- itojun@cvs.openbsd.org 2001/04/10 09:13:22
[ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
document id_rsa{.pub,}. markus ok
diff --git a/ChangeLog b/ChangeLog
index 0039e90..038f18a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,9 @@
- markus@cvs.openbsd.org 2001/04/10 07:46:58
[channels.c]
cleanup socks4 handling
+ - itojun@cvs.openbsd.org 2001/04/10 09:13:22
+ [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
+ document id_rsa{.pub,}. markus ok
20010410
- OpenBSD CVS Sync
@@ -4996,4 +4999,4 @@
- Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1
-$Id: ChangeLog,v 1.1094 2001/04/11 15:57:50 mouring Exp $
+$Id: ChangeLog,v 1.1095 2001/04/11 15:59:35 mouring Exp $
diff --git a/ssh-add.1 b/ssh-add.1
index 3cdf337..d7725c6 100644
--- a/ssh-add.1
+++ b/ssh-add.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-add.1,v 1.23 2001/04/09 15:19:49 markus Exp $
+.\" $OpenBSD: ssh-add.1,v 1.24 2001/04/10 09:13:21 itojun Exp $
.\"
.\" -*- nroff -*-
.\"
@@ -80,7 +80,7 @@
.Sh FILES
.Bl -tag -width Ds
.It Pa $HOME/.ssh/identity
-Contains the RSA authentication identity of the user.
+Contains the protocol version 1 RSA authentication identity of the user.
This file should not be readable by anyone but the user.
Note that
.Nm
@@ -92,7 +92,9 @@
.Nm
when no other files have been specified.
.It Pa $HOME/.ssh/id_dsa
-Contains the DSA authentication identity of the user.
+Contains the protocol version 2 DSA authentication identity of the user.
+.It Pa $HOME/.ssh/id_rsa
+Contains the protocol version 2 RSA authentication identity of the user.
.El
.Sh ENVIRONMENT
.Bl -tag -width Ds
diff --git a/ssh-agent.1 b/ssh-agent.1
index a14f359..1d21469 100644
--- a/ssh-agent.1
+++ b/ssh-agent.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-agent.1,v 1.23 2001/04/02 17:32:23 deraadt Exp $
+.\" $OpenBSD: ssh-agent.1,v 1.24 2001/04/10 09:13:21 itojun Exp $
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -142,7 +142,7 @@
.Sh FILES
.Bl -tag -width Ds
.It Pa $HOME/.ssh/identity
-Contains the RSA authentication identity of the user.
+Contains the protocol version 1 RSA authentication identity of the user.
This file should not be readable by anyone but the user.
It is possible to
specify a passphrase when generating the key; that passphrase will be
@@ -153,7 +153,9 @@
.Xr ssh-add 1
at login time.
.It Pa $HOME/.ssh/id_dsa
-Contains the DSA authentication identity of the user.
+Contains the protocol version 2 DSA authentication identity of the user.
+.It Pa $HOME/.ssh/id_rsa
+Contains the protocol version 2 RSA authentication identity of the user.
.It Pa /tmp/ssh-XXXXXXXX/agent.<pid>
Unix-domain sockets used to contain the connection to the
authentication agent.
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index a391468..6808ede 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-keygen.1,v 1.35 2001/03/11 22:33:23 markus Exp $
+.\" $OpenBSD: ssh-keygen.1,v 1.36 2001/04/10 09:13:21 itojun Exp $
.\"
.\" -*- nroff -*-
.\"
@@ -89,9 +89,10 @@
Normally each user wishing to use SSH
with RSA or DSA authentication runs this once to create the authentication
key in
-.Pa $HOME/.ssh/identity
+.Pa $HOME/.ssh/identity ,
+.Pa $HOME/.ssh/id_dsa
or
-.Pa $HOME/.ssh/id_dsa .
+.Pa $HOME/.ssh/id_rsa .
Additionally, the system administrator may use this to generate host keys,
as seen in
.Pa /etc/rc .
@@ -191,7 +192,7 @@
.Sh FILES
.Bl -tag -width Ds
.It Pa $HOME/.ssh/identity
-Contains the RSA authentication identity of the user.
+Contains the protocol version 1 RSA authentication identity of the user.
This file should not be readable by anyone but the user.
It is possible to
specify a passphrase when generating the key; that passphrase will be
@@ -202,14 +203,14 @@
.Xr sshd 8
will read this file when a login attempt is made.
.It Pa $HOME/.ssh/identity.pub
-Contains the public key for authentication.
+Contains the protocol version 1 RSA public key for authentication.
The contents of this file should be added to
.Pa $HOME/.ssh/authorized_keys
on all machines
where you wish to log in using RSA authentication.
There is no need to keep the contents of this file secret.
.It Pa $HOME/.ssh/id_dsa
-Contains the DSA authentication identity of the user.
+Contains the protocol version 2 DSA authentication identity of the user.
This file should not be readable by anyone but the user.
It is possible to
specify a passphrase when generating the key; that passphrase will be
@@ -220,7 +221,25 @@
.Xr sshd 8
will read this file when a login attempt is made.
.It Pa $HOME/.ssh/id_dsa.pub
-Contains the public key for authentication.
+Contains the protocol version 2 DSA public key for authentication.
+The contents of this file should be added to
+.Pa $HOME/.ssh/authorized_keys2
+on all machines
+where you wish to log in using public key authentication.
+There is no need to keep the contents of this file secret.
+.It Pa $HOME/.ssh/id_rsa
+Contains the protocol version 2 RSA authentication identity of the user.
+This file should not be readable by anyone but the user.
+It is possible to
+specify a passphrase when generating the key; that passphrase will be
+used to encrypt the private part of this file using 3DES.
+This file is not automatically accessed by
+.Nm
+but it is offered as the default file for the private key.
+.Xr sshd 8
+will read this file when a login attempt is made.
+.It Pa $HOME/.ssh/id_rsa.pub
+Contains the protocol version 2 RSA public key for authentication.
The contents of this file should be added to
.Pa $HOME/.ssh/authorized_keys2
on all machines
diff --git a/ssh.1 b/ssh.1
index 1d30a7c..e775d0d 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.101 2001/04/05 15:45:43 markus Exp $
+.\" $OpenBSD: ssh.1,v 1.102 2001/04/10 09:13:22 itojun Exp $
.Dd September 25, 1999
.Dt SSH 1
.Os
@@ -212,8 +212,10 @@
The public key method is similar to RSA authentication described
in the previous section except that the DSA or RSA algorithm is used
instead.
-The client uses his private key
+The client uses his private key,
.Pa $HOME/.ssh/id_dsa
+or
+.Pa $HOME/.ssh/id_rsa ,
to sign the session identifier and sends the result to the server.
The server checks whether the matching public key is listed in
.Pa $HOME/.ssh/authorized_keys2
@@ -1136,8 +1138,9 @@
for protocol version 2).
See
.Xr sshd 8 .
-.It Pa $HOME/.ssh/identity, $HOME/.ssh/id_dsa
-Contains the RSA and the DSA authentication identity of the user.
+.It Pa $HOME/.ssh/identity, $HOME/.ssh/id_dsa, $HOME/.ssh/id_rsa
+Contains the authentication identity of the user.
+They are for protocol 1 RSA, protocol 2 DSA, and protocol 2 RSA, respectively.
These files
contain sensitive data and should be readable by the user but not
accessible by others (read/write/execute).
@@ -1147,7 +1150,7 @@
It is possible to specify a passphrase when
generating the key; the passphrase will be used to encrypt the
sensitive part of this file using 3DES.
-.It Pa $HOME/.ssh/identity.pub, $HOME/.ssh/id_dsa.pub
+.It Pa $HOME/.ssh/identity.pub, $HOME/.ssh/id_dsa.pub, $HOME/.ssh/id_rsa.pub
Contains the public key for authentication (public part of the
identity file in human-readable form).
The contents of the
@@ -1155,13 +1158,15 @@
file should be added to
.Pa $HOME/.ssh/authorized_keys
on all machines
-where you wish to log in using RSA authentication.
+where you wish to log in using protocol version 1 RSA authentication.
The contents of the
.Pa $HOME/.ssh/id_dsa.pub
+and
+.Pa $HOME/.ssh/id_rsa.pub
file should be added to
.Pa $HOME/.ssh/authorized_keys2
on all machines
-where you wish to log in using DSA authentication.
+where you wish to log in using protocol version 2 DSA/RSA authentication.
These files are not
sensitive and can (but need not) be readable by anyone.
These files are
diff --git a/sshd.8 b/sshd.8
index 54b7861..4611c06 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd.8,v 1.112 2001/04/09 18:00:15 stevesk Exp $
+.\" $OpenBSD: sshd.8,v 1.113 2001/04/10 09:13:22 itojun Exp $
.Dd September 25, 1999
.Dt SSHD 8
.Os
@@ -821,9 +821,10 @@
Note that lines in this file are usually several hundred bytes long
(because of the size of the RSA key modulus).
You don't want to type them in; instead, copy the
-.Pa identity.pub
-or the
+.Pa identity.pub ,
.Pa id_dsa.pub
+or the
+.Pa id_rsa.pub
file and edit it.
.Pp
The options (if present) consist of comma-separated option
@@ -1014,6 +1015,8 @@
The format of this file is described above.
Users will place the contents of their
.Pa id_dsa.pub
+and/or
+.Pa id_rsa.pub
files into this file, as described in
.Xr ssh-keygen 1 .
.It Pa "/etc/ssh_known_hosts" and "$HOME/.ssh/known_hosts"