|
|
|
@ -38,6 +38,12 @@
|
|
|
|
|
.Ic known_hosts
|
|
|
|
|
.Op hostnames ...
|
|
|
|
|
.Ek
|
|
|
|
|
.Nm
|
|
|
|
|
.Bk -words
|
|
|
|
|
.Cm revoke
|
|
|
|
|
.Op Fl qv
|
|
|
|
|
.Ar
|
|
|
|
|
.Ek
|
|
|
|
|
.Sh DESCRIPTION
|
|
|
|
|
.Nm
|
|
|
|
|
is a small utility for issuing and revoking OpenSSH Certificates.
|
|
|
|
@ -56,9 +62,14 @@ A Certification Authority directory consists of a
|
|
|
|
|
.Pa ./ca.pub
|
|
|
|
|
file corresponding to the public key of it, a
|
|
|
|
|
.Pa ./pubkeys/
|
|
|
|
|
directory which holds the public keys to be signed, and an optional
|
|
|
|
|
directory which holds the public keys to be signed, an optional
|
|
|
|
|
.Pa ./krl
|
|
|
|
|
file corresponding to the last issued Key Revocation List, and optional
|
|
|
|
|
.Pa ./serial.txt
|
|
|
|
|
file holding the current serial number for the issued certificates.
|
|
|
|
|
and
|
|
|
|
|
.Pa ./krl_serial.txt
|
|
|
|
|
files corresponding to the current serial number for the issued certificates
|
|
|
|
|
and Key Revocation Lists.
|
|
|
|
|
.Pp
|
|
|
|
|
The following commands are available to
|
|
|
|
|
.Nm :
|
|
|
|
@ -128,15 +139,34 @@ are concatenated with commas and copied verbatim to the output.
|
|
|
|
|
See
|
|
|
|
|
.Xr sshd 8 SSH_KNOWN_HOSTS FILE FORMAT
|
|
|
|
|
for details.
|
|
|
|
|
.It Cm revoke Oo Fl qv Oc Ar
|
|
|
|
|
Generates a Key Revocation List for the current Certification Authority.
|
|
|
|
|
All recognized options are passed down to
|
|
|
|
|
.Xr ssh-keygen 1
|
|
|
|
|
process.
|
|
|
|
|
See
|
|
|
|
|
.Xr ssh-keygen 1 KEY REVOCATION LISTS
|
|
|
|
|
for details on the file format for input files.
|
|
|
|
|
If
|
|
|
|
|
.Pa ./krl
|
|
|
|
|
exists,
|
|
|
|
|
.Cm revoke
|
|
|
|
|
will update.
|
|
|
|
|
.Pa ./krl
|
|
|
|
|
can be synced back with the input files by first removing it.
|
|
|
|
|
.El
|
|
|
|
|
.Sh FILES
|
|
|
|
|
.Bl -tag -width MMMMMMMMMMMMMM -compact
|
|
|
|
|
.Bl -tag -width MMMMMMMMMMMMMMMMMM -compact
|
|
|
|
|
.It Pa ./ca.pub
|
|
|
|
|
Certification Authority public key
|
|
|
|
|
.It Pa ./pubkeys/
|
|
|
|
|
Directory containing the public keys to be signed
|
|
|
|
|
.It Pa ./krl
|
|
|
|
|
Key Revocation List
|
|
|
|
|
.It Pa ./serial.txt
|
|
|
|
|
Last issued serial
|
|
|
|
|
Last issued serial for certificates
|
|
|
|
|
.It Pa ./krl_serial.txt
|
|
|
|
|
Last issued serial for KRLs
|
|
|
|
|
.El
|
|
|
|
|
.Sh EXIT STATUS
|
|
|
|
|
.Ex -std
|
|
|
|
|