View Issue Details

IDProjectCategoryView StatusLast Update
0006904CentOS-6opensshpublic2014-01-15 13:56
Reporterwclarie 
PrioritynormalSeverityminorReproducibilityalways
Status newResolutionopen 
Product Version 
Target VersionFixed in Version 
Summary0006904: ssh-keygen.1: incorrect description of -n option
DescriptionThe CentOS version of ssh-keygen uses the "-Z" option for providing principals when creating SSH certificates, instead of the standard "-n" option. Instead, the "-n" option means "Extract the public key from smartcard".

However, the ssh-keygen.1 man page is incorrect because:
1. it still mentions "-n" in the SYNOPSIS, DESCRIPTION and CERTIFICATES sections as being the principal option, and
2. does not mention the "Extract public key from smartcard" at all.

In the ssh-keygen usage statement, the "-Z" options is described correctly:

  -Z name,... User/host principal names to include in certificate

while at the same time, the -n option is not in the usage statement, whereas it should say:

  -n Extract the public key from smartcard.

(This last part is in a #ifdef SMARTCARD openssh-5.3p1-ssh-certificates.patch which apparently isn't TRUE)

I would suggest going back to using the standard -n option for principal specification, and renaming the smartcard option to something that is still available and does not overlap...
Steps To Reproduceman ssh-keygen
ssh-keygen -?
TagsNo tags attached.

Activities

wclarie

wclarie

2014-01-15 13:56

reporter   ~0019062

This is on CentOS 6 by the way.

Issue History

Date Modified Username Field Change
2014-01-15 13:55 wclarie New Issue
2014-01-15 13:56 wclarie Note Added: 0019062