1 files changed, 22 insertions, 12 deletions
diff --git a/crypto/openssh/ssh-keygen.1 b/crypto/openssh/ssh-keygen.1
index 12e00d416ec7..9b93666c9e44 100644
--- a/crypto/openssh/ssh-keygen.1
+++ b/crypto/openssh/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ssh-keygen.1,v 1.120 2014/02/05 20:13:25 naddy Exp $
+.\"	$OpenBSD: ssh-keygen.1,v 1.125 2015/02/24 15:24:05 naddy Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: February 5 2014 $
+.Dd $Mdocdate: February 24 2015 $
 .Dt SSH-KEYGEN 1
 .Os
 .Sh NAME
@@ -46,7 +46,7 @@
 .Nm ssh-keygen
 .Op Fl q
 .Op Fl b Ar bits
-.Op Fl t Ar type
+.Op Fl t Cm dsa | ecdsa | ed25519 | rsa | rsa1
 .Op Fl N Ar new_passphrase
 .Op Fl C Ar comment
 .Op Fl f Ar output_keyfile
@@ -73,6 +73,8 @@
 .Op Fl f Ar keyfile
 .Nm ssh-keygen
 .Fl l
+.Op Fl v
+.Op Fl E Ar fingerprint_hash
 .Op Fl f Ar input_keyfile
 .Nm ssh-keygen
 .Fl B
@@ -140,7 +142,7 @@ generates, manages and converts authentication keys for
 .Xr ssh 1 .
 .Nm
 can create RSA keys for use by SSH protocol version 1 and
-DSA, ECDSA, ED25519 or RSA keys for use by SSH protocol version 2.
+DSA, ECDSA, Ed25519 or RSA keys for use by SSH protocol version 2.
 The type of key to be generated is specified with the
 .Fl t
 option.
@@ -251,7 +253,7 @@ flag determines the key length by selecting from one of three elliptic
 curve sizes: 256, 384 or 521 bits.
 Attempting to use bit lengths other than these three values for ECDSA keys
 will fail.
-ED25519 keys have a fixed length and the
+Ed25519 keys have a fixed length and the
 .Fl b
 flag will be ignored.
 .It Fl C Ar comment
@@ -269,6 +271,14 @@ When used in combination with
 this option indicates that a CA key resides in a PKCS#11 token (see the
 .Sx CERTIFICATES
 section for details).
+.It Fl E Ar fingerprint_hash
+Specifies the hash algorithm used when displaying key fingerprints.
+Valid options are:
+.Dq md5
+and
+.Dq sha256 .
+The default is
+.Dq sha256 .
 .It Fl e
 This option will read a private or public OpenSSH key file and
 print to stdout the key in one of the formats specified by the
@@ -332,6 +342,10 @@ in the format specified by the
 .Fl m
 option and print an OpenSSH compatible private
 (or public) key to stdout.
+This option allows importing keys from other software, including several
+commercial SSH implementations.
+The default import format is
+.Dq RFC4716 .
 .It Fl J Ar num_lines
 Exit after screening the specified number of lines
 while performing DH candidate screening using the
@@ -350,10 +364,6 @@ while performing DH candidate screening using the
 option.
 This will be used to skip lines in the input file that have already been
 processed if the job is restarted.
-This option allows importing keys from other software, including several
-commercial SSH implementations.
-The default import format is
-.Dq RFC4716 .
 .It Fl k
 Generate a KRL file.
 In this mode,
@@ -514,7 +524,7 @@ section for details.
 Test DH group exchange candidate primes (generated using the
 .Fl G
 option) for safety.
-.It Fl t Ar type
+.It Fl t Cm dsa | ecdsa | ed25519 | rsa | rsa1
 Specifies the type of key to create.
 The possible values are
 .Dq rsa1
@@ -803,7 +813,7 @@ There is no need to keep the contents of this file secret.
 .It Pa ~/.ssh/id_ecdsa
 .It Pa ~/.ssh/id_ed25519
 .It Pa ~/.ssh/id_rsa
-Contains the protocol version 2 DSA, ECDSA, ED25519 or RSA
+Contains the protocol version 2 DSA, ECDSA, Ed25519 or RSA
 authentication identity of the user.
 This file should not be readable by anyone but the user.
 It is possible to
@@ -819,7 +829,7 @@ will read this file when a login attempt is made.
 .It Pa ~/.ssh/id_ecdsa.pub
 .It Pa ~/.ssh/id_ed25519.pub
 .It Pa ~/.ssh/id_rsa.pub
-Contains the protocol version 2 DSA, ECDSA, ED25519 or RSA
+Contains the protocol version 2 DSA, ECDSA, Ed25519 or RSA
 public key for authentication.
 The contents of this file should be added to
 .Pa ~/.ssh/authorized_keys