diff options
author | Damien Miller <djm@mindrot.org> | 2013-12-18 17:46:27 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2013-12-18 17:46:27 +1100 |
commit | 8ba0ead6985ea14999265136b14ffd5aeec516f9 (patch) | |
tree | 1fdf16c075d97bbcbe5548ce8ec2082d04d3925c | |
parent | 4f752cf71cf44bf4bc777541156c2bf56daf9ce9 (diff) |
- naddy@cvs.openbsd.org 2013/12/07 11:58:46
[ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8 ssh.1]
[ssh_config.5 sshd.8 sshd_config.5]
add missing mentions of ed25519; ok djm@
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | ssh-add.1 | 9 | ||||
-rw-r--r-- | ssh-agent.1 | 11 | ||||
-rw-r--r-- | ssh-keygen.1 | 26 | ||||
-rw-r--r-- | ssh-keyscan.1 | 7 | ||||
-rw-r--r-- | ssh-keysign.8 | 6 | ||||
-rw-r--r-- | ssh.1 | 20 | ||||
-rw-r--r-- | ssh_config.5 | 10 | ||||
-rw-r--r-- | sshd.8 | 16 | ||||
-rw-r--r-- | sshd_config.5 | 10 |
10 files changed, 79 insertions, 40 deletions
@@ -3,6 +3,10 @@ | |||
3 | - djm@cvs.openbsd.org 2013/12/07 08:08:26 | 3 | - djm@cvs.openbsd.org 2013/12/07 08:08:26 |
4 | [ssh-keygen.1] | 4 | [ssh-keygen.1] |
5 | document -a and -o wrt new key format | 5 | document -a and -o wrt new key format |
6 | - naddy@cvs.openbsd.org 2013/12/07 11:58:46 | ||
7 | [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8 ssh.1] | ||
8 | [ssh_config.5 sshd.8 sshd_config.5] | ||
9 | add missing mentions of ed25519; ok djm@ | ||
6 | 10 | ||
7 | 20131208 | 11 | 20131208 |
8 | - (djm) [openbsd-compat/bsd-setres_id.c] Missing header; from Corinna | 12 | - (djm) [openbsd-compat/bsd-setres_id.c] Missing header; from Corinna |
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: ssh-add.1,v 1.58 2012/12/03 08:33:02 jmc Exp $ | 1 | .\" $OpenBSD: ssh-add.1,v 1.59 2013/12/07 11:58:46 naddy Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -35,7 +35,7 @@ | |||
35 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 35 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
36 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 36 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
37 | .\" | 37 | .\" |
38 | .Dd $Mdocdate: December 3 2012 $ | 38 | .Dd $Mdocdate: December 7 2013 $ |
39 | .Dt SSH-ADD 1 | 39 | .Dt SSH-ADD 1 |
40 | .Os | 40 | .Os |
41 | .Sh NAME | 41 | .Sh NAME |
@@ -57,7 +57,8 @@ adds private key identities to the authentication agent, | |||
57 | When run without arguments, it adds the files | 57 | When run without arguments, it adds the files |
58 | .Pa ~/.ssh/id_rsa , | 58 | .Pa ~/.ssh/id_rsa , |
59 | .Pa ~/.ssh/id_dsa , | 59 | .Pa ~/.ssh/id_dsa , |
60 | .Pa ~/.ssh/id_ecdsa | 60 | .Pa ~/.ssh/id_ecdsa , |
61 | .Pa ~/.ssh/id_ed25519 | ||
61 | and | 62 | and |
62 | .Pa ~/.ssh/identity . | 63 | .Pa ~/.ssh/identity . |
63 | After loading a private key, | 64 | After loading a private key, |
@@ -169,6 +170,8 @@ Contains the protocol version 1 RSA authentication identity of the user. | |||
169 | Contains the protocol version 2 DSA authentication identity of the user. | 170 | Contains the protocol version 2 DSA authentication identity of the user. |
170 | .It Pa ~/.ssh/id_ecdsa | 171 | .It Pa ~/.ssh/id_ecdsa |
171 | Contains the protocol version 2 ECDSA authentication identity of the user. | 172 | Contains the protocol version 2 ECDSA authentication identity of the user. |
173 | .It Pa ~/.ssh/id_ed25519 | ||
174 | Contains the protocol version 2 ED25519 authentication identity of the user. | ||
172 | .It Pa ~/.ssh/id_rsa | 175 | .It Pa ~/.ssh/id_rsa |
173 | Contains the protocol version 2 RSA authentication identity of the user. | 176 | Contains the protocol version 2 RSA authentication identity of the user. |
174 | .El | 177 | .El |
diff --git a/ssh-agent.1 b/ssh-agent.1 index bb801c902..281ecbdcf 100644 --- a/ssh-agent.1 +++ b/ssh-agent.1 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: ssh-agent.1,v 1.53 2010/11/21 01:01:13 djm Exp $ | 1 | .\" $OpenBSD: ssh-agent.1,v 1.54 2013/12/07 11:58:46 naddy Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .Dd $Mdocdate: November 21 2010 $ | 37 | .Dd $Mdocdate: December 7 2013 $ |
38 | .Dt SSH-AGENT 1 | 38 | .Dt SSH-AGENT 1 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -53,7 +53,7 @@ | |||
53 | .Sh DESCRIPTION | 53 | .Sh DESCRIPTION |
54 | .Nm | 54 | .Nm |
55 | is a program to hold private keys used for public key authentication | 55 | is a program to hold private keys used for public key authentication |
56 | (RSA, DSA, ECDSA). | 56 | (RSA, DSA, ECDSA, ED25519). |
57 | The idea is that | 57 | The idea is that |
58 | .Nm | 58 | .Nm |
59 | is started in the beginning of an X-session or a login session, and | 59 | is started in the beginning of an X-session or a login session, and |
@@ -115,7 +115,8 @@ When executed without arguments, | |||
115 | adds the files | 115 | adds the files |
116 | .Pa ~/.ssh/id_rsa , | 116 | .Pa ~/.ssh/id_rsa , |
117 | .Pa ~/.ssh/id_dsa , | 117 | .Pa ~/.ssh/id_dsa , |
118 | .Pa ~/.ssh/id_ecdsa | 118 | .Pa ~/.ssh/id_ecdsa , |
119 | .Pa ~/.ssh/id_ed25519 | ||
119 | and | 120 | and |
120 | .Pa ~/.ssh/identity . | 121 | .Pa ~/.ssh/identity . |
121 | If the identity has a passphrase, | 122 | If the identity has a passphrase, |
@@ -190,6 +191,8 @@ Contains the protocol version 1 RSA authentication identity of the user. | |||
190 | Contains the protocol version 2 DSA authentication identity of the user. | 191 | Contains the protocol version 2 DSA authentication identity of the user. |
191 | .It Pa ~/.ssh/id_ecdsa | 192 | .It Pa ~/.ssh/id_ecdsa |
192 | Contains the protocol version 2 ECDSA authentication identity of the user. | 193 | Contains the protocol version 2 ECDSA authentication identity of the user. |
194 | .It Pa ~/.ssh/id_ed25519 | ||
195 | Contains the protocol version 2 ED25519 authentication identity of the user. | ||
193 | .It Pa ~/.ssh/id_rsa | 196 | .It Pa ~/.ssh/id_rsa |
194 | Contains the protocol version 2 RSA authentication identity of the user. | 197 | Contains the protocol version 2 RSA authentication identity of the user. |
195 | .It Pa $TMPDIR/ssh-XXXXXXXXXX/agent.\*(Ltppid\*(Gt | 198 | .It Pa $TMPDIR/ssh-XXXXXXXXXX/agent.\*(Ltppid\*(Gt |
diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 689db22ff..09e401bf8 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: ssh-keygen.1,v 1.117 2013/12/07 08:08:26 djm Exp $ | 1 | .\" $OpenBSD: ssh-keygen.1,v 1.118 2013/12/07 11:58:46 naddy Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -139,8 +139,8 @@ | |||
139 | generates, manages and converts authentication keys for | 139 | generates, manages and converts authentication keys for |
140 | .Xr ssh 1 . | 140 | .Xr ssh 1 . |
141 | .Nm | 141 | .Nm |
142 | can create RSA keys for use by SSH protocol version 1 and DSA, ECDSA or RSA | 142 | can create RSA keys for use by SSH protocol version 1 and |
143 | keys for use by SSH protocol version 2. | 143 | DSA, ECDSA, ED25519 or RSA keys for use by SSH protocol version 2. |
144 | The type of key to be generated is specified with the | 144 | The type of key to be generated is specified with the |
145 | .Fl t | 145 | .Fl t |
146 | option. | 146 | option. |
@@ -167,8 +167,9 @@ Normally each user wishing to use SSH | |||
167 | with public key authentication runs this once to create the authentication | 167 | with public key authentication runs this once to create the authentication |
168 | key in | 168 | key in |
169 | .Pa ~/.ssh/identity , | 169 | .Pa ~/.ssh/identity , |
170 | .Pa ~/.ssh/id_dsa , | ||
170 | .Pa ~/.ssh/id_ecdsa , | 171 | .Pa ~/.ssh/id_ecdsa , |
171 | .Pa ~/.ssh/id_dsa | 172 | .Pa ~/.ssh/id_ed25519 |
172 | or | 173 | or |
173 | .Pa ~/.ssh/id_rsa . | 174 | .Pa ~/.ssh/id_rsa . |
174 | Additionally, the system administrator may use this to generate host keys, | 175 | Additionally, the system administrator may use this to generate host keys, |
@@ -216,7 +217,8 @@ should be placed to be activated. | |||
216 | The options are as follows: | 217 | The options are as follows: |
217 | .Bl -tag -width Ds | 218 | .Bl -tag -width Ds |
218 | .It Fl A | 219 | .It Fl A |
219 | For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys | 220 | For each of the key types (rsa1, rsa, dsa, ecdsa and ed25519) |
221 | for which host keys | ||
220 | do not exist, generate the host keys with the default key file path, | 222 | do not exist, generate the host keys with the default key file path, |
221 | an empty passphrase, default bits for the key type, and default comment. | 223 | an empty passphrase, default bits for the key type, and default comment. |
222 | This is used by | 224 | This is used by |
@@ -249,6 +251,9 @@ flag determines the key length by selecting from one of three elliptic | |||
249 | curve sizes: 256, 384 or 521 bits. | 251 | curve sizes: 256, 384 or 521 bits. |
250 | Attempting to use bit lengths other than these three values for ECDSA keys | 252 | Attempting to use bit lengths other than these three values for ECDSA keys |
251 | will fail. | 253 | will fail. |
254 | ED25519 keys have a fixed length and the | ||
255 | .Fl b | ||
256 | flag will be ignored. | ||
252 | .It Fl C Ar comment | 257 | .It Fl C Ar comment |
253 | Provides a new comment. | 258 | Provides a new comment. |
254 | .It Fl c | 259 | .It Fl c |
@@ -515,7 +520,8 @@ The possible values are | |||
515 | .Dq rsa1 | 520 | .Dq rsa1 |
516 | for protocol version 1 and | 521 | for protocol version 1 and |
517 | .Dq dsa , | 522 | .Dq dsa , |
518 | .Dq ecdsa | 523 | .Dq ecdsa , |
524 | .Dq ed25519 , | ||
519 | or | 525 | or |
520 | .Dq rsa | 526 | .Dq rsa |
521 | for protocol version 2. | 527 | for protocol version 2. |
@@ -795,8 +801,10 @@ There is no need to keep the contents of this file secret. | |||
795 | .Pp | 801 | .Pp |
796 | .It Pa ~/.ssh/id_dsa | 802 | .It Pa ~/.ssh/id_dsa |
797 | .It Pa ~/.ssh/id_ecdsa | 803 | .It Pa ~/.ssh/id_ecdsa |
804 | .It Pa ~/.ssh/id_ed25519 | ||
798 | .It Pa ~/.ssh/id_rsa | 805 | .It Pa ~/.ssh/id_rsa |
799 | Contains the protocol version 2 DSA, ECDSA or RSA authentication identity of the user. | 806 | Contains the protocol version 2 DSA, ECDSA, ED25519 or RSA |
807 | authentication identity of the user. | ||
800 | This file should not be readable by anyone but the user. | 808 | This file should not be readable by anyone but the user. |
801 | It is possible to | 809 | It is possible to |
802 | specify a passphrase when generating the key; that passphrase will be | 810 | specify a passphrase when generating the key; that passphrase will be |
@@ -809,8 +817,10 @@ will read this file when a login attempt is made. | |||
809 | .Pp | 817 | .Pp |
810 | .It Pa ~/.ssh/id_dsa.pub | 818 | .It Pa ~/.ssh/id_dsa.pub |
811 | .It Pa ~/.ssh/id_ecdsa.pub | 819 | .It Pa ~/.ssh/id_ecdsa.pub |
820 | .It Pa ~/.ssh/id_ed25519.pub | ||
812 | .It Pa ~/.ssh/id_rsa.pub | 821 | .It Pa ~/.ssh/id_rsa.pub |
813 | Contains the protocol version 2 DSA, ECDSA or RSA public key for authentication. | 822 | Contains the protocol version 2 DSA, ECDSA, ED25519 or RSA |
823 | public key for authentication. | ||
814 | The contents of this file should be added to | 824 | The contents of this file should be added to |
815 | .Pa ~/.ssh/authorized_keys | 825 | .Pa ~/.ssh/authorized_keys |
816 | on all machines | 826 | on all machines |
diff --git a/ssh-keyscan.1 b/ssh-keyscan.1 index 79dd6aa1c..65ef43efd 100644 --- a/ssh-keyscan.1 +++ b/ssh-keyscan.1 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: ssh-keyscan.1,v 1.32 2013/12/06 13:39:49 markus Exp $ | 1 | .\" $OpenBSD: ssh-keyscan.1,v 1.33 2013/12/07 11:58:46 naddy Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. | 3 | .\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. |
4 | .\" | 4 | .\" |
@@ -6,7 +6,7 @@ | |||
6 | .\" permitted provided that due credit is given to the author and the | 6 | .\" permitted provided that due credit is given to the author and the |
7 | .\" OpenBSD project by leaving this copyright notice intact. | 7 | .\" OpenBSD project by leaving this copyright notice intact. |
8 | .\" | 8 | .\" |
9 | .Dd $Mdocdate: December 6 2013 $ | 9 | .Dd $Mdocdate: December 7 2013 $ |
10 | .Dt SSH-KEYSCAN 1 | 10 | .Dt SSH-KEYSCAN 1 |
11 | .Os | 11 | .Os |
12 | .Sh NAME | 12 | .Sh NAME |
@@ -89,7 +89,8 @@ The possible values are | |||
89 | .Dq rsa1 | 89 | .Dq rsa1 |
90 | for protocol version 1 and | 90 | for protocol version 1 and |
91 | .Dq dsa , | 91 | .Dq dsa , |
92 | .Dq ecdsa | 92 | .Dq ecdsa , |
93 | .Dq ed25519 , | ||
93 | or | 94 | or |
94 | .Dq rsa | 95 | .Dq rsa |
95 | for protocol version 2. | 96 | for protocol version 2. |
diff --git a/ssh-keysign.8 b/ssh-keysign.8 index 5e0b2d232..69d082954 100644 --- a/ssh-keysign.8 +++ b/ssh-keysign.8 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: ssh-keysign.8,v 1.13 2013/07/16 00:07:52 schwarze Exp $ | 1 | .\" $OpenBSD: ssh-keysign.8,v 1.14 2013/12/07 11:58:46 naddy Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Copyright (c) 2002 Markus Friedl. All rights reserved. | 3 | .\" Copyright (c) 2002 Markus Friedl. All rights reserved. |
4 | .\" | 4 | .\" |
@@ -22,7 +22,7 @@ | |||
22 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 22 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
23 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 23 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
24 | .\" | 24 | .\" |
25 | .Dd $Mdocdate: July 16 2013 $ | 25 | .Dd $Mdocdate: December 7 2013 $ |
26 | .Dt SSH-KEYSIGN 8 | 26 | .Dt SSH-KEYSIGN 8 |
27 | .Os | 27 | .Os |
28 | .Sh NAME | 28 | .Sh NAME |
@@ -63,6 +63,7 @@ is enabled. | |||
63 | .Pp | 63 | .Pp |
64 | .It Pa /etc/ssh/ssh_host_dsa_key | 64 | .It Pa /etc/ssh/ssh_host_dsa_key |
65 | .It Pa /etc/ssh/ssh_host_ecdsa_key | 65 | .It Pa /etc/ssh/ssh_host_ecdsa_key |
66 | .It Pa /etc/ssh/ssh_host_ed25519_key | ||
66 | .It Pa /etc/ssh/ssh_host_rsa_key | 67 | .It Pa /etc/ssh/ssh_host_rsa_key |
67 | These files contain the private parts of the host keys used to | 68 | These files contain the private parts of the host keys used to |
68 | generate the digital signature. | 69 | generate the digital signature. |
@@ -74,6 +75,7 @@ must be set-uid root if host-based authentication is used. | |||
74 | .Pp | 75 | .Pp |
75 | .It Pa /etc/ssh/ssh_host_dsa_key-cert.pub | 76 | .It Pa /etc/ssh/ssh_host_dsa_key-cert.pub |
76 | .It Pa /etc/ssh/ssh_host_ecdsa_key-cert.pub | 77 | .It Pa /etc/ssh/ssh_host_ecdsa_key-cert.pub |
78 | .It Pa /etc/ssh/ssh_host_ed25519_key-cert.pub | ||
77 | .It Pa /etc/ssh/ssh_host_rsa_key-cert.pub | 79 | .It Pa /etc/ssh/ssh_host_rsa_key-cert.pub |
78 | If these files exist they are assumed to contain public certificate | 80 | If these files exist they are assumed to contain public certificate |
79 | information corresponding with the private keys above. | 81 | information corresponding with the private keys above. |
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: ssh.1,v 1.342 2013/11/26 12:14:54 jmc Exp $ | 36 | .\" $OpenBSD: ssh.1,v 1.343 2013/12/07 11:58:46 naddy Exp $ |
37 | .Dd $Mdocdate: November 26 2013 $ | 37 | .Dd $Mdocdate: December 7 2013 $ |
38 | .Dt SSH 1 | 38 | .Dt SSH 1 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -279,7 +279,8 @@ The default is | |||
279 | .Pa ~/.ssh/identity | 279 | .Pa ~/.ssh/identity |
280 | for protocol version 1, and | 280 | for protocol version 1, and |
281 | .Pa ~/.ssh/id_dsa , | 281 | .Pa ~/.ssh/id_dsa , |
282 | .Pa ~/.ssh/id_ecdsa | 282 | .Pa ~/.ssh/id_ecdsa , |
283 | .Pa ~/.ssh/id_ed25519 | ||
283 | and | 284 | and |
284 | .Pa ~/.ssh/id_rsa | 285 | .Pa ~/.ssh/id_rsa |
285 | for protocol version 2. | 286 | for protocol version 2. |
@@ -757,7 +758,7 @@ key pair for authentication purposes. | |||
757 | The server knows the public key, and only the user knows the private key. | 758 | The server knows the public key, and only the user knows the private key. |
758 | .Nm | 759 | .Nm |
759 | implements public key authentication protocol automatically, | 760 | implements public key authentication protocol automatically, |
760 | using one of the DSA, ECDSA or RSA algorithms. | 761 | using one of the DSA, ECDSA, ED25519 or RSA algorithms. |
761 | Protocol 1 is restricted to using only RSA keys, | 762 | Protocol 1 is restricted to using only RSA keys, |
762 | but protocol 2 may use any. | 763 | but protocol 2 may use any. |
763 | The HISTORY section of | 764 | The HISTORY section of |
@@ -784,6 +785,8 @@ This stores the private key in | |||
784 | (protocol 2 DSA), | 785 | (protocol 2 DSA), |
785 | .Pa ~/.ssh/id_ecdsa | 786 | .Pa ~/.ssh/id_ecdsa |
786 | (protocol 2 ECDSA), | 787 | (protocol 2 ECDSA), |
788 | .Pa ~/.ssh/id_ed25519 | ||
789 | (protocol 2 ED25519), | ||
787 | or | 790 | or |
788 | .Pa ~/.ssh/id_rsa | 791 | .Pa ~/.ssh/id_rsa |
789 | (protocol 2 RSA) | 792 | (protocol 2 RSA) |
@@ -794,6 +797,8 @@ and stores the public key in | |||
794 | (protocol 2 DSA), | 797 | (protocol 2 DSA), |
795 | .Pa ~/.ssh/id_ecdsa.pub | 798 | .Pa ~/.ssh/id_ecdsa.pub |
796 | (protocol 2 ECDSA), | 799 | (protocol 2 ECDSA), |
800 | .Pa ~/.ssh/id_ed25519.pub | ||
801 | (protocol 2 ED25519), | ||
797 | or | 802 | or |
798 | .Pa ~/.ssh/id_rsa.pub | 803 | .Pa ~/.ssh/id_rsa.pub |
799 | (protocol 2 RSA) | 804 | (protocol 2 RSA) |
@@ -1333,8 +1338,8 @@ secret, but the recommended permissions are read/write/execute for the user, | |||
1333 | and not accessible by others. | 1338 | and not accessible by others. |
1334 | .Pp | 1339 | .Pp |
1335 | .It Pa ~/.ssh/authorized_keys | 1340 | .It Pa ~/.ssh/authorized_keys |
1336 | Lists the public keys (DSA/ECDSA/RSA) that can be used for logging in as | 1341 | Lists the public keys (DSA, ECDSA, ED25519, RSA) |
1337 | this user. | 1342 | that can be used for logging in as this user. |
1338 | The format of this file is described in the | 1343 | The format of this file is described in the |
1339 | .Xr sshd 8 | 1344 | .Xr sshd 8 |
1340 | manual page. | 1345 | manual page. |
@@ -1356,6 +1361,7 @@ above. | |||
1356 | .It Pa ~/.ssh/identity | 1361 | .It Pa ~/.ssh/identity |
1357 | .It Pa ~/.ssh/id_dsa | 1362 | .It Pa ~/.ssh/id_dsa |
1358 | .It Pa ~/.ssh/id_ecdsa | 1363 | .It Pa ~/.ssh/id_ecdsa |
1364 | .It Pa ~/.ssh/id_ed25519 | ||
1359 | .It Pa ~/.ssh/id_rsa | 1365 | .It Pa ~/.ssh/id_rsa |
1360 | Contains the private key for authentication. | 1366 | Contains the private key for authentication. |
1361 | These files | 1367 | These files |
@@ -1370,6 +1376,7 @@ sensitive part of this file using 3DES. | |||
1370 | .It Pa ~/.ssh/identity.pub | 1376 | .It Pa ~/.ssh/identity.pub |
1371 | .It Pa ~/.ssh/id_dsa.pub | 1377 | .It Pa ~/.ssh/id_dsa.pub |
1372 | .It Pa ~/.ssh/id_ecdsa.pub | 1378 | .It Pa ~/.ssh/id_ecdsa.pub |
1379 | .It Pa ~/.ssh/id_ed25519.pub | ||
1373 | .It Pa ~/.ssh/id_rsa.pub | 1380 | .It Pa ~/.ssh/id_rsa.pub |
1374 | Contains the public key for authentication. | 1381 | Contains the public key for authentication. |
1375 | These files are not | 1382 | These files are not |
@@ -1409,6 +1416,7 @@ The file format and configuration options are described in | |||
1409 | .It Pa /etc/ssh/ssh_host_key | 1416 | .It Pa /etc/ssh/ssh_host_key |
1410 | .It Pa /etc/ssh/ssh_host_dsa_key | 1417 | .It Pa /etc/ssh/ssh_host_dsa_key |
1411 | .It Pa /etc/ssh/ssh_host_ecdsa_key | 1418 | .It Pa /etc/ssh/ssh_host_ecdsa_key |
1419 | .It Pa /etc/ssh/ssh_host_ed25519_key | ||
1412 | .It Pa /etc/ssh/ssh_host_rsa_key | 1420 | .It Pa /etc/ssh/ssh_host_rsa_key |
1413 | These files contain the private parts of the host keys | 1421 | These files contain the private parts of the host keys |
1414 | and are used for host-based authentication. | 1422 | and are used for host-based authentication. |
diff --git a/ssh_config.5 b/ssh_config.5 index 43455342a..7b2fdacbb 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: ssh_config.5,v 1.182 2013/12/06 13:39:49 markus Exp $ | 36 | .\" $OpenBSD: ssh_config.5,v 1.183 2013/12/07 11:58:46 naddy Exp $ |
37 | .Dd $Mdocdate: December 6 2013 $ | 37 | .Dd $Mdocdate: December 7 2013 $ |
38 | .Dt SSH_CONFIG 5 | 38 | .Dt SSH_CONFIG 5 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -718,6 +718,7 @@ The default for this option is: | |||
718 | ecdsa-sha2-nistp256-cert-v01@openssh.com, | 718 | ecdsa-sha2-nistp256-cert-v01@openssh.com, |
719 | ecdsa-sha2-nistp384-cert-v01@openssh.com, | 719 | ecdsa-sha2-nistp384-cert-v01@openssh.com, |
720 | ecdsa-sha2-nistp521-cert-v01@openssh.com, | 720 | ecdsa-sha2-nistp521-cert-v01@openssh.com, |
721 | ssh-ed25519-cert-v01@openssh.com, | ||
721 | ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com, | 722 | ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com, |
722 | ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com, | 723 | ssh-rsa-cert-v00@openssh.com,ssh-dss-cert-v00@openssh.com, |
723 | ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, | 724 | ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, |
@@ -763,13 +764,14 @@ offers many different identities. | |||
763 | The default is | 764 | The default is |
764 | .Dq no . | 765 | .Dq no . |
765 | .It Cm IdentityFile | 766 | .It Cm IdentityFile |
766 | Specifies a file from which the user's DSA, ECDSA or RSA authentication | 767 | Specifies a file from which the user's DSA, ECDSA, ED25519 or RSA authentication |
767 | identity is read. | 768 | identity is read. |
768 | The default is | 769 | The default is |
769 | .Pa ~/.ssh/identity | 770 | .Pa ~/.ssh/identity |
770 | for protocol version 1, and | 771 | for protocol version 1, and |
771 | .Pa ~/.ssh/id_dsa , | 772 | .Pa ~/.ssh/id_dsa , |
772 | .Pa ~/.ssh/id_ecdsa | 773 | .Pa ~/.ssh/id_ecdsa , |
774 | .Pa ~/.ssh/id_ed25519 | ||
773 | and | 775 | and |
774 | .Pa ~/.ssh/id_rsa | 776 | .Pa ~/.ssh/id_rsa |
775 | for protocol version 2. | 777 | for protocol version 2. |
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: sshd.8,v 1.272 2013/12/06 15:29:07 jmc Exp $ | 36 | .\" $OpenBSD: sshd.8,v 1.273 2013/12/07 11:58:46 naddy Exp $ |
37 | .Dd $Mdocdate: December 6 2013 $ | 37 | .Dd $Mdocdate: December 7 2013 $ |
38 | .Dt SSHD 8 | 38 | .Dt SSHD 8 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -175,7 +175,8 @@ The default is | |||
175 | .Pa /etc/ssh/ssh_host_key | 175 | .Pa /etc/ssh/ssh_host_key |
176 | for protocol version 1, and | 176 | for protocol version 1, and |
177 | .Pa /etc/ssh/ssh_host_dsa_key , | 177 | .Pa /etc/ssh/ssh_host_dsa_key , |
178 | .Pa /etc/ssh/ssh_host_ecdsa_key | 178 | .Pa /etc/ssh/ssh_host_ecdsa_key . |
179 | .Pa /etc/ssh/ssh_host_ed25519_key | ||
179 | and | 180 | and |
180 | .Pa /etc/ssh/ssh_host_rsa_key | 181 | .Pa /etc/ssh/ssh_host_rsa_key |
181 | for protocol version 2. | 182 | for protocol version 2. |
@@ -280,7 +281,7 @@ though this can be changed via the | |||
280 | .Cm Protocol | 281 | .Cm Protocol |
281 | option in | 282 | option in |
282 | .Xr sshd_config 5 . | 283 | .Xr sshd_config 5 . |
283 | Protocol 2 supports DSA, ECDSA and RSA keys; | 284 | Protocol 2 supports DSA, ECDSA, ED25519 and RSA keys; |
284 | protocol 1 only supports RSA keys. | 285 | protocol 1 only supports RSA keys. |
285 | For both protocols, | 286 | For both protocols, |
286 | each host has a host-specific key, | 287 | each host has a host-specific key, |
@@ -507,6 +508,7 @@ You don't want to type them in; instead, copy the | |||
507 | .Pa identity.pub , | 508 | .Pa identity.pub , |
508 | .Pa id_dsa.pub , | 509 | .Pa id_dsa.pub , |
509 | .Pa id_ecdsa.pub , | 510 | .Pa id_ecdsa.pub , |
511 | .Pa id_ed25519.pub , | ||
510 | or the | 512 | or the |
511 | .Pa id_rsa.pub | 513 | .Pa id_rsa.pub |
512 | file and edit it. | 514 | file and edit it. |
@@ -806,8 +808,8 @@ secret, but the recommended permissions are read/write/execute for the user, | |||
806 | and not accessible by others. | 808 | and not accessible by others. |
807 | .Pp | 809 | .Pp |
808 | .It Pa ~/.ssh/authorized_keys | 810 | .It Pa ~/.ssh/authorized_keys |
809 | Lists the public keys (DSA/ECDSA/RSA) that can be used for logging in | 811 | Lists the public keys (DSA, ECDSA, ED25519, RSA) |
810 | as this user. | 812 | that can be used for logging in as this user. |
811 | The format of this file is described above. | 813 | The format of this file is described above. |
812 | The content of the file is not highly sensitive, but the recommended | 814 | The content of the file is not highly sensitive, but the recommended |
813 | permissions are read/write for the user, and not accessible by others. | 815 | permissions are read/write for the user, and not accessible by others. |
@@ -887,6 +889,7 @@ rlogin/rsh. | |||
887 | .It Pa /etc/ssh/ssh_host_key | 889 | .It Pa /etc/ssh/ssh_host_key |
888 | .It Pa /etc/ssh/ssh_host_dsa_key | 890 | .It Pa /etc/ssh/ssh_host_dsa_key |
889 | .It Pa /etc/ssh/ssh_host_ecdsa_key | 891 | .It Pa /etc/ssh/ssh_host_ecdsa_key |
892 | .It Pa /etc/ssh/ssh_host_ed25519_key | ||
890 | .It Pa /etc/ssh/ssh_host_rsa_key | 893 | .It Pa /etc/ssh/ssh_host_rsa_key |
891 | These files contain the private parts of the host keys. | 894 | These files contain the private parts of the host keys. |
892 | These files should only be owned by root, readable only by root, and not | 895 | These files should only be owned by root, readable only by root, and not |
@@ -898,6 +901,7 @@ does not start if these files are group/world-accessible. | |||
898 | .It Pa /etc/ssh/ssh_host_key.pub | 901 | .It Pa /etc/ssh/ssh_host_key.pub |
899 | .It Pa /etc/ssh/ssh_host_dsa_key.pub | 902 | .It Pa /etc/ssh/ssh_host_dsa_key.pub |
900 | .It Pa /etc/ssh/ssh_host_ecdsa_key.pub | 903 | .It Pa /etc/ssh/ssh_host_ecdsa_key.pub |
904 | .It Pa /etc/ssh/ssh_host_ed25519_key.pub | ||
901 | .It Pa /etc/ssh/ssh_host_rsa_key.pub | 905 | .It Pa /etc/ssh/ssh_host_rsa_key.pub |
902 | These files contain the public parts of the host keys. | 906 | These files contain the public parts of the host keys. |
903 | These files should be world-readable but writable only by | 907 | These files should be world-readable but writable only by |
diff --git a/sshd_config.5 b/sshd_config.5 index 0418c86ed..0ae1740bb 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: sshd_config.5,v 1.168 2013/11/21 08:05:09 jmc Exp $ | 36 | .\" $OpenBSD: sshd_config.5,v 1.169 2013/12/07 11:58:46 naddy Exp $ |
37 | .Dd $Mdocdate: November 21 2013 $ | 37 | .Dd $Mdocdate: December 7 2013 $ |
38 | .Dt SSHD_CONFIG 5 | 38 | .Dt SSHD_CONFIG 5 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -540,7 +540,8 @@ The default is | |||
540 | .Pa /etc/ssh/ssh_host_key | 540 | .Pa /etc/ssh/ssh_host_key |
541 | for protocol version 1, and | 541 | for protocol version 1, and |
542 | .Pa /etc/ssh/ssh_host_dsa_key , | 542 | .Pa /etc/ssh/ssh_host_dsa_key , |
543 | .Pa /etc/ssh/ssh_host_ecdsa_key | 543 | .Pa /etc/ssh/ssh_host_ecdsa_key , |
544 | .Pa /etc/ssh/ssh_host_ed25519_key | ||
544 | and | 545 | and |
545 | .Pa /etc/ssh/ssh_host_rsa_key | 546 | .Pa /etc/ssh/ssh_host_rsa_key |
546 | for protocol version 2. | 547 | for protocol version 2. |
@@ -551,7 +552,8 @@ It is possible to have multiple host key files. | |||
551 | .Dq rsa1 | 552 | .Dq rsa1 |
552 | keys are used for version 1 and | 553 | keys are used for version 1 and |
553 | .Dq dsa , | 554 | .Dq dsa , |
554 | .Dq ecdsa | 555 | .Dq ecdsa , |
556 | .Dq ed25519 | ||
555 | or | 557 | or |
556 | .Dq rsa | 558 | .Dq rsa |
557 | are used for version 2 of the SSH protocol. | 559 | are used for version 2 of the SSH protocol. |