specifies the cipher to use for encryption when writing an OpenSSH-format " +"private key file. The list of available ciphers may be obtained using E<.Qq " +"ssh -Q cipher>. The default is E<.Dq aes256-ctr>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Fl z Ar serial_number" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Specifies a serial number to be embedded in the certificate to distinguish " +"this certificate from others from the same CA. If the E<.Ar serial_number> " +"is prefixed with a E<.Sq +> character, then the serial number will be " +"incremented for each certificate signed on a single command-line. The " +"default serial number is zero." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"When generating a KRL, the E<.Fl z> flag is used to specify a KRL version " +"number." +msgstr "" + +#. type: Sh +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "MODULI GENERATION" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"E<.Nm> may be used to generate groups for the Diffie-Hellman Group Exchange " +"(DH-GEX) protocol. Generating these groups is a two-step process: first, " +"candidate primes are generated using a fast, but memory intensive process. " +"These candidate primes are then tested for suitability (a CPU-intensive " +"process)." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Generation of primes is performed using the E<.Fl M Cm generate> option. " +"The desired length of the primes may be specified by the E<.Fl O Cm bits> " +"option. For example:" +msgstr "" + +#. type: Dl +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "# ssh-keygen -M generate -O bits=2048 moduli-2048.candidates" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"By default, the search for primes begins at a random point in the desired " +"length range. This may be overridden using the E<.Fl O Cm start> option, " +"which specifies a different start point (in hex)." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Once a set of candidates have been generated, they must be screened for " +"suitability. This may be performed using the E<.Fl M Cm screen> option. In " +"this mode E<.Nm> will read candidates from standard input (or a file " +"specified using the E<.Fl f> option). For example:" +msgstr "" + +#. type: Dl +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "# ssh-keygen -M screen -f moduli-2048.candidates moduli-2048" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"By default, each candidate will be subjected to 100 primality tests. This " +"may be overridden using the E<.Fl O Cm prime-tests> option. The DH " +"generator value will be chosen automatically for the prime under " +"consideration. If a specific generator is desired, it may be requested " +"using the E<.Fl O Cm generator> option. Valid generator values are 2, 3, " +"and 5." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "" +"Screened DH groups may be installed in E<.Pa /etc/ssh/moduli>. It is " +"important that this file contains moduli of a range of bit lengths." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"A number of options are available for moduli generation and screening via " +"the E<.Fl O> flag:" +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Ic lines Ns = Ns Ar number" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Exit after screening the specified number of lines while performing DH " +"candidate screening." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Ic start-line Ns = Ns Ar line-number" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Start screening at the specified line number while performing DH candidate " +"screening." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Ic checkpoint Ns = Ns Ar filename" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Write the last line processed to the specified file while performing DH " +"candidate screening. This will be used to skip lines in the input file that " +"have already been processed if the job is restarted." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Ic memory Ns = Ns Ar mbytes" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Specify the amount of memory to use (in megabytes) when generating candidate " +"moduli for DH-GEX." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Ic start Ns = Ns Ar hex-value" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Specify start point (in hex) when generating candidate moduli for DH-GEX." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Ic generator Ns = Ns Ar value" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Specify desired generator (in decimal) when testing candidate moduli for DH-" +"GEX." +msgstr "" + +#. type: Sh +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "CERTIFICATES" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"E<.Nm> supports signing of keys to produce certificates that may be used for " +"user or host authentication. Certificates consist of a public key, some " +"identity information, zero or more principal (user or host) names and a set " +"of options that are signed by a Certification Authority (CA) key. Clients " +"or servers may then trust only the CA key and verify its signature on a " +"certificate rather than trusting many user/host keys. Note that OpenSSH " +"certificates are a different, and much simpler, format to the X.509 " +"certificates used in E<.Xr ssl 8>." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"E<.Nm> supports two types of certificates: user and host. User certificates " +"authenticate users to servers, whereas host certificates authenticate server " +"hosts to users. To generate a user certificate:" +msgstr "" + +#. type: Dl +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "$ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"The resultant certificate will be placed in E<.Pa /path/to/user_key-cert." +"pub>. A host certificate requires the E<.Fl h> option:" +msgstr "" + +#. type: Dl +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "$ ssh-keygen -s /path/to/ca_key -I key_id -h /path/to/host_key.pub" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"The host certificate will be output to E<.Pa /path/to/host_key-cert.pub>." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"It is possible to sign using a CA key stored in a PKCS#11 token by providing " +"the token library using E<.Fl D> and identifying the CA key by providing its " +"public half as an argument to E<.Fl s>:" +msgstr "" + +#. type: Dl +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "$ ssh-keygen -s ca_key.pub -D libpkcs11.so -I key_id user_key.pub" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Similarly, it is possible for the CA key to be hosted in a E<.Xr ssh-agent " +"1>. This is indicated by the E<.Fl U> flag and, again, the CA key must be " +"identified by its public half." +msgstr "" + +#. type: Dl +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "$ ssh-keygen -Us ca_key.pub -I key_id user_key.pub" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"In all cases, E<.Ar key_id> is a \"key identifier\" that is logged by the " +"server when the certificate is used for authentication." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Certificates may be limited to be valid for a set of principal (user/host) " +"names. By default, generated certificates are valid for all users or " +"hosts. To generate a certificate for a specified set of principals:" +msgstr "" + +#. type: Dl +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "$ ssh-keygen -s ca_key -I key_id -n user1,user2 user_key.pub" +msgstr "" + +#. type: Dl +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "$ ssh-keygen -s ca_key -I key_id -h -n host.domain host_key.pub" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Additional limitations on the validity and use of user certificates may be " +"specified through certificate options. A certificate option may disable " +"features of the SSH session, may be valid only when presented from " +"particular source addresses or may force the use of a specific command." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "The options that are valid for user certificates are:" +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Ic clear" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Clear all enabled permissions. This is useful for clearing the default set " +"of permissions so permissions may be added individually." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Ic critical : Ns Ar name Ns Op Ns = Ns Ar contents" +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Ic extension : Ns Ar name Ns Op Ns = Ns Ar contents" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Includes an arbitrary certificate critical option or extension. The " +"specified E<.Ar name> should include a domain suffix, e.g.\\& E<.Dq " +"name@example.com>. If E<.Ar contents> is specified then it is included as " +"the contents of the extension/option encoded as a string, otherwise the " +"extension/option is created with no contents (usually indicating a flag). " +"Extensions may be ignored by a client or server that does not recognise " +"them, whereas unknown critical options will cause the certificate to be " +"refused." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Ic force-command Ns = Ns Ar command" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Forces the execution of E<.Ar command> instead of any shell or command " +"specified by the user when the certificate is used for authentication." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Ic no-agent-forwarding" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "Disable E<.Xr ssh-agent 1> forwarding (permitted by default)." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Ic no-port-forwarding" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "Disable port forwarding (permitted by default)." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Ic no-pty" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "Disable PTY allocation (permitted by default)." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Ic no-user-rc" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Disable execution of E<.Pa ~/.ssh/rc> by E<.Xr sshd 8> (permitted by " +"default)." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Ic no-x11-forwarding" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "Disable X11 forwarding (permitted by default)." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Ic permit-agent-forwarding" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "Allows E<.Xr ssh-agent 1> forwarding." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Ic permit-port-forwarding" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "Allows port forwarding." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Ic permit-pty" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "Allows PTY allocation." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Ic permit-user-rc" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "Allows execution of E<.Pa ~/.ssh/rc> by E<.Xr sshd 8>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Ic permit-X11-forwarding" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "Allows X11 forwarding." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Ic no-touch-required" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Do not require signatures made using this key include demonstration of user " +"presence (e.g. by having the user touch the authenticator). This option " +"only makes sense for the FIDO authenticator algorithms E<.Cm ecdsa-sk> and " +"E<.Cm ed25519-sk>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Ic source-address Ns = Ns Ar address_list" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Restrict the source addresses from which the certificate is considered " +"valid. The E<.Ar address_list> is a comma-separated list of one or more " +"address/netmask pairs in CIDR format." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Ic verify-required" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Require signatures made using this key indicate that the user was first " +"verified. This option only makes sense for the FIDO authenticator " +"algorithms E<.Cm ecdsa-sk> and E<.Cm ed25519-sk>. Currently PIN " +"authentication is the only supported verification method, but other methods " +"may be supported in the future." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "At present, no standard options are valid for host keys." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "" +"Finally, certificates may be defined with a validity lifetime. The E<.Fl V> " +"option allows specification of certificate start and end times. A " +"certificate that is presented at a time outside this range will not be " +"considered valid. By default, certificates are valid from the E<.Ux> Epoch " +"to the distant future." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "" +"For certificates to be used for user or host authentication, the CA public " +"key must be trusted by E<.Xr sshd 8> or E<.Xr ssh 1>. Refer to those manual " +"pages for details." +msgstr "" + +#. type: Sh +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +#, no-wrap +msgid "FIDO AUTHENTICATOR" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "" +"E<.Nm> is able to generate FIDO authenticator-backed keys, after which they " +"may be used much like any other key type supported by OpenSSH, so long as " +"the hardware authenticator is attached when the keys are used. FIDO " +"authenticators generally require the user to explicitly authorise operations " +"by touching or tapping them. FIDO keys consist of two parts: a key handle " +"part stored in the private key file on disk, and a per-device private key " +"that is unique to each FIDO authenticator and that cannot be exported from " +"the authenticator hardware. These are combined by the hardware at " +"authentication time to derive the real key that is used to sign " +"authentication challenges. Supported key types are E<.Cm ecdsa-sk> and E<." +"Cm ed25519-sk>." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "The options that are valid for FIDO keys are:" +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Cm application" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Override the default FIDO application/origin string of E<.Dq ssh:>. This " +"may be useful when generating host or domain-specific resident keys. The " +"specified application string must begin with E<.Dq ssh:>." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Cm challenge Ns = Ns Ar path" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "" +"Specifies a path to a challenge string that will be passed to the FIDO " +"authenticator during key generation. The challenge string may be used as " +"part of an out-of-band protocol for key enrollment (a random challenge is " +"used by default)." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Cm device" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "" +"Explicitly specify a E<.Xr fido 4> device to use, rather than letting the " +"authenticator middleware select one." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Cm no-touch-required" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Indicate that the generated private key should not require touch events " +"(user presence) when making signatures. Note that E<.Xr sshd 8> will refuse " +"such signatures by default, unless overridden via an authorized_keys option." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Cm resident" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "" +"Indicate that the key handle should be stored on the FIDO authenticator " +"itself. This makes it easier to use the authenticator on multiple " +"computers. Resident keys may be supported on FIDO2 authenticators and " +"typically require that a PIN be set on the authenticator prior to " +"generation. Resident keys may be loaded off the authenticator using E<.Xr " +"ssh-add 1>. Storing both parts of a key on a FIDO authenticator increases " +"the likelihood of an attacker being able to use a stolen authenticator " +"device." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Cm user" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"A username to be associated with a resident key, overriding the empty " +"default username. Specifying a username may be useful when generating " +"multiple resident keys for the same application name." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Cm verify-required" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "" +"Indicate that this private key should require user verification for each " +"signature. Not all FIDO authenticators support this option. Currently PIN " +"authentication is the only supported verification method, but other methods " +"may be supported in the future." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Cm write-attestation Ns = Ns Ar path" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "" +"May be used at key generation time to record the attestation data returned " +"from FIDO authenticators during key generation. This information is " +"potentially sensitive. By default, this information is discarded." +msgstr "" + +#. type: Sh +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "KEY REVOCATION LISTS" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"E<.Nm> is able to manage OpenSSH format Key Revocation Lists (KRLs). These " +"binary files specify keys or certificates to be revoked using a compact " +"format, taking as little as one bit per certificate if they are being " +"revoked by serial number." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"KRLs may be generated using the E<.Fl k> flag. This option reads one or " +"more files from the command line and generates a new KRL. The files may " +"either contain a KRL specification (see below) or public keys, listed one " +"per line. Plain public keys are revoked by listing their hash or contents " +"in the KRL and certificates revoked by serial number or key ID (if the " +"serial is zero or not available)." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Revoking keys using a KRL specification offers explicit control over the " +"types of record used to revoke keys and may be used to directly revoke " +"certificates by serial number or key ID without having the complete original " +"certificate on hand. A KRL specification consists of lines containing one " +"of the following directives followed by a colon and some directive-specific " +"information." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Cm serial : Ar serial_number Ns Op - Ns Ar serial_number" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Revokes a certificate with the specified serial number. Serial numbers are " +"64-bit values, not including zero and may be expressed in decimal, hex or " +"octal. If two serial numbers are specified separated by a hyphen, then the " +"range of serial numbers including and between each is revoked. The CA key " +"must have been specified on the E<.Nm> command line using the E<.Fl s> " +"option." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Cm id : Ar key_id" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Revokes a certificate with the specified key ID string. The CA key must " +"have been specified on the E<.Nm> command line using the E<.Fl s> option." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Cm key : Ar public_key" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Revokes the specified key. If a certificate is listed, then it is revoked " +"as a plain public key." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Cm sha1 : Ar public_key" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "Revokes the specified key by including its SHA1 hash in the KRL." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Cm sha256 : Ar public_key" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Revokes the specified key by including its SHA256 hash in the KRL. KRLs " +"that revoke keys by SHA256 hash are not supported by OpenSSH versions prior " +"to 7.9." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Cm hash : Ar fingerprint" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Revokes a key using a fingerprint hash, as obtained from a E<.Xr sshd 8> " +"authentication log message or the E<.Nm> E<.Fl l> flag. Only SHA256 " +"fingerprints are supported here and resultant KRLs are not supported by " +"OpenSSH versions prior to 7.9." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"KRLs may be updated using the E<.Fl u> flag in addition to E<.Fl k>. When " +"this option is specified, keys listed via the command line are merged into " +"the KRL, adding to those already there." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"It is also possible, given a KRL, to test whether it revokes a particular " +"key (or keys). The E<.Fl Q> flag will query an existing KRL, testing each " +"key specified on the command line. If any key listed on the command line " +"has been revoked (or an error encountered) then E<.Nm> will exit with a non-" +"zero exit status. A zero exit status will only be returned if no key was " +"revoked." +msgstr "" + +#. type: Sh +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "ALLOWED SIGNERS" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"When verifying signatures, E<.Nm> uses a simple list of identities and keys " +"to determine whether a signature comes from an authorized source. This " +"\"allowed signers\" file uses a format patterned after the AUTHORIZED_KEYS " +"FILE FORMAT described in E<.Xr sshd 8>. Each line of the file contains the " +"following space-separated fields: principals, options, keytype, base64-" +"encoded key. Empty lines and lines starting with a E<.Ql #> are ignored as " +"comments." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "" +"The principals field is a pattern-list (see PATTERNS in E<.Xr ssh_config " +"5>) consisting of one or more comma-separated USER@DOMAIN identity patterns " +"that are accepted for signing. When verifying, the identity presented via " +"the E<.Fl I> option must match a principals pattern in order for the " +"corresponding key to be considered acceptable for verification." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"The options (if present) consist of comma-separated option specifications. " +"No spaces are permitted, except within double quotes. The following option " +"specifications are supported (note that option keywords are case-" +"insensitive):" +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Cm cert-authority" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Indicates that this key is accepted as a certificate authority (CA) and that " +"certificates signed by this CA may be accepted for verification." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +#, no-wrap +msgid "Cm namespaces Ns = Ns namespace-list" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Specifies a pattern-list of namespaces that are accepted for this key. If " +"this option is present, the signature namespace embedded in the signature " +"object and presented on the verification command-line must match the " +"specified list before the key will be considered acceptable." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +#, no-wrap +msgid "Cm valid-after Ns = Ns timestamp" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "" +"Indicates that the key is valid for use at or after the specified timestamp, " +"which may be a date or time in the YYYYMMDD[Z] or YYYYMMDDHHMM[SS][Z] " +"formats. Dates and times will be interpreted in the current system time " +"zone unless suffixed with a Z character, which causes them to be interpreted " +"in the UTC time zone." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +#, no-wrap +msgid "Cm valid-before Ns = Ns timestamp" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-tumbleweed +msgid "" +"Indicates that the key is valid for use at or before the specified timestamp." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"When verifying signatures made by certificates, the expected principal name " +"must match both the principals pattern in the allowed signers file and the " +"principals embedded in the certificate itself." +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "An example allowed signers file:" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "" +"# Comments allowed at start of line\n" +"user1@example.com,user2@example.com ssh-rsa AAAAX1...\n" +"# A certificate authority, trusted for all principals in a domain.\n" +"*@example.com cert-authority ssh-ed25519 AAAB4...\n" +"# A key that is accepted only for file signing.\n" +"user2@example.com namespaces=\"file\" ssh-ed25519 AAA41...\n" +msgstr "" + +#. type: Sh +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "ENVIRONMENT" +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Ev SSH_SK_PROVIDER" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Specifies a path to a library that will be used when loading any FIDO " +"authenticator-hosted keys, overriding the default of using the built-in USB " +"HID support." +msgstr "" + +#. type: Sh +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "FILES" +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Pa ~/.ssh/id_dsa" +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Pa ~/.ssh/id_ecdsa" +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Pa ~/.ssh/id_ecdsa_sk" +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Pa ~/.ssh/id_ed25519" +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Pa ~/.ssh/id_ed25519_sk" +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Pa ~/.ssh/id_rsa" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519, authenticator-" +"hosted Ed25519 or RSA authentication identity of the user. This file should " +"not be readable by anyone but the user. It is possible to specify a " +"passphrase when generating the key; that passphrase will be used to encrypt " +"the private part of this file using 128-bit AES. This file is not " +"automatically accessed by E<.Nm> but it is offered as the default file for " +"the private key. E<.Xr ssh 1> will read this file when a login attempt is " +"made." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Pa ~/.ssh/id_dsa.pub" +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Pa ~/.ssh/id_ecdsa.pub" +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Pa ~/.ssh/id_ecdsa_sk.pub" +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Pa ~/.ssh/id_ed25519.pub" +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Pa ~/.ssh/id_ed25519_sk.pub" +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Pa ~/.ssh/id_rsa.pub" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519, authenticator-" +"hosted Ed25519 or RSA public key for authentication. The contents of this " +"file should be added to E<.Pa ~/.ssh/authorized_keys> on all machines where " +"the user wishes to log in using public key authentication. There is no need " +"to keep the contents of this file secret." +msgstr "" + +#. type: It +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "Pa /etc/ssh/moduli" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"Contains Diffie-Hellman groups used for DH-GEX. The file format is " +"described in E<.Xr moduli 5>." +msgstr "" + +#. type: Sh +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "SEE ALSO" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"E<.Xr ssh 1>, E<.Xr ssh-add 1>, E<.Xr ssh-agent 1>, E<.Xr moduli 5>, E<.Xr " +"sshd 8> E<.Rs> E<.%R RFC 4716> E<.%T \"The Secure Shell (SSH) Public Key " +"File Format\"> E<.%D 2006> E<.Re>" +msgstr "" + +#. type: Sh +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +#, no-wrap +msgid "AUTHORS" +msgstr "" + +#. type: Plain text +#: archlinux debian-bookworm debian-unstable opensuse-leap-15-6 +#: opensuse-tumbleweed +msgid "" +"OpenSSH is a derivative of the original and free ssh 1.2.12 release by Tatu " +"Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo de " +"Raadt and Dug Song removed many bugs, re-added newer features and created " +"OpenSSH. Markus Friedl contributed the support for SSH protocol versions " +"1.5 and 2.0." +msgstr "" + +#. type: Dd +#: debian-bookworm +#, no-wrap +msgid "$Mdocdate: September 10 2022 $" +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "" +"The type of key to be generated is specified with the E<.Fl t> option. If " +"invoked without any arguments, E<.Nm> will generate an RSA key." +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "" +"Normally each user wishing to use SSH with public key authentication runs " +"this once to create the authentication key in E<.Pa ~/.ssh/id_dsa>, E<.Pa ~/." +"ssh/id_ecdsa>, E<.Pa ~/.ssh/id_ecdsa_sk>, E<.Pa ~/.ssh/id_ed25519>, E<.Pa ~/." +"ssh/id_ed25519_sk> or E<.Pa ~/.ssh/id_rsa>. Additionally, the system " +"administrator may use this to generate host keys." +msgstr "" + +#. type: Plain text +#: debian-bookworm debian-unstable +msgid "" +"Generate host keys of all default key types (rsa, ecdsa, and ed25519) if " +"they do not already exist. The host keys are generated with the default key " +"file path, an empty passphrase, default bits for the key type, and default " +"comment. If E<.Fl f> has also been specified, its argument is used as a " +"prefix to the default path for the resulting host key files. This is used " +"by system administration scripts to generate new host keys." +msgstr "" + +#. type: Plain text +#: debian-bookworm opensuse-leap-15-6 +msgid "" +"Cryptographically sign a file or some data using a SSH key. When signing, " +"E<.Nm> accepts zero or more files to sign on the command-line - if no files " +"are specified then E<.Nm> will sign data presented on standard input. " +"Signatures are written to the path of the input file with E<.Dq .sig> " +"appended, or to standard output if the message to be signed was read from " +"standard input." +msgstr "" + +#. type: Dd +#: opensuse-leap-15-6 +#, no-wrap +msgid "$Mdocdate: September 9 2020 $" +msgstr "" + +#. type: Plain text +#: opensuse-leap-15-6 +msgid "" +"E<.Nm ssh-keygen> E<.Op Fl q> E<.Op Fl a Ar rounds> E<.Op Fl b Ar bits> E<." +"Op Fl C Ar comment> E<.Op Fl f Ar output_keyfile> E<.Op Fl m Ar format> E<." +"Op Fl N Ar new_passphrase> E<.Op Fl O Ar option> E<.Op Fl t Cm dsa | ecdsa | " +"ecdsa-sk | ed25519 | ed25519-sk | rsa> E<.Op Fl w Ar provider> E<.Nm ssh-" +"keygen> E<.Fl p> E<.Op Fl a Ar rounds> E<.Op Fl f Ar keyfile> E<.Op Fl m Ar " +"format> E<.Op Fl N Ar new_passphrase> E<.Op Fl P Ar old_passphrase> E<.Nm " +"ssh-keygen> E<.Fl i> E<.Op Fl f Ar input_keyfile> E<.Op Fl m Ar key_format> " +"E<.Nm ssh-keygen> E<.Fl e> E<.Op Fl f Ar input_keyfile> E<.Op Fl m Ar " +"key_format> E<.Nm ssh-keygen> E<.Fl y> E<.Op Fl f Ar input_keyfile> E<.Nm " +"ssh-keygen> E<.Fl c> E<.Op Fl a Ar rounds> E<.Op Fl C Ar comment> E<.Op Fl f " +"Ar keyfile> E<.Op Fl P Ar passphrase> E<.Nm ssh-keygen> E<.Fl l> E<.Op Fl v> " +"E<.Op Fl E Ar fingerprint_hash> E<.Op Fl f Ar input_keyfile> E<.Nm ssh-" +"keygen> E<.Fl B> E<.Op Fl f Ar input_keyfile> E<.Nm ssh-keygen> E<.Fl D Ar " +"pkcs11> E<.Nm ssh-keygen> E<.Fl F Ar hostname> E<.Op Fl lv> E<.Op Fl f Ar " +"known_hosts_file> E<.Nm ssh-keygen> E<.Fl H> E<.Op Fl f Ar known_hosts_file> " +"E<.Nm ssh-keygen> E<.Fl K> E<.Op Fl a Ar rounds> E<.Op Fl w Ar provider> E<." +"Nm ssh-keygen> E<.Fl R Ar hostname> E<.Op Fl f Ar known_hosts_file> E<.Nm " +"ssh-keygen> E<.Fl r Ar hostname> E<.Op Fl g> E<.Op Fl f Ar input_keyfile> E<." +"Nm ssh-keygen> E<.Fl M Cm generate> E<.Op Fl O Ar option> E<.Ar output_file> " +"E<.Nm ssh-keygen> E<.Fl M Cm screen> E<.Op Fl f Ar input_file> E<.Op Fl O Ar " +"option> E<.Ar output_file> E<.Nm ssh-keygen> E<.Fl I Ar " +"certificate_identity> E<.Fl s Ar ca_key> E<.Op Fl hU> E<.Op Fl D Ar " +"pkcs11_provider> E<.Op Fl n Ar principals> E<.Op Fl O Ar option> E<.Op Fl V " +"Ar validity_interval> E<.Op Fl z Ar serial_number> E<.Ar> E<.Nm ssh-keygen> " +"E<.Fl L> E<.Op Fl f Ar input_keyfile> E<.Nm ssh-keygen> E<.Fl A> E<.Op Fl a " +"Ar rounds> E<.Op Fl f Ar prefix_path> E<.Nm ssh-keygen> E<.Fl k> E<.Fl f Ar " +"krl_file> E<.Op Fl u> E<.Op Fl s Ar ca_public> E<.Op Fl z Ar version_number> " +"E<.Ar> E<.Nm ssh-keygen> E<.Fl Q> E<.Op Fl l> E<.Fl f Ar krl_file> E<.Ar> E<." +"Nm ssh-keygen> E<.Fl Y Cm find-principals> E<.Fl s Ar signature_file> E<.Fl " +"f Ar allowed_signers_file> E<.Nm ssh-keygen> E<.Fl Y Cm check-novalidate> E<." +"Fl n Ar namespace> E<.Fl s Ar signature_file> E<.Nm ssh-keygen> E<.Fl Y Cm " +"sign> E<.Fl f Ar key_file> E<.Fl n Ar namespace> E<.Ar> E<.Nm ssh-keygen> E<." +"Fl Y Cm verify> E<.Fl f Ar allowed_signers_file> E<.Fl I Ar signer_identity> " +"E<.Fl n Ar namespace> E<.Fl s Ar signature_file> E<.Op Fl r Ar " +"revocation_file>" +msgstr "" + +#. type: Plain text +#: opensuse-leap-15-6 +msgid "" +"For each of the key types (rsa, dsa, ecdsa and ed25519) for which host keys " +"do not exist, generate the host keys with the default key file path, an " +"empty passphrase, default bits for the key type, and default comment. If E<." +"Fl f> has also been specified, its argument is used as a prefix to the " +"default path for the resulting host key files. This is used by E<.Pa /etc/" +"rc> to generate new host keys." +msgstr "" + +#. type: Plain text +#: opensuse-leap-15-6 +msgid "" +"When saving a private key, this option specifies the number of KDF (key " +"derivation function) rounds used. Higher numbers result in slower " +"passphrase verification and increased resistance to brute-force password " +"cracking (should the keys be stolen). The default is 16 rounds." +msgstr "" + +#. type: Plain text +#: opensuse-leap-15-6 +msgid "" +"When signing a key, create a host certificate instead of a user " +"certificate. Please see the E<.Sx CERTIFICATES> section for details." +msgstr "" + +#. type: Plain text +#: opensuse-leap-15-6 +msgid "" +"Specify the key identity when signing a public key. Please see the E<.Sx " +"CERTIFICATES> section for details." +msgstr "" + +#. type: Plain text +#: opensuse-leap-15-6 +msgid "" +"Download resident keys from a FIDO authenticator. Public and private key " +"files will be written to the current directory for each downloaded key. If " +"multiple FIDO authenticators are attached, keys will be downloaded from the " +"first touched authenticator." +msgstr "" + +#. type: Plain text +#: opensuse-leap-15-6 +msgid "" +"Specify one or more principals (user or host names) to be included in a " +"certificate when signing a key. Multiple principals may be specified, " +"separated by commas. Please see the E<.Sx CERTIFICATES> section for details." +msgstr "" + +#. type: Plain text +#: opensuse-leap-15-6 +msgid "" +"When generating a key that will be hosted on a FIDO authenticator, this flag " +"may be used to specify key-specific options. Those supported at present are:" +msgstr "" + +#. type: Plain text +#: opensuse-leap-15-6 +msgid "" +"Specifies a path to a challenge string that will be passed to the FIDO token " +"during key generation. The challenge string may be used as part of an out-" +"of-band protocol for key enrollment (a random challenge is used by default)." +msgstr "" + +#. type: Plain text +#: opensuse-leap-15-6 +msgid "" +"Explicitly specify a E<.Xr fido 4> device to use, rather than letting the " +"token middleware select one." +msgstr "" + +#. type: Plain text +#: opensuse-leap-15-6 +msgid "" +"Indicate that the key should be stored on the FIDO authenticator itself. " +"Resident keys may be supported on FIDO2 tokens and typically require that a " +"PIN be set on the token prior to generation. Resident keys may be loaded " +"off the token using E<.Xr ssh-add 1>." +msgstr "" + +#. type: Plain text +#: opensuse-leap-15-6 +msgid "" +"Indicate that this private key should require user verification for each " +"signature. Not all FIDO tokens support this option. Currently PIN " +"authentication is the only supported verification method, but other methods " +"may be supported in the future." +msgstr "" + +#. type: Plain text +#: opensuse-leap-15-6 +msgid "" +"May be used at key generation time to record the attestation data returned " +"from FIDO tokens during key generation. Please note that this information " +"is potentially sensitive. By default, this information is discarded." +msgstr "" + +#. type: Plain text +#: opensuse-leap-15-6 +msgid "" +"Certify (sign) a public key using the specified CA key. Please see the E<." +"Sx CERTIFICATES> section for details." +msgstr "" + +#. type: Plain text +#: opensuse-leap-15-6 +msgid "" +"When used in combination with E<.Fl s>, this option indicates that a CA key " +"resides in a E<.Xr ssh-agent 1>. See the E<.Sx CERTIFICATES> section for " +"more information." +msgstr "" + +#. type: Plain text +#: opensuse-leap-15-6 +msgid "" +"The start time may be specified as the string E<.Dq always> to indicate the " +"certificate has no specified start time, a date in YYYYMMDD format, a time " +"in YYYYMMDDHHMM[SS] format, a relative time (to the current time) consisting " +"of a minus sign followed by an interval in the format described in the TIME " +"FORMATS section of E<.Xr sshd_config 5>." +msgstr "" + +#. type: Plain text +#: opensuse-leap-15-6 +msgid "" +"The end time may be specified as a YYYYMMDD date, a YYYYMMDDHHMM[SS] time, a " +"relative time starting with a plus character or the string E<.Dq forever> to " +"indicate that the certificate has no expiry date." +msgstr "" + +#. type: Plain text +#: opensuse-leap-15-6 +msgid "" +"For example: E<.Dq +52w1d> (valid from now to 52 weeks and one day from " +"now), E<.Dq -4w:+4w> (valid from four weeks ago to four weeks from now), E<." +"Dq 20100101123000:20110101123000> (valid from 12:30 PM, January 1st, 2010 to " +"12:30 PM, January 1st, 2011), E<.Dq -1d:20110101> (valid from yesterday to " +"midnight, January 1st, 2011). E<.Dq -1m:forever> (valid from one minute ago " +"and never expiring)." +msgstr "" + +#. type: Plain text +#: opensuse-leap-15-6 +msgid "" +"Screened DH groups may be installed in E<.Pa /etc/ssh/moduli>. It is " +"important that this file contains moduli of a range of bit lengths and that " +"both ends of a connection share common moduli." +msgstr "" + +#. type: Plain text +#: opensuse-leap-15-6 +msgid "" +"Finally, certificates may be defined with a validity lifetime. The E<.Fl V> " +"option allows specification of certificate start and end times. A " +"certificate that is presented at a time outside this range will not be " +"considered valid. By default, certificates are valid from E<.Ux> Epoch to " +"the distant future." +msgstr "" + +#. type: Plain text +#: opensuse-leap-15-6 +msgid "" +"For certificates to be used for user or host authentication, the CA public " +"key must be trusted by E<.Xr sshd 8> or E<.Xr ssh 1>. Please refer to those " +"manual pages for details." +msgstr "" + +#. type: Plain text +#: opensuse-leap-15-6 +msgid "" +"The principals field is a pattern-list (See PATTERNS in E<.Xr ssh_config " +"5>) consisting of one or more comma-separated USER@DOMAIN identity patterns " +"that are accepted for signing. When verifying, the identity presented via " +"the E<.Fl I> option must match a principals pattern in order for the " +"corresponding key to be considered acceptable for verification." +msgstr "" + +#. type: It +#: opensuse-leap-15-6 +#, no-wrap +msgid "Cm namespaces=\"namespace-list\"" +msgstr "" |