-.\" $OpenBSD: ssh-keygen.1,v 1.180 2019/12/21 20:22:34 naddy Exp $
+.\" $OpenBSD: ssh-keygen.1,v 1.181 2019/12/27 08:25:07 jmc Exp $
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: December 21 2019 $
+.Dd $Mdocdate: December 27 2019 $
.Dt SSH-KEYGEN 1
.Os
.Sh NAME
.Xr sshd 8
will refuse such signatures by default, unless overridden via
an authorized_keys option.
-.It Fl y
-This option will read a private
-OpenSSH format file and print an OpenSSH public key to stdout.
.It Fl Y Cm sign
Cryptographically sign a file or some data using a SSH key.
When signing,
Successful testing of the signature is signalled by
.Nm
returning a zero exit status.
+.It Fl y
+This option will read a private
+OpenSSH format file and print an OpenSSH public key to stdout.
.It Fl z Ar serial_number
Specifies a serial number to be embedded in the certificate to distinguish
this certificate from others from the same CA.