upstream: shuffle the challenge keyword to keep the -O list sorted;

OpenBSD-Commit-ID: 08efad608b790949a9a048d65578fae9ed5845fe

diff --git a/ssh-keygen.1 b/ssh-keygen.1
index c6a9761832db79cf36bbae9de62f8aa06391efaa..3494fbceb687965e0f0da0f93a5d872f4a4887eb 100644 (file)
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\"    $OpenBSD: ssh-keygen.1,v 1.197 2020/01/28 08:01:34 djm Exp $
+.\"    $OpenBSD: ssh-keygen.1,v 1.198 2020/02/02 07:36:50 jmc Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: January 28 2020 $
+.Dd $Mdocdate: February 2 2020 $
 .Dt SSH-KEYGEN 1
 .Os
 .Sh NAME
@@ -472,6 +472,14 @@ Those supported at present are:
 Override the default FIDO application/origin string of
 .Dq ssh: .
 This may be useful when generating host or domain-specific resident keys.
+.It Cm challenge=path
+Specifies a path to a challenge string that will be passed to the
+FIDO token during key generation.
+The challenge string is optional, but may be used as part of an out-of-band
+protocol for key enrollment.
+If no
+.Cm challenge
+is specified, a random challenge is used.
 .It Cm device
 Explicitly specify a
 .Xr fido 4
@@ -483,14 +491,6 @@ Note that
 .Xr sshd 8
 will refuse such signatures by default, unless overridden via
 an authorized_keys option.
-.It Cm challenge=path
-Specifies a path to a challenge string that will be passed to the
-FIDO token during key generation.
-The challenge string is optional, but may be used as part of an out-of-band
-protocol for key enrollment.
-If no
-.Cm challenge
-is specified, a random challenge is used.
 .It Cm resident
 Indicate that the key should be stored on the FIDO authenticator itself.
 Resident keys may be supported on FIDO2 tokens and typically require that