- naddy@cvs.openbsd.org 2010/09/10 15:19:29
[ssh-keygen.1]
* mention ECDSA in more places
* less repetition in FILES section
* SSHv1 keys are still encrypted with 3DES
help and ok jmc@
diff --git a/ChangeLog b/ChangeLog
index c3c18d7..a605d86 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,12 @@
+20100924
+ - (djm) OpenBSD CVS Sync
+ - naddy@cvs.openbsd.org 2010/09/10 15:19:29
+ [ssh-keygen.1]
+ * mention ECDSA in more places
+ * less repetition in FILES section
+ * SSHv1 keys are still encrypted with 3DES
+ help and ok jmc@
+
20100910
- (dtucker) [openbsd-compat/port-linux.c] Check is_selinux_enabled for exact
return code since it can apparently return -1 under some conditions. From
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 4b95a4e..b970023 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-keygen.1,v 1.99 2010/08/31 11:54:45 djm Exp $
+.\" $OpenBSD: ssh-keygen.1,v 1.100 2010/09/10 15:19:29 naddy Exp $
.\"
.\" -*- nroff -*-
.\"
@@ -37,7 +37,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: August 31 2010 $
+.Dd $Mdocdate: September 10 2010 $
.Dt SSH-KEYGEN 1
.Os
.Sh NAME
@@ -125,7 +125,7 @@
generates, manages and converts authentication keys for
.Xr ssh 1 .
.Nm
-can create RSA keys for use by SSH protocol version 1 and RSA, DSA or ECDSA
+can create RSA keys for use by SSH protocol version 1 and DSA, ECDSA or RSA
keys for use by SSH protocol version 2.
The type of key to be generated is specified with the
.Fl t
@@ -427,9 +427,10 @@
The possible values are
.Dq rsa1
for protocol version 1 and
-.Dq rsa
+.Dq dsa ,
+.Dq ecdsa
or
-.Dq dsa
+.Dq rsa
for protocol version 2.
.It Fl V Ar validity_interval
Specify a validity interval when signing a certificate.
@@ -606,18 +607,19 @@
.Xr ssh 1 .
Please refer to those manual pages for details.
.Sh FILES
-.Bl -tag -width Ds
+.Bl -tag -width Ds -compact
.It Pa ~/.ssh/identity
Contains the protocol version 1 RSA authentication identity of the user.
This file should not be readable by anyone but the user.
It is possible to
specify a passphrase when generating the key; that passphrase will be
-used to encrypt the private part of this file using 128-bit AES.
+used to encrypt the private part of this file using 3DES.
This file is not automatically accessed by
.Nm
but it is offered as the default file for the private key.
.Xr ssh 1
will read this file when a login attempt is made.
+.Pp
.It Pa ~/.ssh/identity.pub
Contains the protocol version 1 RSA public key for authentication.
The contents of this file should be added to
@@ -625,26 +627,11 @@
on all machines
where the user wishes to log in using RSA authentication.
There is no need to keep the contents of this file secret.
+.Pp
.It Pa ~/.ssh/id_dsa
-Contains the protocol version 2 DSA authentication identity of the user.
-This file should not be readable by anyone but the user.
-It is possible to
-specify a passphrase when generating the key; that passphrase will be
-used to encrypt the private part of this file using 128-bit AES.
-This file is not automatically accessed by
-.Nm
-but it is offered as the default file for the private key.
-.Xr ssh 1
-will read this file when a login attempt is made.
-.It Pa ~/.ssh/id_dsa.pub
-Contains the protocol version 2 DSA public key for authentication.
-The contents of this file should be added to
-.Pa ~/.ssh/authorized_keys
-on all machines
-where the user wishes to log in using public key authentication.
-There is no need to keep the contents of this file secret.
+.It Pa ~/.ssh/id_ecdsa
.It Pa ~/.ssh/id_rsa
-Contains the protocol version 2 RSA authentication identity of the user.
+Contains the protocol version 2 DSA, ECDSA or RSA authentication identity of the user.
This file should not be readable by anyone but the user.
It is possible to
specify a passphrase when generating the key; that passphrase will be
@@ -654,13 +641,17 @@
but it is offered as the default file for the private key.
.Xr ssh 1
will read this file when a login attempt is made.
+.Pp
+.It Pa ~/.ssh/id_dsa.pub
+.It Pa ~/.ssh/id_ecdsa.pub
.It Pa ~/.ssh/id_rsa.pub
-Contains the protocol version 2 RSA public key for authentication.
+Contains the protocol version 2 DSA, ECDSA or RSA public key for authentication.
The contents of this file should be added to
.Pa ~/.ssh/authorized_keys
on all machines
where the user wishes to log in using public key authentication.
There is no need to keep the contents of this file secret.
+.Pp
.It Pa /etc/moduli
Contains Diffie-Hellman groups used for DH-GEX.
The file format is described in