.ie \n(.g .ds Aq \(aq .el .ds Aq ' .TH sshd-openpgp-auth-init 1 "sshd-openpgp-auth-init " .SH NAME sshd\-openpgp\-auth\-init \- Initialize a new OpenPGP certificate, that serves as trust anchor for public SSH host keys .SH SYNOPSIS \fBsshd\-openpgp\-auth init\fR [\fB\-e\fR|\fB\-\-expiry\fR] [\fB\-o\fR|\fB\-\-openpgp\-dir\fR] [\fB\-s\fR|\fB\-\-stdout\fR] [\fB\-t\fR|\fB\-\-time\fR] [\fB\-h\fR|\fB\-\-help\fR] <\fIHOST\fR> .SH DESCRIPTION Initialize a new OpenPGP certificate, that serves as trust anchor for public SSH host keys .PP By default this function creates an OpenPGP certificate for a hostname, that is valid from now for the next 365 days and writes it to a file in "/var/lib/sshd\-openpgp\-auth/". The validity period, as well as the point in time from which the certificate is valid can be adjusted. Additionally, the certificate may be written to stdout instead of a file. .SH OPTIONS .TP \fB\-e\fR, \fB\-\-expiry\fR=\fIEXPIRY\fR The expiry period in days from reference time (defaults to 365) .RS May also be specified with the \fBSOA_EXPIRY\fR environment variable. .RE .TP \fB\-o\fR, \fB\-\-openpgp\-dir\fR=\fIDIR\fR A custom directory into which the OpenPGP certificate is written (defaults to "/var/lib/sshd\-openpgp\-auth/") .RS May also be specified with the \fBSOA_OPENPGP_DIR\fR environment variable. .RE .TP \fB\-s\fR, \fB\-\-stdout\fR Output the OpenPGP certificate to stdout instead of a file .TP \fB\-t\fR, \fB\-\-time\fR=\fITIME\fR A custom reference time formatted as an RFC3339 string (defaults to now) .RS May also be specified with the \fBSOA_TIME\fR environment variable. .RE .TP \fB\-h\fR, \fB\-\-help\fR Print help (see a summary with \*(Aq\-h\*(Aq) .TP <\fIHOST\fR> The hostname, as fully qualified domain name (FQDN), for which a certificate is created