zsh-workers
 help / color / mirror / Atom feed
* PATCH: update options in openssh completion
@ 2021-04-20 18:54 Oliver Kiddle
  2021-04-20 22:18 ` Daniel Shahaf
  0 siblings, 1 reply; 2+ messages in thread
From: Oliver Kiddle @ 2021-04-20 18:54 UTC (permalink / raw)
  To: Zsh workers

This update covers changes through openssh 8.6.

Most changes are in ssh-keygen which has become increasingly convoluted
and the completion for that might need a different approach if it
gets yet worse. It remains that it doesn't handle the options after
the various -Y options and -l after -Q also isn't handled. Lots of
overloading of options doesn't make it easy.

Oliver

diff --git a/Completion/Unix/Command/_ssh b/Completion/Unix/Command/_ssh
index 642f11bcb..82a2a1827 100644
--- a/Completion/Unix/Command/_ssh
+++ b/Completion/Unix/Command/_ssh
@@ -4,12 +4,13 @@
 
 _ssh () {
   local curcontext="$curcontext" state line expl suf arg ret=1
-  local args sigargs common common_transfer algopt tmp p1 file cmn cmds sdesc tdesc
+  local args sigargs common common_transfer options algopt tmp p1 file cmn cmds sdesc tdesc
   typeset -A opt_args
 
   common=(
     '(-6)-4[force ssh to use IPv4 addresses only]'
     '(-4)-6[force ssh to use IPv6 addresses only]'
+    '-A[enable forwarding of the authentication agent connection]'
     '-C[compress data]'
     '-c+[select encryption cipher]:encryption cipher:->ciphers'
     '-F+[specify alternate config file]:config file:_files'
@@ -32,7 +33,6 @@ _ssh () {
   ssh)
     (( $+words[(r)-[^-]#t*] )) && tdesc=' even if there is no controlling tty'
     _arguments -C -s \
-      '(-a)-A[enable forwarding of the authentication agent connection]' \
       '(-A)-a[disable forwarding of authentication agent connection]' \
       '-B+[bind to specified interface before attempting to connect]:interface:_net_interfaces' \
       '(-P)-b+[specify interface to transmit on]:bind address:_bind_addresses' \
@@ -92,14 +92,16 @@ _ssh () {
       $algopt \
       '-e+[remove keys provided by the PKCS#11 shared library]:library:_files -g "*.(so|dylib)(|.<->)(-.)"' \
       '-k[load plain private keys only and skip certificates]' \
+      '-K[load resident keys from a FIDO authenticator]' \
       '-L[list public key parameters of all identities in the agent]'\
       '-l[list all identities]' \
       '-m+[specify minimum remaining signatures before maximum is changed]:number' \
       '-M+[specify maximum number of signatures]:number' \
+      '-S+[use specified library when adding FIDO authenticator-hosted keys]:library:_files' \
       '-s+[add keys provided by the PKCS#11 shared library]:library:_files -g "*.(so|dylib)(|.<->)(-.)"' \
       '-t+[set maximum lifetime for identity]:maximum lifetime (in seconds or time format):' \
       "-T[test usability of identity files' private keys]:*:public key file:_files -g '*.pub(-.)'" \
-      '-v[verbose mode]' \
+      '*-v[verbose mode]' \
       '-q[be quiet after a successful operation]' \
       '-X[unlock the agent]' \
       '-x[lock the agent with a password]' \
@@ -125,13 +127,42 @@ _ssh () {
     # options can be in any order but use ! to limit those shown for the first argument
     (( CURRENT == 2 )) && p1='!'
     args=( '!-z:number' )
+    options=(
+      application
+      'challenge\:path\:_files'
+      device
+      no-touch-required
+      resident
+      user
+      verify-required
+      'write-attestation\:path\:_files'
+    )
     sdesc='certify keys with CA key'
-    (( $+words[(r)-I] )) && args=( '-z[specify serial number]:serial number' )
+    if (( $+words[(r)-[IhUDnV]*] )); then
+      args=( '-z[specify serial number]:serial number' )
+      options=(
+        clear critical\:name extension\:name force-command\:command\:_cmdstring
+        no-agent-forwarding no-port-forwarding no-pty no-user-rc no-x11-forwarding
+        permit-agent-forwarding permit-port-forwarding permit-pty permit-user-rc
+        permit-x11-forwarding source-address\:source\ address
+      )
+    fi
     (( $+words[(r)-[ku]] )) && args=( '-z[specify version number]:version number' ) &&
         sdesc='specify CA public key file'
     file=key
     (( $+words[(r)-[FHR]] )) && file=known_hosts
-    (( $+words[(r)-T] )) && file=input
+    if (( $+words[(r)-M*] )); then
+      file=input
+      args+=( '*:output file:_files' )
+      options=(
+        lines:number
+        'start-line\:line number'
+        checkpoint\:file:_files
+        'memory\:size (mbytes)'
+        'start\:start point (hex-value)'
+        generator\:value
+      )
+    fi
     (( $+words[(r)-A] )) && file='prefix for host key'
     if (( $+words[(r)-[kIQ]] )); then
       file=krl
@@ -139,8 +170,9 @@ _ssh () {
     fi
     if (( arg = $words[(I)-Y*] )); then
       [[ $words[arg] = -Y?* ]] || (( arg++ ))
-      case $words[arg] in
-	check*|verify)
+      case ${words[arg]#-Y} in
+        ^find-*) sigargs+=( "$p1-n+[specify namespace]:namespace" ) ;|
+	check*|find*|verify)
 	  sigargs+=( "$p1-s+[specify signature file]:signature file:-files" )
 	;|
 	sign) sigargs+=( '*:file:_files' ) ;;
@@ -153,51 +185,55 @@ _ssh () {
 	;;
       esac
     fi
-    cmds=( -p -i -e -y -c -l -B -D -F -H -R -r -G -T -s -L -A -k -Q -Y ) # basic commands
-    cmn=( -b -P -N -C -l -m -v ) # options common to many basic commands (except -f which is common to most)
-    cms=( -E -q -t -g -M -S -a -J -j -K -W -I -h -n -O -V -u -U ) # options specific to one basic command
+    cmds=( -p -i -e -y -c -l -B -D -F -H -K -R -r -M -s -L -A -k -Q -Y ) # basic commands
+    cmn=( -a -b -P -N -C -l -m -O -v -w -Z ) # options common to many basic commands (except -f which is common to most)
+    cms=( -E -q -t -g -M -I -h -n -V -u -U ) # options specific to one basic command
     _arguments -s $args \
-      "(${${(@)cmds:#-G}} -P ${${(@)cms:#-[MS]}})-b+[specify number of bits in key]:bits in key" \
+      "${p1}(${${(@)cmds:#-[pcKAO]}} ${${(@)cms:#-[t]}} -O)-a+[specify number of rounds]:rounds" \
+      "(${${(@)cmds:#-M}} -P ${${(@)cms:#-[MS]}})-b+[specify number of bits in key]:bits in key" \
       "$p1(${${(@)cmds:#-[pc]}} -b $cms)-P+[provide old passphrase]:old passphrase" \
       "(${${(@)cmds:#-p}} -v ${${(@)cms:#-[qt]}})-N+[provide new passphrase]:new passphrase" \
       "(${${(@)cmds:#-c}} -v $cms)-C+[provide new comment]:new comment" \
-      "(-D -G -M -S -I -h -n -O -V -A)-f+[$file file]:$file file:_files" \
+      "(-D -I -h -n -V -A)-f+[$file file]:$file file:_files" \
       "$p1(${${(@)cmds:#-[FE]}} ${${(@)cmn:#-v}} ${${(@)cms:#-E}})-l[show fingerprint of key file]" \
       "$p1(${${(@)cmds:#-[iep]}} $cms)-m+[specify conversion format]:format [RFC4716]:(PEM PKCS8 RFC4716)" \
+      "$p1*-O+[specify a key/value option]: : _values 'option' $options" \
       "(${${(@)cmds:#-[lGT]}} ${${(@)cmn:#-[bv]}} -f)*-v[verbose mode]" \
+      "$p1(${${(@)cmds:#-K}} -P ${${(@)cms:#-[qt]}})-w+[specify library used when creating FISO authenticator-hosted keys]:library:_files -g '*.(so|dylib)(|.<->)(-.)'" \
+      "$p1(${${(@)cmds:#-p}} -l ${${(@)cms:#-[qt]}})-Z+[specify encryption cipher to use when writing a private key file]:cipher:compadd - $(_call_program ciphers ssh -Q cipher)" \
       - '(commands)' \
-      "(-b -l -C -v)-p[change passphrase of private key file]" \
-      '(-b -l -P -N -C -v)-i[import key to OpenSSH format]' \
-      '(-b -l -P -N -C -v)-e[export key to SECSH file format]' \
+      "(-b -l -C -O -v -w)-p[change passphrase of private key file]" \
+      "(${${(@)cmn:#-m}})-i[import key to OpenSSH format]" \
+      "(${${(@)cmn:#-m}})-e[export key to SECSH file format]" \
       "($cmn)-y[get public key from private key]" \
-      '(-b -l -N -m -v)-c[change comment in private and public key files]' \
+      "(${${(@)cmn:#-[aCP]}})-c[change comment in private and public key files]" \
       "($cmn)-B[show the bubblebabble digest of key]" \
       "(-)-D+[download key stored in smartcard reader]:reader" \
       "(${${(@)cmn:#-[lv]}})-F+[search for host in known_hosts file]:host:_ssh_hosts" \
       "($cmn)-H[hash names in known_hosts file]" \
+      "(${${(@)cmn:#-[aw]}} -f)-K[download resident keys from a FIDO authenticator]" \
       "($cmn)-R+[remove host from known_hosts file]:host:_ssh_hosts" \
+      "(${${(@)cmn:#-O}})-M+[moduli generation]:action:((
+          generate\:generate\ candidates\ for\ DH-GEX\ moduli
+          screen\:screen\ candidates\ for\ DH-GEX\ moduli
+      ))" \
       "($cmn)-L[print the contents of a certificate]" \
-      "($cmn -l)-A[generate host keys for all key types]" \
+      "(${${(@)cmn:#-a}})-A[generate host keys for all key types]" \
       "($cmn)-Q[test whether keys have been revoked in a KRL]" \
+      "($cmn)-Y+[signature action]:action:((
+        find-principals\:find\ the\ principal\ associated\ with\ the\ public\ key\ of\ a\ signature
+        sign\:sign\ a\ file\ using\ SSH\ key
+        verify\:verify\ a\ signature\ generated\ using\ the\ sign\ option
+        check-novalidate\:check\ signature\ structure
+      ))" \
       - finger \
       "$p1($cmn)$algopt" \
       - create \
       '(-P -l)-q[silence ssh-keygen]' \
-      "(-P -l)-t+[specify the type of the key to create]:key type:(rsa dsa ecdsa ed25519)" \
+      "(-P -l)-t+[specify the type of the key to create]:key type:(rsa dsa ecdsa ed25519 ecdsa-sk ed25519-sk)" \
       - dns \
       "($cmn)-r[print DNS resource record]:hostname:_hosts" \
       "$p1($cmn)-g[use generic DNS format]" \
-      - primes \
-      "(-P -N -C -l -m -f)-G+[generate candidates for DH-GEX moduli]:output file:_files" \
-      "$p1(-P -N -C -l -m -f)-M+[specify amount of memory to use for generating DH-GEX moduli]:memory (MB)" \
-      "$p1(-P -N -C -l -m -f)-S+[specify start point]:start point (hex)" \
-      - screen \
-      "(${${(@)cmn:#-v}})-T+[screen candidates for DH-GEX moduli]:output file:_files" \
-      "${p1}(${${(@)cmn:#-v}})-a+[specify number of rounds]:rounds" \
-      "${p1}(${${(@)cmn:#-v}})-J[exit after screening specified number of lines]" \
-      "${p1}(${${(@)cmn:#-v}})-j+[start screening at the specified line number]:line number" \
-      "${p1}(${${(@)cmn:#-v}})-K+[write the last line processed to file]:file:_files" \
-      "${p1}(${${(@)cmn:#-v}})-W[specify desired generator]:generator" \
       - certify \
       "($cmn)-s[$sdesc]:CA key:_files" \
       "$p1($cmn -f -k -u)-I+[specify key identifier to include in certificate]:key id" \
@@ -205,21 +241,10 @@ _ssh () {
       "$p1($cmn -f -k -u -D)-U[indicate that CA key is held by ssh-agent]" \
       "$p1($cmn -f -k -u -U)-D+[indicate the CA key is stored in a PKCS#11 token]:PKCS11 shared library:_files -g '*.(so|dylib)(|.<->)(-.)'" \
       "$p1($cmn -f -k -u)-n+[specify user/host principal names to include in certificate]:principals" \
-      "$p1($cmn -f -k -u)*-O+[specify a certificate option]: : _values 'option'
-        clear critical\:name extension\:name force-command\:command\:_cmdstring
-	no-agent-forwarding no-port-forwarding no-pty no-user-rc no-x11-forwarding
-	permit-agent-forwarding permit-port-forwarding permit-pty permit-user-rc
-	permit-x11-forwarding source-address\:source\ address" \
       "$p1($cmn -f -u)-V+[specify certificate validity interval]:interval" \
       "($cmn -I -h -n -D -O -U -V)-k[generate a KRL file]" \
       "$p1($cmn -I -h -n -D -O -U -V)-u[update a KRL]" \
       - signature \
-      "($cmn)-Y+[signature action]:action:((
-	sign\:sign\ a\ file\ using\ SSH\ key
-	verify\:verify\ a\ signature\ generated\ using\ the\ sign\ option
-	check-novalidate\:check\ signature\ structure
-      ))" \
-      "$p1-n+[specify namespace]:namespace" \
       $sigargs
     return
   ;;
@@ -244,6 +269,7 @@ _ssh () {
       '-b+[specify batch file to read]:batch file:_files' \
       '-D+[connect directly to a local sftp server]:sftp server path' \
       '-f[request that files be flushed immediately after transfer]' \
+      '-N[disable implicit quiet mode set by -b]' \
       '-R+[specify number of outstanding requests]:number of requests [64]' \
       '-s+[specify SSH2 subsystem or path to sftp server on the remote host]:subsystem/path' \
       '1:file:->rfile' '*:file:->file' "$common[@]" "$common_transfer[@]" && ret=0


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: PATCH: update options in openssh completion
  2021-04-20 18:54 PATCH: update options in openssh completion Oliver Kiddle
@ 2021-04-20 22:18 ` Daniel Shahaf
  0 siblings, 0 replies; 2+ messages in thread
From: Daniel Shahaf @ 2021-04-20 22:18 UTC (permalink / raw)
  To: zsh-workers

Oliver Kiddle wrote on Tue, Apr 20, 2021 at 20:54:33 +0200:
> This update covers changes through openssh 8.6.
> 
> Most changes are in ssh-keygen which has become increasingly convoluted
> and the completion for that might need a different approach if it
> gets yet worse. It remains that it doesn't handle the options after
> the various -Y options and -l after -Q also isn't handled. Lots of
> overloading of options doesn't make it easy.

Makes me wonder if there's a bug report for OpenSSH here.  A "convoluted"
syntax with "lots of overloading" of options sounds like a place where
bugs are going to happen.

Cheers,

Daniel


> diff --git a/Completion/Unix/Command/_ssh b/Completion/Unix/Command/_ssh
> index 642f11bcb..82a2a1827 100644
> --- a/Completion/Unix/Command/_ssh
> +++ b/Completion/Unix/Command/_ssh
> @@ -4,12 +4,13 @@
>  
>  _ssh () {
>    local curcontext="$curcontext" state line expl suf arg ret=1
> -  local args sigargs common common_transfer algopt tmp p1 file cmn cmds sdesc tdesc
> +  local args sigargs common common_transfer options algopt tmp p1 file cmn cmds sdesc tdesc
>    typeset -A opt_args
>  
>    common=(
>      '(-6)-4[force ssh to use IPv4 addresses only]'
>      '(-4)-6[force ssh to use IPv6 addresses only]'
> +    '-A[enable forwarding of the authentication agent connection]'
>      '-C[compress data]'
>      '-c+[select encryption cipher]:encryption cipher:->ciphers'
>      '-F+[specify alternate config file]:config file:_files'
> @@ -32,7 +33,6 @@ _ssh () {
>    ssh)
>      (( $+words[(r)-[^-]#t*] )) && tdesc=' even if there is no controlling tty'
>      _arguments -C -s \
> -      '(-a)-A[enable forwarding of the authentication agent connection]' \
>        '(-A)-a[disable forwarding of authentication agent connection]' \
>        '-B+[bind to specified interface before attempting to connect]:interface:_net_interfaces' \
>        '(-P)-b+[specify interface to transmit on]:bind address:_bind_addresses' \
> @@ -92,14 +92,16 @@ _ssh () {
>        $algopt \
>        '-e+[remove keys provided by the PKCS#11 shared library]:library:_files -g "*.(so|dylib)(|.<->)(-.)"' \
>        '-k[load plain private keys only and skip certificates]' \
> +      '-K[load resident keys from a FIDO authenticator]' \
>        '-L[list public key parameters of all identities in the agent]'\
>        '-l[list all identities]' \
>        '-m+[specify minimum remaining signatures before maximum is changed]:number' \
>        '-M+[specify maximum number of signatures]:number' \
> +      '-S+[use specified library when adding FIDO authenticator-hosted keys]:library:_files' \
>        '-s+[add keys provided by the PKCS#11 shared library]:library:_files -g "*.(so|dylib)(|.<->)(-.)"' \
>        '-t+[set maximum lifetime for identity]:maximum lifetime (in seconds or time format):' \
>        "-T[test usability of identity files' private keys]:*:public key file:_files -g '*.pub(-.)'" \
> -      '-v[verbose mode]' \
> +      '*-v[verbose mode]' \
>        '-q[be quiet after a successful operation]' \
>        '-X[unlock the agent]' \
>        '-x[lock the agent with a password]' \
> @@ -125,13 +127,42 @@ _ssh () {
>      # options can be in any order but use ! to limit those shown for the first argument
>      (( CURRENT == 2 )) && p1='!'
>      args=( '!-z:number' )
> +    options=(
> +      application
> +      'challenge\:path\:_files'
> +      device
> +      no-touch-required
> +      resident
> +      user
> +      verify-required
> +      'write-attestation\:path\:_files'
> +    )
>      sdesc='certify keys with CA key'
> -    (( $+words[(r)-I] )) && args=( '-z[specify serial number]:serial number' )
> +    if (( $+words[(r)-[IhUDnV]*] )); then
> +      args=( '-z[specify serial number]:serial number' )
> +      options=(
> +        clear critical\:name extension\:name force-command\:command\:_cmdstring
> +        no-agent-forwarding no-port-forwarding no-pty no-user-rc no-x11-forwarding
> +        permit-agent-forwarding permit-port-forwarding permit-pty permit-user-rc
> +        permit-x11-forwarding source-address\:source\ address
> +      )
> +    fi
>      (( $+words[(r)-[ku]] )) && args=( '-z[specify version number]:version number' ) &&
>          sdesc='specify CA public key file'
>      file=key
>      (( $+words[(r)-[FHR]] )) && file=known_hosts
> -    (( $+words[(r)-T] )) && file=input
> +    if (( $+words[(r)-M*] )); then
> +      file=input
> +      args+=( '*:output file:_files' )
> +      options=(
> +        lines:number
> +        'start-line\:line number'
> +        checkpoint\:file:_files
> +        'memory\:size (mbytes)'
> +        'start\:start point (hex-value)'
> +        generator\:value
> +      )
> +    fi
>      (( $+words[(r)-A] )) && file='prefix for host key'
>      if (( $+words[(r)-[kIQ]] )); then
>        file=krl
> @@ -139,8 +170,9 @@ _ssh () {
>      fi
>      if (( arg = $words[(I)-Y*] )); then
>        [[ $words[arg] = -Y?* ]] || (( arg++ ))
> -      case $words[arg] in
> -	check*|verify)
> +      case ${words[arg]#-Y} in
> +        ^find-*) sigargs+=( "$p1-n+[specify namespace]:namespace" ) ;|
> +	check*|find*|verify)
>  	  sigargs+=( "$p1-s+[specify signature file]:signature file:-files" )
>  	;|
>  	sign) sigargs+=( '*:file:_files' ) ;;
> @@ -153,51 +185,55 @@ _ssh () {
>  	;;
>        esac
>      fi
> -    cmds=( -p -i -e -y -c -l -B -D -F -H -R -r -G -T -s -L -A -k -Q -Y ) # basic commands
> -    cmn=( -b -P -N -C -l -m -v ) # options common to many basic commands (except -f which is common to most)
> -    cms=( -E -q -t -g -M -S -a -J -j -K -W -I -h -n -O -V -u -U ) # options specific to one basic command
> +    cmds=( -p -i -e -y -c -l -B -D -F -H -K -R -r -M -s -L -A -k -Q -Y ) # basic commands
> +    cmn=( -a -b -P -N -C -l -m -O -v -w -Z ) # options common to many basic commands (except -f which is common to most)
> +    cms=( -E -q -t -g -M -I -h -n -V -u -U ) # options specific to one basic command
>      _arguments -s $args \
> -      "(${${(@)cmds:#-G}} -P ${${(@)cms:#-[MS]}})-b+[specify number of bits in key]:bits in key" \
> +      "${p1}(${${(@)cmds:#-[pcKAO]}} ${${(@)cms:#-[t]}} -O)-a+[specify number of rounds]:rounds" \
> +      "(${${(@)cmds:#-M}} -P ${${(@)cms:#-[MS]}})-b+[specify number of bits in key]:bits in key" \
>        "$p1(${${(@)cmds:#-[pc]}} -b $cms)-P+[provide old passphrase]:old passphrase" \
>        "(${${(@)cmds:#-p}} -v ${${(@)cms:#-[qt]}})-N+[provide new passphrase]:new passphrase" \
>        "(${${(@)cmds:#-c}} -v $cms)-C+[provide new comment]:new comment" \
> -      "(-D -G -M -S -I -h -n -O -V -A)-f+[$file file]:$file file:_files" \
> +      "(-D -I -h -n -V -A)-f+[$file file]:$file file:_files" \
>        "$p1(${${(@)cmds:#-[FE]}} ${${(@)cmn:#-v}} ${${(@)cms:#-E}})-l[show fingerprint of key file]" \
>        "$p1(${${(@)cmds:#-[iep]}} $cms)-m+[specify conversion format]:format [RFC4716]:(PEM PKCS8 RFC4716)" \
> +      "$p1*-O+[specify a key/value option]: : _values 'option' $options" \
>        "(${${(@)cmds:#-[lGT]}} ${${(@)cmn:#-[bv]}} -f)*-v[verbose mode]" \
> +      "$p1(${${(@)cmds:#-K}} -P ${${(@)cms:#-[qt]}})-w+[specify library used when creating FISO authenticator-hosted keys]:library:_files -g '*.(so|dylib)(|.<->)(-.)'" \
> +      "$p1(${${(@)cmds:#-p}} -l ${${(@)cms:#-[qt]}})-Z+[specify encryption cipher to use when writing a private key file]:cipher:compadd - $(_call_program ciphers ssh -Q cipher)" \
>        - '(commands)' \
> -      "(-b -l -C -v)-p[change passphrase of private key file]" \
> -      '(-b -l -P -N -C -v)-i[import key to OpenSSH format]' \
> -      '(-b -l -P -N -C -v)-e[export key to SECSH file format]' \
> +      "(-b -l -C -O -v -w)-p[change passphrase of private key file]" \
> +      "(${${(@)cmn:#-m}})-i[import key to OpenSSH format]" \
> +      "(${${(@)cmn:#-m}})-e[export key to SECSH file format]" \
>        "($cmn)-y[get public key from private key]" \
> -      '(-b -l -N -m -v)-c[change comment in private and public key files]' \
> +      "(${${(@)cmn:#-[aCP]}})-c[change comment in private and public key files]" \
>        "($cmn)-B[show the bubblebabble digest of key]" \
>        "(-)-D+[download key stored in smartcard reader]:reader" \
>        "(${${(@)cmn:#-[lv]}})-F+[search for host in known_hosts file]:host:_ssh_hosts" \
>        "($cmn)-H[hash names in known_hosts file]" \
> +      "(${${(@)cmn:#-[aw]}} -f)-K[download resident keys from a FIDO authenticator]" \
>        "($cmn)-R+[remove host from known_hosts file]:host:_ssh_hosts" \
> +      "(${${(@)cmn:#-O}})-M+[moduli generation]:action:((
> +          generate\:generate\ candidates\ for\ DH-GEX\ moduli
> +          screen\:screen\ candidates\ for\ DH-GEX\ moduli
> +      ))" \
>        "($cmn)-L[print the contents of a certificate]" \
> -      "($cmn -l)-A[generate host keys for all key types]" \
> +      "(${${(@)cmn:#-a}})-A[generate host keys for all key types]" \
>        "($cmn)-Q[test whether keys have been revoked in a KRL]" \
> +      "($cmn)-Y+[signature action]:action:((
> +        find-principals\:find\ the\ principal\ associated\ with\ the\ public\ key\ of\ a\ signature
> +        sign\:sign\ a\ file\ using\ SSH\ key
> +        verify\:verify\ a\ signature\ generated\ using\ the\ sign\ option
> +        check-novalidate\:check\ signature\ structure
> +      ))" \
>        - finger \
>        "$p1($cmn)$algopt" \
>        - create \
>        '(-P -l)-q[silence ssh-keygen]' \
> -      "(-P -l)-t+[specify the type of the key to create]:key type:(rsa dsa ecdsa ed25519)" \
> +      "(-P -l)-t+[specify the type of the key to create]:key type:(rsa dsa ecdsa ed25519 ecdsa-sk ed25519-sk)" \
>        - dns \
>        "($cmn)-r[print DNS resource record]:hostname:_hosts" \
>        "$p1($cmn)-g[use generic DNS format]" \
> -      - primes \
> -      "(-P -N -C -l -m -f)-G+[generate candidates for DH-GEX moduli]:output file:_files" \
> -      "$p1(-P -N -C -l -m -f)-M+[specify amount of memory to use for generating DH-GEX moduli]:memory (MB)" \
> -      "$p1(-P -N -C -l -m -f)-S+[specify start point]:start point (hex)" \
> -      - screen \
> -      "(${${(@)cmn:#-v}})-T+[screen candidates for DH-GEX moduli]:output file:_files" \
> -      "${p1}(${${(@)cmn:#-v}})-a+[specify number of rounds]:rounds" \
> -      "${p1}(${${(@)cmn:#-v}})-J[exit after screening specified number of lines]" \
> -      "${p1}(${${(@)cmn:#-v}})-j+[start screening at the specified line number]:line number" \
> -      "${p1}(${${(@)cmn:#-v}})-K+[write the last line processed to file]:file:_files" \
> -      "${p1}(${${(@)cmn:#-v}})-W[specify desired generator]:generator" \
>        - certify \
>        "($cmn)-s[$sdesc]:CA key:_files" \
>        "$p1($cmn -f -k -u)-I+[specify key identifier to include in certificate]:key id" \
> @@ -205,21 +241,10 @@ _ssh () {
>        "$p1($cmn -f -k -u -D)-U[indicate that CA key is held by ssh-agent]" \
>        "$p1($cmn -f -k -u -U)-D+[indicate the CA key is stored in a PKCS#11 token]:PKCS11 shared library:_files -g '*.(so|dylib)(|.<->)(-.)'" \
>        "$p1($cmn -f -k -u)-n+[specify user/host principal names to include in certificate]:principals" \
> -      "$p1($cmn -f -k -u)*-O+[specify a certificate option]: : _values 'option'
> -        clear critical\:name extension\:name force-command\:command\:_cmdstring
> -	no-agent-forwarding no-port-forwarding no-pty no-user-rc no-x11-forwarding
> -	permit-agent-forwarding permit-port-forwarding permit-pty permit-user-rc
> -	permit-x11-forwarding source-address\:source\ address" \
>        "$p1($cmn -f -u)-V+[specify certificate validity interval]:interval" \
>        "($cmn -I -h -n -D -O -U -V)-k[generate a KRL file]" \
>        "$p1($cmn -I -h -n -D -O -U -V)-u[update a KRL]" \
>        - signature \
> -      "($cmn)-Y+[signature action]:action:((
> -	sign\:sign\ a\ file\ using\ SSH\ key
> -	verify\:verify\ a\ signature\ generated\ using\ the\ sign\ option
> -	check-novalidate\:check\ signature\ structure
> -      ))" \
> -      "$p1-n+[specify namespace]:namespace" \
>        $sigargs
>      return
>    ;;
> @@ -244,6 +269,7 @@ _ssh () {
>        '-b+[specify batch file to read]:batch file:_files' \
>        '-D+[connect directly to a local sftp server]:sftp server path' \
>        '-f[request that files be flushed immediately after transfer]' \
> +      '-N[disable implicit quiet mode set by -b]' \
>        '-R+[specify number of outstanding requests]:number of requests [64]' \
>        '-s+[specify SSH2 subsystem or path to sftp server on the remote host]:subsystem/path' \
>        '1:file:->rfile' '*:file:->file' "$common[@]" "$common_transfer[@]" && ret=0
> 


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2021-04-20 22:18 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-20 18:54 PATCH: update options in openssh completion Oliver Kiddle
2021-04-20 22:18 ` Daniel Shahaf

zsh-workers

This inbox may be cloned and mirrored by anyone:

	git clone --mirror http://inbox.vuxu.org/zsh-workers

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V1 zsh-workers zsh-workers/ http://inbox.vuxu.org/zsh-workers \
		zsh-workers@zsh.org
	public-inbox-index zsh-workers

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://inbox.vuxu.org/vuxu.archive.zsh.workers


code repositories for the project(s) associated with this inbox:

	https://git.vuxu.org/mirror/zsh/

AGPL code for this site: git clone https://public-inbox.org/public-inbox.git