# ssh-keygen(1) completion -*- shell-script -*-
_comp_cmd_ssh_keygen()
{
local cur prev words cword comp_args
_comp_initialize -n := -- "$@" || return
local IFS=$' \t\n' # for ${words[*]}
local noargopts='!(-*|*[ aCIJjMNPSVWzbEFRDwfGKsTmnOrtY]*)'
# shellcheck disable=SC2254
case $prev in
-${noargopts}[aCIJjMNPSVWz])
return
;;
-${noargopts}b)
local -a sizes=()
case "${words[*]}" in
*" -t dsa"?( *))
sizes=(1024)
;;
*" -t ecdsa"?( *))
sizes=(256 384 521)
;;
*" -t rsa"?( *))
sizes=(1024 2048 3072 4096)
;;
esac
((${#sizes[@]})) &&
_comp_compgen -- -W '"${sizes[@]}"'
return
;;
-${noargopts}E)
_comp_compgen -- -W 'md5 sha256'
return
;;
-${noargopts}[FR])
# TODO: trim this down to actual entries in known hosts files
_comp_compgen_known_hosts -- "$cur"
return
;;
-${noargopts}[Dw])
_comp_compgen_filedir so
return
;;
-${noargopts}[fGKsT])
_comp_compgen_filedir
return
;;
-${noargopts}m)
_comp_compgen -- -W 'PEM PKCS8 RFC4716'
return
;;
-${noargopts}n)
[[ ${words[*]} != *\ -*Y\ * ]] || return
if [[ ${words[*]} == *\ -*h\ * ]]; then
_comp_compgen_known_hosts -- "${cur##*,}"
((${#COMPREPLY[@]})) &&
_comp_delimited , -W '"${COMPREPLY[@]}"'
else
_comp_delimited , -u
fi
return
;;
-${noargopts}O)
if [[ $cur != *=* ]]; then
local -a opts=()
case ${words[*]} in
*\ -${noargopts}M\ *)
opts=(
lines= start-line= checkpoint= memory= start=
generator=
)
;;
*\ -${noargopts}r\ *)
opts=(hashalg=)
;;
*\ -${noargopts}s\ *)
opts=(
clear critical: extension: force-command=
no-agent-forwarding no-port-forwarding no-pty
no-user-rc no-x11-forwarding permit-agent-forwarding
permit-port-forwarding permit-pty permit-user-rc
permit-X11-forwarding no-touch-required
source-address= verify-required
)
;;
*\ -${noargopts}t\ +([a-z0-9])-sk\ *)
opts=(
application= challenge= device= no-touch-required
resident user= verify-required write-attestation=
)
;;
*\ -${noargopts}Y\ *)
opts=(hashalg= print-pubkey verify-time)
;;
esac
((${#opts[@]})) &&
_comp_compgen -- -W '"${opts[@]}"'
[[ ${COMPREPLY-} == *[:=] ]] && compopt -o nospace
_comp_ltrim_colon_completions "$cur"
else
case $cur in
force-command=*)
compopt -o filenames
_comp_compgen -c "${cur#*=}" commands
;;
checkpoint=* | challenge=* | write-attestation=*)
_comp_compgen -c "${cur#*=}" filedir
;;
application=*([^:=]))
_comp_compgen -c "${cur#*=}" -- -W "ssh:"
compopt -o nospace
;;
user=*)
_comp_compgen -c "${cur#*=}" -- -u
;;
hashalg=*)
local -a args=()
case ${words[*]} in
*\ -*Y\ *)
args=(sha256 sha512)
;;
*\ -*r\ *)
args=(sha1 sha256)
;;
esac
((${#args[@]})) &&
_comp_compgen -c "${cur#*=}" -- -W '"${args[@]}"'
;;
esac
fi
return
;;
-${noargopts}r)
[[ ${words[*]} != *\ -${noargopts}Y\ * ]] || _comp_compgen_filedir
return
;;
-${noargopts}t)
# Prefer `ssh` from same dir for resolving options, etc
local pathcmd protocols
pathcmd=$(type -P -- "$1") && local PATH=${pathcmd%/*}:$PATH
_comp_compgen -v protocols -x ssh query protocol-version
local types='dsa ecdsa ecdsa-sk ed25519 ed25519-sk rsa'
if [[ ${protocols[*]} == *1* ]]; then
types+=' rsa1'
fi
_comp_compgen -- -W "$types"
return
;;
-${noargopts}Y)
_comp_compgen -- -W 'find-principals check-novalidate sign verify'
return
;;
esac
_comp_compgen_set
if [[ $cur == -* ]]; then
_comp_compgen_usage -- "-?" ||
_comp_compgen_help -- "-?" # OpenSSH < 7
fi
if [[ ${words[*]} == *\ -${noargopts}s\ * ]]; then
_comp_compgen -a filedir pub
fi
} &&
complete -F _comp_cmd_ssh_keygen ssh-keygen
# ex: filetype=sh