- jakob@cvs.openbsd.org 2004/08/12 21:41:13

[ssh-keygen.1 ssh.1] improve SSHFP documentation; ok deraadt@
author: Darren Tucker <dtucker@zip.com.au> 2004-08-13 21:22:40 +1000
committer: Darren Tucker <dtucker@zip.com.au> 2004-08-13 21:22:40 +1000
commit: 0b42e6d95b915309187281e968049cb61b750c69 (patch)
tree: f4ffcfbc81898172b512c4640e5acab28b43f4e6
parent: bcf279783add401b9c8384b68fc4c30fa1391a22 (diff)
3 files changed, 21 insertions, 6 deletions
diff --git a/ChangeLog b/ChangeLog
index 01bcf22e6..53506beb8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -12,6 +12,9 @@
   - djm@cvs.openbsd.org 2004/08/12 09:18:24
     [sshlogin.c]
     typo in error message, spotted by moritz AT jodeit.org (Id sync only)
+   - jakob@cvs.openbsd.org 2004/08/12 21:41:13
+     [ssh-keygen.1 ssh.1]
+     improve SSHFP documentation; ok deraadt@
 20040812
 - (dtucker) [sshd.c] Remove duplicate variable imported during sync.
@@ -1609,4 +1612,4 @@
   - (djm) Trim deprecated options from INSTALL. Mention UsePAM
   - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
-$Id: ChangeLog,v 1.3501 2004/08/13 11:21:47 dtucker Exp $
+$Id: ChangeLog,v 1.3502 2004/08/13 11:22:40 dtucker Exp $
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 6dd615428..824b6e09c 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: ssh-keygen.1,v 1.61 2003/12/22 09:16:58 djm Exp $
+.\"     $OpenBSD: ssh-keygen.1,v 1.62 2004/08/12 21:41:13 jakob Exp $
 .\"
 .\"  -*- nroff -*-
 .\"
@@ -192,7 +192,9 @@ to stdout.
 This option allows exporting keys for use by several commercial
 SSH implementations.
 .It Fl g
-Use generic DNS resource record format.
+Use generic DNS format when printing fingerprint resource records using the
+.Fl r 
+command.
 .It Fl f Ar filename
 Specifies the filename of the key file.
 .It Fl i
@@ -276,8 +278,9 @@ Multiple
 options increase the verbosity.
 The maximum is 3.
 .It Fl r Ar hostname
-Print DNS resource record with the specified
+Print the SSHFP fingerprint resource record named
-.Ar hostname .
+.Ar hostname
+for the specified public key file.
 .El
 .Sh MODULI GENERATION
 .Nm
diff --git a/ssh.1 b/ssh.1
index faaf20587..0ff77ea29 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.193 2004/06/26 09:03:21 jmc Exp $
+.\" $OpenBSD: ssh.1,v 1.194 2004/08/12 21:41:13 jakob Exp $
 .Dd September 25, 1999
 .Dt SSH 1
 .Os
@@ -400,6 +400,15 @@ The
 option can be used to prevent logins to machines whose
 host key is not known or has changed.
 .Pp
+.Nm
+can be configured to verify host identification using fingerprint resource
+records (SSHFP) published in DNS.
+The
+.Cm VerifyHostKeyDNS
+option can be used to control how DNS lookups are performed.
+SSHFP resource records can be generated using
+.Xr ssh-keygen 1 .
+.Pp
 The options are as follows:
 .Bl -tag -width Ds
 .It Fl 1
author	Darren Tucker <dtucker@zip.com.au>	2004-08-13 21:22:40 +1000
committer	Darren Tucker <dtucker@zip.com.au>	2004-08-13 21:22:40 +1000
commit	0b42e6d95b915309187281e968049cb61b750c69 (patch)
tree	f4ffcfbc81898172b512c4640e5acab28b43f4e6
parent	bcf279783add401b9c8384b68fc4c30fa1391a22 (diff)

diff --git a/ChangeLog b/ChangeLog index 01bcf22e6..53506beb8 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -12,6 +12,9 @@
12	- djm@cvs.openbsd.org 2004/08/12 09:18:24	12	- djm@cvs.openbsd.org 2004/08/12 09:18:24
13	[sshlogin.c]	13	[sshlogin.c]
14	typo in error message, spotted by moritz AT jodeit.org (Id sync only)	14	typo in error message, spotted by moritz AT jodeit.org (Id sync only)
		15	- jakob@cvs.openbsd.org 2004/08/12 21:41:13
		16	[ssh-keygen.1 ssh.1]
		17	improve SSHFP documentation; ok deraadt@
15		18
16	20040812	19	20040812
17	- (dtucker) [sshd.c] Remove duplicate variable imported during sync.	20	- (dtucker) [sshd.c] Remove duplicate variable imported during sync.
@@ -1609,4 +1612,4 @@
1609	- (djm) Trim deprecated options from INSTALL. Mention UsePAM	1612	- (djm) Trim deprecated options from INSTALL. Mention UsePAM
1610	- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu	1613	- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
1611		1614
1612	$Id: ChangeLog,v 1.3501 2004/08/13 11:21:47 dtucker Exp $	1615	$Id: ChangeLog,v 1.3502 2004/08/13 11:22:40 dtucker Exp $


diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 6dd615428..824b6e09c 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: ssh-keygen.1,v 1.61 2003/12/22 09:16:58 djm Exp $	1	.\" $OpenBSD: ssh-keygen.1,v 1.62 2004/08/12 21:41:13 jakob Exp $
2	.\"	2	.\"
3	.\" -- nroff --	3	.\" -- nroff --
4	.\"	4	.\"
@@ -192,7 +192,9 @@ to stdout.
192	This option allows exporting keys for use by several commercial	192	This option allows exporting keys for use by several commercial
193	SSH implementations.	193	SSH implementations.
194	.It Fl g	194	.It Fl g
195	Use generic DNS resource record format.	195	Use generic DNS format when printing fingerprint resource records using the
		196	.Fl r
		197	command.
196	.It Fl f Ar filename	198	.It Fl f Ar filename
197	Specifies the filename of the key file.	199	Specifies the filename of the key file.
198	.It Fl i	200	.It Fl i
@@ -276,8 +278,9 @@ Multiple
276	options increase the verbosity.	278	options increase the verbosity.
277	The maximum is 3.	279	The maximum is 3.
278	.It Fl r Ar hostname	280	.It Fl r Ar hostname
279	Print DNS resource record with the specified	281	Print the SSHFP fingerprint resource record named
280	.Ar hostname .	282	.Ar hostname
		283	for the specified public key file.
281	.El	284	.El
282	.Sh MODULI GENERATION	285	.Sh MODULI GENERATION
283	.Nm	286	.Nm


diff --git a/ssh.1 b/ssh.1 index faaf20587..0ff77ea29 100644 --- a/ssh.1 +++ b/ssh.1
@@ -34,7 +34,7 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: ssh.1,v 1.193 2004/06/26 09:03:21 jmc Exp $	37	.\" $OpenBSD: ssh.1,v 1.194 2004/08/12 21:41:13 jakob Exp $
38	.Dd September 25, 1999	38	.Dd September 25, 1999
39	.Dt SSH 1	39	.Dt SSH 1
40	.Os	40	.Os
@@ -400,6 +400,15 @@ The
400	option can be used to prevent logins to machines whose	400	option can be used to prevent logins to machines whose
401	host key is not known or has changed.	401	host key is not known or has changed.
402	.Pp	402	.Pp
		403	.Nm
		404	can be configured to verify host identification using fingerprint resource
		405	records (SSHFP) published in DNS.
		406	The
		407	.Cm VerifyHostKeyDNS
		408	option can be used to control how DNS lookups are performed.
		409	SSHFP resource records can be generated using
		410	.Xr ssh-keygen 1 .
		411	.Pp
403	The options are as follows:	412	The options are as follows:
404	.Bl -tag -width Ds	413	.Bl -tag -width Ds
405	.It Fl 1	414	.It Fl 1