fish-shell/share/completions/ssh-keygen.fish

# ssh-keygen
complete -c ssh-keygen -s a -x -d "number of KDF rounds used [default 16]"
complete -c ssh-keygen -s b -x -d "number of bits in the key"
complete -c ssh-keygen -s c -d "change the comment in the private and public key files"

complete -c ssh-keygen -s N -x -d "provide the new passphrase"
complete -c ssh-keygen -s P -x -d "provide the (old) passphrase"
complete -c ssh-keygen -s p -d "request changing the passphrase of a private key file"
complete -c ssh-keygen -s L -d "print the contents of one or more certificates"
complete -c ssh-keygen -s l -d "show fingerprint of public key file"
complete -c ssh-keygen -s v -d "verbose mode: print debugging messages about its progress"

complete -c ssh-keygen -s f -r -d "filename of key file"
complete -c ssh-keygen -s C -x -d "comment of the generated key"
complete -c ssh-keygen -s t -x -d "type of key to create" -a "dsa ecdsa ecdsa-sk ed25519 ed25519-sk rsa"

complete -c ssh-keygen -s A -f -d 'generate host keys of all default key types (rsa, ecdsa, and ed25519)'
complete -c ssh-keygen -s B -f -d 'show the bubblebabble digest of specified key file'
complete -c ssh-keygen -s D -f -d 'download the public keys provided by shared library pkcs11'
complete -c ssh-keygen -s E -x -d 'hash algorithm used when displaying key fingerprints' -a 'md5 sha256'
complete -c ssh-keygen -s e -d 'print public key of a OpenSSH key file in a format specified by the -m option'
complete -c ssh-keygen -s F -x -d 'find hashed host names or addresses in a known_hosts file'
complete -c ssh-keygen -s g -d 'use generic DNS format when printing fingerprint resource records using -r command'
complete -c ssh-keygen -s H -d 'hash a known_hosts file'
complete -c ssh-keygen -s h -d 'create a host certificate when signing a key'
complete -c ssh-keygen -s I -r -d 'specify the key identity when signing a public key'
complete -c ssh-keygen -s i -d 'print an OpenSSH compatible private (or public) key'
complete -c ssh-keygen -s K -d 'download resident keys from a FIDO authenticator'
complete -c ssh-keygen -s k -d 'generate a KRL file'
complete -c ssh-keygen -s M -r -d 'candidate Diffie-Hellman Group Exchange (DH-GEX) parameters' -a ' generate  screen'
complete -c ssh-keygen -s m -r -d 'key format for key generation, for -i, -e and -p flag' -a 'RFC4716 PKCS8 PEM'
complete -c ssh-keygen -s n -r -d 'specify principals (user or host names) to be included in a certificate when signing a key'
complete -c ssh-keygen -s O -d 'specify a key/value option'
complete -c ssh-keygen -s Q -d 'whether keys have been revoked in a KRL'
complete -c ssh-keygen -s q -d 'silence ssh-keygen'
complete -c ssh-keygen -s R -x -d 'removes all keys belonging to the specified hostname from a known_hosts file'
complete -c ssh-keygen -s r -x -d 'print the SSHFP fingerprint resource record named hostname'
complete -c ssh-keygen -s s -r -d 'sign a public key using the specified CA key'
complete -c ssh-keygen -s U -d 'indicates that a CA key resides in a ssh-agent'
complete -c ssh-keygen -s u -d 'update a KRL'
complete -c ssh-keygen -s V -x -d 'specify a validity interval when signing a certificate'
complete -c ssh-keygen -s w -r -d 'path to a needed library when creating FIDO authenticator-hosted keys'
complete -c ssh-keygen -s Y -x -a "\
	find-principals\t'find the principal(s) associated with the public key of a signature'
	match-principals\t'find principal matching the principal name provided using the -I flag'
	check-novalidate\t'check that a signature generated using -Y sign has a valid structure'
	sign\t'Cryptographically sign a file or some data using an SSH key'
	verify\t'Request to verify a signature generated using -Y sign'
"
complete -c ssh-keygen -s y -d 'print an OpenSSH public key from a private OpenSSH format file'
# Note: `ssh -Q` is not available on old versions
complete -c ssh-keygen -s Z -x -d 'cipher kind used for encryption an OpenSSH-format private key file' -a "(ssh -Q cipher 2>/dev/null)"
complete -c ssh-keygen -s z -x -d 'serial number embedded in the certificate'