diff options
author | Damien Miller <djm@mindrot.org> | 2002-09-04 16:24:55 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2002-09-04 16:24:55 +1000 |
commit | b83df8d50531611cbd090d0d8f24789ea21386b1 (patch) | |
tree | 3a59a1474fba10b86e989ed5101fff761dc20779 | |
parent | 6cffb9a8cdc628d5310550265ebd41a4dab0a822 (diff) |
- espie@cvs.openbsd.org 2002/08/21 11:20:59
[sshd.8]
`RSA' updated to refer to `public key', where it matters.
okay markus@
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | sshd.8 | 16 |
2 files changed, 13 insertions, 9 deletions
@@ -3,6 +3,10 @@ | |||
3 | - markus@cvs.openbsd.org 2002/08/12 10:46:35 | 3 | - markus@cvs.openbsd.org 2002/08/12 10:46:35 |
4 | [ssh-agent.c] | 4 | [ssh-agent.c] |
5 | make ssh-agent setgid, disallow ptrace. | 5 | make ssh-agent setgid, disallow ptrace. |
6 | - espie@cvs.openbsd.org 2002/08/21 11:20:59 | ||
7 | [sshd.8] | ||
8 | `RSA' updated to refer to `public key', where it matters. | ||
9 | okay markus@ | ||
6 | 10 | ||
7 | 20020820 | 11 | 20020820 |
8 | - OpenBSD CVS Sync | 12 | - OpenBSD CVS Sync |
@@ -1544,4 +1548,4 @@ | |||
1544 | - (stevesk) entropy.c: typo in debug message | 1548 | - (stevesk) entropy.c: typo in debug message |
1545 | - (djm) ssh-keygen -i needs seeded RNG; report from markus@ | 1549 | - (djm) ssh-keygen -i needs seeded RNG; report from markus@ |
1546 | 1550 | ||
1547 | $Id: ChangeLog,v 1.2427 2002/09/04 06:20:26 djm Exp $ | 1551 | $Id: ChangeLog,v 1.2428 2002/09/04 06:24:55 djm Exp $ |
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: sshd.8,v 1.188 2002/08/12 17:30:35 stevesk Exp $ | 37 | .\" $OpenBSD: sshd.8,v 1.189 2002/08/21 11:20:59 espie Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSHD 8 | 39 | .Dt SSHD 8 |
40 | .Os | 40 | .Os |
@@ -389,9 +389,9 @@ Each RSA public key consists of the following fields, separated by | |||
389 | spaces: options, bits, exponent, modulus, comment. | 389 | spaces: options, bits, exponent, modulus, comment. |
390 | Each protocol version 2 public key consists of: | 390 | Each protocol version 2 public key consists of: |
391 | options, keytype, base64 encoded key, comment. | 391 | options, keytype, base64 encoded key, comment. |
392 | The options fields | 392 | The options field |
393 | are optional; its presence is determined by whether the line starts | 393 | is optional; its presence is determined by whether the line starts |
394 | with a number or not (the option field never starts with a number). | 394 | with a number or not (the options field never starts with a number). |
395 | The bits, exponent, modulus and comment fields give the RSA key for | 395 | The bits, exponent, modulus and comment fields give the RSA key for |
396 | protocol version 1; the | 396 | protocol version 1; the |
397 | comment field is not used for anything (but may be convenient for the | 397 | comment field is not used for anything (but may be convenient for the |
@@ -402,7 +402,7 @@ or | |||
402 | .Dq ssh-rsa . | 402 | .Dq ssh-rsa . |
403 | .Pp | 403 | .Pp |
404 | Note that lines in this file are usually several hundred bytes long | 404 | Note that lines in this file are usually several hundred bytes long |
405 | (because of the size of the RSA key modulus). | 405 | (because of the size of the public key encoding). |
406 | You don't want to type them in; instead, copy the | 406 | You don't want to type them in; instead, copy the |
407 | .Pa identity.pub , | 407 | .Pa identity.pub , |
408 | .Pa id_dsa.pub | 408 | .Pa id_dsa.pub |
@@ -421,7 +421,7 @@ The following option specifications are supported (note | |||
421 | that option keywords are case-insensitive): | 421 | that option keywords are case-insensitive): |
422 | .Bl -tag -width Ds | 422 | .Bl -tag -width Ds |
423 | .It Cm from="pattern-list" | 423 | .It Cm from="pattern-list" |
424 | Specifies that in addition to RSA authentication, the canonical name | 424 | Specifies that in addition to public key authentication, the canonical name |
425 | of the remote host must be present in the comma-separated list of | 425 | of the remote host must be present in the comma-separated list of |
426 | patterns | 426 | patterns |
427 | .Pf ( Ql * | 427 | .Pf ( Ql * |
@@ -433,7 +433,7 @@ patterns negated by prefixing them with | |||
433 | .Ql ! ; | 433 | .Ql ! ; |
434 | if the canonical host name matches a negated pattern, the key is not accepted. | 434 | if the canonical host name matches a negated pattern, the key is not accepted. |
435 | The purpose | 435 | The purpose |
436 | of this option is to optionally increase security: RSA authentication | 436 | of this option is to optionally increase security: public key authentication |
437 | by itself does not trust the network or name servers or anything (but | 437 | by itself does not trust the network or name servers or anything (but |
438 | the key); however, if somebody somehow steals the key, the key | 438 | the key); however, if somebody somehow steals the key, the key |
439 | permits an intruder to log in from anywhere in the world. | 439 | permits an intruder to log in from anywhere in the world. |
@@ -451,7 +451,7 @@ one must not request a pty or should specify | |||
451 | .Cm no-pty . | 451 | .Cm no-pty . |
452 | A quote may be included in the command by quoting it with a backslash. | 452 | A quote may be included in the command by quoting it with a backslash. |
453 | This option might be useful | 453 | This option might be useful |
454 | to restrict certain RSA keys to perform just a specific operation. | 454 | to restrict certain public keys to perform just a specific operation. |
455 | An example might be a key that permits remote backups but nothing else. | 455 | An example might be a key that permits remote backups but nothing else. |
456 | Note that the client may specify TCP/IP and/or X11 | 456 | Note that the client may specify TCP/IP and/or X11 |
457 | forwarding unless they are explicitly prohibited. | 457 | forwarding unless they are explicitly prohibited. |