- jmc@cvs.openbsd.org 2010/02/26 22:09:28
[ssh-keygen.1 ssh.1 sshd.8]
tweak previous;
diff --git a/ChangeLog b/ChangeLog
index c8b36eb..aad1cd2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,9 @@
20100303
- (djm) [PROTOCOL.certkeys] Add RCS Ident
+ - OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2010/02/26 22:09:28
+ [ssh-keygen.1 ssh.1 sshd.8]
+ tweak previous;
20100302
- (tim) [config.guess config.sub] Bug 1722: Update to latest versions from
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 772caf7..d704f06 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-keygen.1,v 1.84 2010/02/26 20:29:54 djm Exp $
+.\" $OpenBSD: ssh-keygen.1,v 1.85 2010/02/26 22:09:28 jmc Exp $
.\"
.\" -*- nroff -*-
.\"
@@ -107,6 +107,7 @@
.Op Fl a Ar num_trials
.Op Fl W Ar generator
.Nm ssh-keygen
+.Bk -words
.Fl s Ar ca_key
.Fl I Ar certificate_identity
.Op Fl h
@@ -114,6 +115,7 @@
.Op Fl O Ar constraint
.Op Fl V Ar validity_interval
.Ar
+.Ek
.Sh DESCRIPTION
.Nm
generates, manages and converts authentication keys for
@@ -259,7 +261,7 @@
Please see the
.Sx CERTIFICATES
section for details.
-.It Fl I
+.It Fl I Ar certificate_identity
Specify the key identity when signing a public key.
Please see the
.Sx CERTIFICATES
@@ -303,21 +305,21 @@
The constraints that are valid for user certificates are:
.Bl -tag -width Ds
.It Ic no-x11-forwarding
-Disable X11 forwarding. (permitted by default)
+Disable X11 forwarding (permitted by default).
.It Ic no-agent-forwarding
Disable
.Xr ssh-agent 1
-forwarding. (permitted by default)
+forwarding (permitted by default).
.It Ic no-port-forwarding
-Disable port forwarding. (permitted by default)
+Disable port forwarding (permitted by default).
.It Ic no-pty
-Disable PTY allocation. (permitted by default)
+Disable PTY allocation (permitted by default).
.It Ic no-user-rc
Disable execution of
.Pa ~/.ssh/rc
by
-.Xr sshd 8 .
-(permitted by default)
+.Xr sshd 8
+(permitted by default).
.It Ic clear
Clear all enabled permissions.
This is useful for clearing the default set of permissions so permissions may
@@ -504,7 +506,8 @@
.Nm
supports two types of certificates: user and host.
User certificates authenticate users to servers, whereas host certificates
-authenticate server hosts to users. To generate a user certificate:
+authenticate server hosts to users.
+To generate a user certificate:
.Pp
.Dl $ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub
.Pp
diff --git a/ssh.1 b/ssh.1
index 7d8f92a..183dc27 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.295 2010/02/26 20:29:54 djm Exp $
+.\" $OpenBSD: ssh.1,v 1.296 2010/02/26 22:09:28 jmc Exp $
.Dd $Mdocdate: February 26 2010 $
.Dt SSH 1
.Os
@@ -1121,7 +1121,6 @@
section of
.Xr ssh-keygen 1
for more details.
-.Pp
.Sh SSH-BASED VIRTUAL PRIVATE NETWORKS
.Nm
contains support for Virtual Private Network (VPN) tunnelling
diff --git a/sshd.8 b/sshd.8
index fcd5195..88a86f9 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd.8,v 1.251 2010/02/26 20:29:54 djm Exp $
+.\" $OpenBSD: sshd.8,v 1.252 2010/02/26 22:09:28 jmc Exp $
.Dd $Mdocdate: February 26 2010 $
.Dt SSHD 8
.Os
@@ -102,15 +102,6 @@
.It Fl b Ar bits
Specifies the number of bits in the ephemeral protocol version 1
server key (default 1024).
-.It Fl c Ar host_certificate_file
-Specifies a path to a certificate file to identify
-.Nm
-during key exchange.
-The certificate file must match a host key file specified using the
-.Fl -h
-option or the
-.Cm HostKey
-configuration directive.
.It Fl C Ar connection_spec
Specify the connection parameters to use for the
.Fl T
@@ -129,6 +120,15 @@
All are required and may be supplied in any order, either with multiple
.Fl C
options or as a comma-separated list.
+.It Fl c Ar host_certificate_file
+Specifies a path to a certificate file to identify
+.Nm
+during key exchange.
+The certificate file must match a host key file specified using the
+.Fl h
+option or the
+.Cm HostKey
+configuration directive.
.It Fl D
When this option is specified,
.Nm