Attachment #3682 for bug #3355

Lines 1109-1115 Explicitly specify a Link Here

(-)a/ssh-keygen.1 (-1 / +1 lines)
1109	.Xr fido 4	1109	.Xr fido 4
1110	device to use, rather than letting the authenticator middleware select one.	1110	device to use, rather than letting the authenticator middleware select one.
1111	.It Cm no-touch-required	1111	.It Cm no-touch-required
1112	Indicate that the generated private key should not require touch	1112	Indicate that the generated or downloaded private key should not require touch
1113	events (user presence) when making signatures.	1113	events (user presence) when making signatures.
1114	Note that	1114	Note that
1115	.Xr sshd 8	1115	.Xr sshd 8

Lines 3135-3141 sk_suffix(const char application, const uint8_t user, size_t userlen) Link Here

(-)a/ssh-keygen.c (-2 / +6 lines)
3135	}	3135	}
3136		3136
3137	static int	3137	static int
3138	do_download_sk(const char skprovider, const char device)	3138	do_download_sk(const char skprovider, const char device, uint8_t sk_flags)
3139	{	3139	{
3140	struct sshsk_resident_key **srks;	3140	struct sshsk_resident_key **srks;
3141	size_t nsrks, i;	3141	size_t nsrks, i;
Lines 3171-3176 do_download_sk(const char skprovider, const char device) Link Here
3171	sshkey_type(key), key->type);	3171	sshkey_type(key), key->type);
3172	continue;	3172	continue;
3173	}	3173	}
		3174	if ((sk_flags & SSH_SK_USER_PRESENCE_REQD) == 0)
		3175	key->sk_flags &= ~SSH_SK_USER_PRESENCE_REQD;
3174	if ((fp = sshkey_fingerprint(key, fingerprint_hash,	3176	if ((fp = sshkey_fingerprint(key, fingerprint_hash,
3175	SSH_FP_DEFAULT)) == NULL)	3177	SSH_FP_DEFAULT)) == NULL)
3176	fatal_f("sshkey_fingerprint failed");	3178	fatal_f("sshkey_fingerprint failed");
Lines 3706-3717 main(int argc, char **argv) Link Here
3706	for (i = 0; i < nopts; i++) {	3708	for (i = 0; i < nopts; i++) {
3707	if (strncasecmp(opts[i], "device=", 7) == 0) {	3709	if (strncasecmp(opts[i], "device=", 7) == 0) {
3708	sk_device = xstrdup(opts[i] + 7);	3710	sk_device = xstrdup(opts[i] + 7);
		3711	} else if (strcasecmp(opts[i], "no-touch-required") == 0) {
		3712	sk_flags &= ~SSH_SK_USER_PRESENCE_REQD;
3709	} else {	3713	} else {
3710	fatal("Option \"%s\" is unsupported for "	3714	fatal("Option \"%s\" is unsupported for "
3711	"FIDO authenticator download", opts[i]);	3715	"FIDO authenticator download", opts[i]);
3712	}	3716	}
3713	}	3717	}
3714	return do_download_sk(sk_provider, sk_device);	3718	return do_download_sk(sk_provider, sk_device, sk_flags);
3715	}	3719	}
3716	if (print_fingerprint \|\| print_bubblebabble)	3720	if (print_fingerprint \|\| print_bubblebabble)
3717	do_fingerprint(pw);	3721	do_fingerprint(pw);

Return to bug 3355