View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0006904||CentOS-6||openssh||public||2014-01-15 13:55||2014-01-15 13:56|
|Target Version||Fixed in Version|
|Summary||0006904: ssh-keygen.1: incorrect description of -n option|
|Description||The CentOS version of ssh-keygen uses the "-Z" option for providing principals when creating SSH certificates, instead of the standard "-n" option. Instead, the "-n" option means "Extract the public key from smartcard". |
However, the ssh-keygen.1 man page is incorrect because:
1. it still mentions "-n" in the SYNOPSIS, DESCRIPTION and CERTIFICATES sections as being the principal option, and
2. does not mention the "Extract public key from smartcard" at all.
In the ssh-keygen usage statement, the "-Z" options is described correctly:
-Z name,... User/host principal names to include in certificate
while at the same time, the -n option is not in the usage statement, whereas it should say:
-n Extract the public key from smartcard.
(This last part is in a #ifdef SMARTCARD openssh-5.3p1-ssh-certificates.patch which apparently isn't TRUE)
I would suggest going back to using the standard -n option for principal specification, and renaming the smartcard option to something that is still available and does not overlap...
|Steps To Reproduce||man ssh-keygen|
|Tags||No tags attached.|