From owner-freebsd-current@FreeBSD.ORG  Mon Feb 17 05:01:15 2014
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 20B5DD63
 for <freebsd-current@freebsd.org>; Mon, 17 Feb 2014 05:01:15 +0000 (UTC)
Received: from dmz-mailsec-scanner-8.mit.edu (dmz-mailsec-scanner-8.mit.edu
 [18.7.68.37])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by mx1.freebsd.org (Postfix) with ESMTPS id B979B1436
 for <freebsd-current@freebsd.org>; Mon, 17 Feb 2014 05:01:14 +0000 (UTC)
X-AuditID: 12074425-f79906d000000cf9-f4-53019665b879
Received: from mailhub-auth-2.mit.edu ( [18.7.62.36])
 (using TLS with cipher AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by dmz-mailsec-scanner-8.mit.edu (Symantec Messaging Gateway) with SMTP id
 87.42.03321.56691035; Sun, 16 Feb 2014 23:56:05 -0500 (EST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11])
 by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id s1H4u5Zu010174;
 Sun, 16 Feb 2014 23:56:05 -0500
Received: from multics.mit.edu (system-low-sipb.mit.edu [18.187.2.37])
 (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU)
 by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id s1H4u2nt015320
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT);
 Sun, 16 Feb 2014 23:56:04 -0500
Received: (from kaduk@localhost) by multics.mit.edu (8.12.9.20060308)
 id s1H4u2oa000344; Sun, 16 Feb 2014 23:56:02 -0500 (EST)
Date: Sun, 16 Feb 2014 23:56:02 -0500 (EST)
From: Benjamin Kaduk <bjk@freebsd.org>
X-X-Sender: kaduk@multics.mit.edu
To: Ruslan Makhmatkhanov <cvs-src@yandex.ru>
Subject: Re: ssh-keygen -Z
In-Reply-To: <53008ECD.2070004@yandex.ru>
Message-ID: <alpine.GSO.1.10.1402162348050.1213@multics.mit.edu>
References: <53008ECD.2070004@yandex.ru>
User-Agent: Alpine 1.10 (GSO 962 2008-03-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrJIsWRmVeSWpSXmKPExsUixG6nops6jTHYoOGDucWbTa9ZLOa8+cDk
 wOQx49N8Fo/DDf0sAUxRXDYpqTmZZalF+nYJXBntRy6wFLxgrfh8+B9jA+N5li5GTg4JAROJ
 h7N7mSBsMYkL99azdTFycQgJzGaSmNF/gB3C2cgocerCUWYI5xCTxKbmBqiyBkaJzWf2MoL0
 swhoS7w79gPMZhNQk3i8t5kVYq6ixOZTk5hBbBEBHYkXm7vAbGYBQ4nuw4fA6oUFpCS+zLoA
 dhOngKbErs07wG7iFXCQ2LBjH1CcA2iZhsTDe5IgYVGgMav3T2GBKBGUODnzCQvESEuJc3+u
 s01gFJqFJDULSWoBI9MqRtmU3Crd3MTMnOLUZN3i5MS8vNQiXQu93MwSvdSU0k2M4BB2Ud3B
 OOGQ0iFGAQ5GJR5eg2rGYCHWxLLiytxDjJIcTEqivNkTgEJ8SfkplRmJxRnxRaU5qcWHGCU4
 mJVEeN3jgHK8KYmVValF+TApaQ4WJXHeWotfQUIC6YklqdmpqQWpRTBZGQ4OJQles6lAjYJF
 qempFWmZOSUIaSYOTpDhPEDD+UFqeIsLEnOLM9Mh8qcYFaXEeaeCJARAEhmleXC9sBTzilEc
 6BVh3hCQKh5geoLrfgU0mAlo8KrTf4OABpckIqSkGhgF+ITvnn7i8M9nuwjDWTFJnzyl7stH
 /23cteCAcM2+d0V9yTL8XfmXb6yZfM1g+qc5rdxHtjPznwoRv/KPa6WQnX6i3+79vBUnlRwO
 zd11bttvFZ0JAfMWSrxdcs6w7/CPEEvljapTmz/8+31iJ+/s38o3/q7+pFHOMOtCZ7YEb/q5
 j6+ndx48ocRSnJFoqMVcVJwIAAdQnEIMAwAA
Cc: FreeBSD Current <freebsd-current@freebsd.org>
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>,
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Feb 2014 05:01:15 -0000

On Sun, 16 Feb 2014, Ruslan Makhmatkhanov wrote:

> Hello,
>
> there is -Z parameter in ssh-keygen --help output, but no mention of it in 
> ssh-keygen's man-page. Any clue what values this parameter accept?

It is the "new-format ciphername", which can be used for RSA keys if the 
new format file is being used, and is used for the elliptic curve keys, if 
I'm reading things correctly. I guess that would mean that it accepts 
things like "chacha20-poly1305@openssh.com" and "aes256-ctr" (see the 
table ciphers[] in cipher.c), though I don't know which ones make sense to 
pass in there.

I guess we should ask the OpenBSD folks to document it, the -Z argument 
was added to ssh-keygen.c in r1.237 back in December.

-Ben