upstream commit
since these pages now clearly tell folks to avoid v1,
normalise the docs from a v2 perspective (i.e. stop pointing out which bits
are v2 only);
ok/tweaks djm ok markus
Upstream-ID: eb474f8c36fb6a532dc05c282f7965e38dcfa129
diff --git a/ssh.1 b/ssh.1
index afc3537..cc53343 100644
--- a/ssh.1
+++ b/ssh.1
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.368 2016/02/16 07:47:54 jmc Exp $
-.Dd $Mdocdate: February 16 2016 $
+.\" $OpenBSD: ssh.1,v 1.369 2016/02/17 07:38:19 jmc Exp $
+.Dd $Mdocdate: February 17 2016 $
.Dt SSH 1
.Os
.Sh NAME
@@ -402,17 +402,15 @@
for details.
.Pp
.It Fl m Ar mac_spec
-Additionally, for protocol version 2 a comma-separated list of MAC
-(message authentication code) algorithms can
-be specified in order of preference.
+A comma-separated list of MAC (message authentication code) algorithms,
+specified in order of preference.
See the
.Cm MACs
keyword for more information.
.Pp
.It Fl N
Do not execute a remote command.
-This is useful for just forwarding ports
-(protocol version 2 only).
+This is useful for just forwarding ports.
.Pp
.It Fl n
Redirects stdin from
@@ -664,8 +662,8 @@
.Pp
.It Fl s
May be used to request invocation of a subsystem on the remote system.
-Subsystems are a feature of the SSH2 protocol which facilitate the use
-of SSH as a secure transport for other applications (eg.\&
+Subsystems facilitate the use of SSH
+as a secure transport for other applications (e.g.\&
.Xr sftp 1 ) .
The subsystem is specified as the remote command.
.Pp
@@ -710,7 +708,6 @@
.Cm ExitOnForwardFailure
and
.Cm ClearAllForwardings .
-Works with Protocol version 2 only.
.Pp
.It Fl w Xo
.Ar local_tun Ns Op : Ns Ar remote_tun
@@ -795,8 +792,10 @@
and
.Fl 2
options (see above).
-Protocol 1 should not be used - it suffers from a number of cryptographic
-weaknesses and is only offered to support legacy devices.
+Protocol 1 should not be used
+and is only offered to support legacy devices.
+It suffers from a number of cryptographic weaknesses
+and doesn't support many of the advanced features available for protocol 2.
.Pp
The methods available for authentication are:
GSSAPI-based authentication,
@@ -805,8 +804,9 @@
challenge-response authentication,
and password authentication.
Authentication methods are tried in the order specified above,
-though protocol 2 has a configuration option to change the default order:
-.Cm PreferredAuthentications .
+though
+.Cm PreferredAuthentications
+can be used to change the default order.
.Pp
Host-based authentication works as follows:
If the machine the user logs in from is listed in
@@ -850,8 +850,6 @@
.Nm
implements public key authentication protocol automatically,
using one of the DSA, ECDSA, Ed25519 or RSA algorithms.
-Protocol 1 is restricted to using only RSA keys,
-but protocol 2 may use any.
The HISTORY section of
.Xr ssl 8
contains a brief discussion of the DSA and RSA algorithms.
@@ -873,26 +871,26 @@
.Pa ~/.ssh/identity
(protocol 1),
.Pa ~/.ssh/id_dsa
-(protocol 2 DSA),
+(DSA),
.Pa ~/.ssh/id_ecdsa
-(protocol 2 ECDSA),
+(ECDSA),
.Pa ~/.ssh/id_ed25519
-(protocol 2 Ed25519),
+(Ed25519),
or
.Pa ~/.ssh/id_rsa
-(protocol 2 RSA)
+(RSA)
and stores the public key in
.Pa ~/.ssh/identity.pub
(protocol 1),
.Pa ~/.ssh/id_dsa.pub
-(protocol 2 DSA),
+(DSA),
.Pa ~/.ssh/id_ecdsa.pub
-(protocol 2 ECDSA),
+(ECDSA),
.Pa ~/.ssh/id_ed25519.pub
-(protocol 2 Ed25519),
+(Ed25519),
or
.Pa ~/.ssh/id_rsa.pub
-(protocol 2 RSA)
+(RSA)
in the user's home directory.
The user should then copy the public key
to
@@ -930,8 +928,6 @@
The server sends an arbitrary
.Qq challenge
text, and prompts for a response.
-Protocol 2 allows multiple challenges and responses;
-protocol 1 is restricted to just one challenge/response.
Examples of challenge-response authentication include
.Bx
Authentication (see
@@ -1030,7 +1026,7 @@
Display a list of escape characters.
.It Cm ~B
Send a BREAK to the remote system
-(only useful for SSH protocol version 2 and if the peer supports it).
+(only useful if the peer supports it).
.It Cm ~C
Open command line.
Currently this allows the addition of port forwardings using the
@@ -1063,7 +1059,7 @@
option.
.It Cm ~R
Request rekeying of the connection
-(only useful for SSH protocol version 2 and if the peer supports it).
+(only useful if the peer supports it).
.It Cm ~V
Decrease the verbosity
.Pq Ic LogLevel
@@ -1531,20 +1527,6 @@
.It Pa /etc/ssh/ssh_host_rsa_key
These files contain the private parts of the host keys
and are used for host-based authentication.
-If protocol version 1 is used,
-.Nm
-must be setuid root, since the host key is readable only by root.
-For protocol version 2,
-.Nm
-uses
-.Xr ssh-keysign 8
-to access the host keys,
-eliminating the requirement that
-.Nm
-be setuid root when host-based authentication is used.
-By default
-.Nm
-is not setuid root.
.Pp
.It Pa /etc/ssh/ssh_known_hosts
Systemwide list of known host keys.