upstream: use better markup for challenge and write-attestation, and
rejig the challenge text a little;
ok djm
OpenBSD-Commit-ID: 9f351e6da9edfdc907d5c3fdaf2e9ff3ab0a7a6f
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 3494fbc..f0e76aa 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-keygen.1,v 1.198 2020/02/02 07:36:50 jmc Exp $
+.\" $OpenBSD: ssh-keygen.1,v 1.199 2020/02/03 08:15:37 jmc Exp $
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: February 2 2020 $
+.Dd $Mdocdate: February 3 2020 $
.Dt SSH-KEYGEN 1
.Os
.Sh NAME
@@ -472,14 +472,12 @@
Override the default FIDO application/origin string of
.Dq ssh: .
This may be useful when generating host or domain-specific resident keys.
-.It Cm challenge=path
+.It Cm challenge Ns = Ns Ar path
Specifies a path to a challenge string that will be passed to the
FIDO token during key generation.
-The challenge string is optional, but may be used as part of an out-of-band
-protocol for key enrollment.
-If no
-.Cm challenge
-is specified, a random challenge is used.
+The challenge string may be used as part of an out-of-band
+protocol for key enrollment
+(a random challenge is used by default).
.It Cm device
Explicitly specify a
.Xr fido 4
@@ -502,7 +500,7 @@
overriding the empty default username.
Specifying a username may be useful when generating multiple resident keys
for the same application name.
-.It Cm write-attestation=path
+.It Cm write-attestation Ns = Ns Ar path
May be used at key generation time to record the attestation certificate
returned from FIDO tokens during key generation.
By default this information is discarded.