- jmc@cvs.openbsd.org 2010/02/26 22:09:28

[ssh-keygen.1 ssh.1 sshd.8] tweak previous;
author: Damien Miller <djm@mindrot.org> 2010-03-03 10:25:21 +1100
committer: Damien Miller <djm@mindrot.org> 2010-03-03 10:25:21 +1100
commit: 15f5b560b1542fa087d7462be416616104ab0be8 (patch)
tree: 6eee7518f58857bd10120a3742c4a4381e1dca0d
parent: 25b97dd454600dde697634c1c871a97f64045d5f (diff)
4 files changed, 27 insertions, 21 deletions
diff --git a/ChangeLog b/ChangeLog
index c8b36eb15..aad1cd29b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,9 @@
 20100303
 - (djm) [PROTOCOL.certkeys] Add RCS Ident
+ - OpenBSD CVS Sync
+   - jmc@cvs.openbsd.org 2010/02/26 22:09:28
+     [ssh-keygen.1 ssh.1 sshd.8]
+     tweak previous;
 20100302
 - (tim) [config.guess config.sub] Bug 1722: Update to latest versions from
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 772caf7ad..d704f0660 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: ssh-keygen.1,v 1.84 2010/02/26 20:29:54 djm Exp $
+.\"     $OpenBSD: ssh-keygen.1,v 1.85 2010/02/26 22:09:28 jmc Exp $
 .\"
 .\"  -*- nroff -*-
 .\"
@@ -107,6 +107,7 @@
 .Op Fl a Ar num_trials
 .Op Fl W Ar generator
 .Nm ssh-keygen
+.Bk -words
 .Fl s Ar ca_key
 .Fl I Ar certificate_identity
 .Op Fl h
@@ -114,6 +115,7 @@
 .Op Fl O Ar constraint
 .Op Fl V Ar validity_interval
 .Ar
+.Ek
 .Sh DESCRIPTION
 .Nm
 generates, manages and converts authentication keys for
@@ -259,7 +261,7 @@ certificate.
 Please see the
 .Sx CERTIFICATES
 section for details.
-.It Fl I
+.It Fl I Ar certificate_identity
 Specify the key identity when signing a public key.
 Please see the
 .Sx CERTIFICATES
@@ -303,21 +305,21 @@ section for details.
 The constraints that are valid for user certificates are:
 .Bl -tag -width Ds
 .It Ic no-x11-forwarding
-Disable X11 forwarding. (permitted by default)
+Disable X11 forwarding (permitted by default).
 .It Ic no-agent-forwarding
 Disable
 .Xr ssh-agent 1
-forwarding. (permitted by default)
+forwarding (permitted by default).
 .It Ic no-port-forwarding
-Disable port forwarding. (permitted by default)
+Disable port forwarding (permitted by default).
 .It Ic no-pty
-Disable PTY allocation. (permitted by default)
+Disable PTY allocation (permitted by default).
 .It Ic no-user-rc
 Disable execution of
 .Pa ~/.ssh/rc
 by
-.Xr sshd 8 .
+.Xr sshd 8
-(permitted by default)
+(permitted by default).
 .It Ic clear
 Clear all enabled permissions.
 This is useful for clearing the default set of permissions so permissions may
@@ -504,7 +506,8 @@ the X.509 certificates used in
 .Nm
 supports two types of certificates: user and host.
 User certificates authenticate users to servers, whereas host certificates
-authenticate server hosts to users. To generate a user certificate:
+authenticate server hosts to users.
+To generate a user certificate:
 .Pp
 .Dl $ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub
 .Pp
diff --git a/ssh.1 b/ssh.1
index 7d8f92aba..183dc277f 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.295 2010/02/26 20:29:54 djm Exp $
+.\" $OpenBSD: ssh.1,v 1.296 2010/02/26 22:09:28 jmc Exp $
 .Dd $Mdocdate: February 26 2010 $
 .Dt SSH 1
 .Os
@@ -1121,7 +1121,6 @@ See the
 section of
 .Xr ssh-keygen 1
 for more details.
-.Pp
 .Sh SSH-BASED VIRTUAL PRIVATE NETWORKS
 .Nm
 contains support for Virtual Private Network (VPN) tunnelling
diff --git a/sshd.8 b/sshd.8
index fcd5195db..88a86f958 100644
--- a/sshd.8
+++ b/sshd.8
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.251 2010/02/26 20:29:54 djm Exp $
+.\" $OpenBSD: sshd.8,v 1.252 2010/02/26 22:09:28 jmc Exp $
 .Dd $Mdocdate: February 26 2010 $
 .Dt SSHD 8
 .Os
@@ -102,15 +102,6 @@ to use IPv6 addresses only.
 .It Fl b Ar bits
 Specifies the number of bits in the ephemeral protocol version 1
 server key (default 1024).
-.It Fl c Ar host_certificate_file
-Specifies a path to a certificate file to identify
-.Nm
-during key exchange.
-The certificate file must match a host key file specified using the
-.Fl -h
-option or the
-.Cm HostKey
-configuration directive.
 .It Fl C Ar connection_spec
 Specify the connection parameters to use for the
 .Fl T
@@ -129,6 +120,15 @@ and
 All are required and may be supplied in any order, either with multiple
 .Fl C
 options or as a comma-separated list.
+.It Fl c Ar host_certificate_file
+Specifies a path to a certificate file to identify
+.Nm
+during key exchange.
+The certificate file must match a host key file specified using the
+.Fl h
+option or the
+.Cm HostKey
+configuration directive.
 .It Fl D
 When this option is specified,
 .Nm
author	Damien Miller <djm@mindrot.org>	2010-03-03 10:25:21 +1100
committer	Damien Miller <djm@mindrot.org>	2010-03-03 10:25:21 +1100
commit	15f5b560b1542fa087d7462be416616104ab0be8 (patch)
tree	6eee7518f58857bd10120a3742c4a4381e1dca0d
parent	25b97dd454600dde697634c1c871a97f64045d5f (diff)

diff --git a/ChangeLog b/ChangeLog index c8b36eb15..aad1cd29b 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -1,5 +1,9 @@
1	20100303	1	20100303
2	- (djm) [PROTOCOL.certkeys] Add RCS Ident	2	- (djm) [PROTOCOL.certkeys] Add RCS Ident
		3	- OpenBSD CVS Sync
		4	- jmc@cvs.openbsd.org 2010/02/26 22:09:28
		5	[ssh-keygen.1 ssh.1 sshd.8]
		6	tweak previous;
3		7
4	20100302	8	20100302
5	- (tim) [config.guess config.sub] Bug 1722: Update to latest versions from	9	- (tim) [config.guess config.sub] Bug 1722: Update to latest versions from


diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 772caf7ad..d704f0660 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: ssh-keygen.1,v 1.84 2010/02/26 20:29:54 djm Exp $	1	.\" $OpenBSD: ssh-keygen.1,v 1.85 2010/02/26 22:09:28 jmc Exp $
2	.\"	2	.\"
3	.\" -- nroff --	3	.\" -- nroff --
4	.\"	4	.\"
@@ -107,6 +107,7 @@
107	.Op Fl a Ar num_trials	107	.Op Fl a Ar num_trials
108	.Op Fl W Ar generator	108	.Op Fl W Ar generator
109	.Nm ssh-keygen	109	.Nm ssh-keygen
		110	.Bk -words
110	.Fl s Ar ca_key	111	.Fl s Ar ca_key
111	.Fl I Ar certificate_identity	112	.Fl I Ar certificate_identity
112	.Op Fl h	113	.Op Fl h
@@ -114,6 +115,7 @@
114	.Op Fl O Ar constraint	115	.Op Fl O Ar constraint
115	.Op Fl V Ar validity_interval	116	.Op Fl V Ar validity_interval
116	.Ar	117	.Ar
		118	.Ek
117	.Sh DESCRIPTION	119	.Sh DESCRIPTION
118	.Nm	120	.Nm
119	generates, manages and converts authentication keys for	121	generates, manages and converts authentication keys for
@@ -259,7 +261,7 @@ certificate.
259	Please see the	261	Please see the
260	.Sx CERTIFICATES	262	.Sx CERTIFICATES
261	section for details.	263	section for details.
262	.It Fl I	264	.It Fl I Ar certificate_identity
263	Specify the key identity when signing a public key.	265	Specify the key identity when signing a public key.
264	Please see the	266	Please see the
265	.Sx CERTIFICATES	267	.Sx CERTIFICATES
@@ -303,21 +305,21 @@ section for details.
303	The constraints that are valid for user certificates are:	305	The constraints that are valid for user certificates are:
304	.Bl -tag -width Ds	306	.Bl -tag -width Ds
305	.It Ic no-x11-forwarding	307	.It Ic no-x11-forwarding
306	Disable X11 forwarding. (permitted by default)	308	Disable X11 forwarding (permitted by default).
307	.It Ic no-agent-forwarding	309	.It Ic no-agent-forwarding
308	Disable	310	Disable
309	.Xr ssh-agent 1	311	.Xr ssh-agent 1
310	forwarding. (permitted by default)	312	forwarding (permitted by default).
311	.It Ic no-port-forwarding	313	.It Ic no-port-forwarding
312	Disable port forwarding. (permitted by default)	314	Disable port forwarding (permitted by default).
313	.It Ic no-pty	315	.It Ic no-pty
314	Disable PTY allocation. (permitted by default)	316	Disable PTY allocation (permitted by default).
315	.It Ic no-user-rc	317	.It Ic no-user-rc
316	Disable execution of	318	Disable execution of
317	.Pa ~/.ssh/rc	319	.Pa ~/.ssh/rc
318	by	320	by
319	.Xr sshd 8 .	321	.Xr sshd 8
320	(permitted by default)	322	(permitted by default).
321	.It Ic clear	323	.It Ic clear
322	Clear all enabled permissions.	324	Clear all enabled permissions.
323	This is useful for clearing the default set of permissions so permissions may	325	This is useful for clearing the default set of permissions so permissions may
@@ -504,7 +506,8 @@ the X.509 certificates used in
504	.Nm	506	.Nm
505	supports two types of certificates: user and host.	507	supports two types of certificates: user and host.
506	User certificates authenticate users to servers, whereas host certificates	508	User certificates authenticate users to servers, whereas host certificates
507	authenticate server hosts to users. To generate a user certificate:	509	authenticate server hosts to users.
		510	To generate a user certificate:
508	.Pp	511	.Pp
509	.Dl $ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub	512	.Dl $ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub
510	.Pp	513	.Pp


diff --git a/ssh.1 b/ssh.1 index 7d8f92aba..183dc277f 100644 --- a/ssh.1 +++ b/ssh.1
@@ -34,7 +34,7 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: ssh.1,v 1.295 2010/02/26 20:29:54 djm Exp $	37	.\" $OpenBSD: ssh.1,v 1.296 2010/02/26 22:09:28 jmc Exp $
38	.Dd $Mdocdate: February 26 2010 $	38	.Dd $Mdocdate: February 26 2010 $
39	.Dt SSH 1	39	.Dt SSH 1
40	.Os	40	.Os
@@ -1121,7 +1121,6 @@ See the
1121	section of	1121	section of
1122	.Xr ssh-keygen 1	1122	.Xr ssh-keygen 1
1123	for more details.	1123	for more details.
1124	.Pp
1125	.Sh SSH-BASED VIRTUAL PRIVATE NETWORKS	1124	.Sh SSH-BASED VIRTUAL PRIVATE NETWORKS
1126	.Nm	1125	.Nm
1127	contains support for Virtual Private Network (VPN) tunnelling	1126	contains support for Virtual Private Network (VPN) tunnelling


diff --git a/sshd.8 b/sshd.8 index fcd5195db..88a86f958 100644 --- a/sshd.8 +++ b/sshd.8
@@ -34,7 +34,7 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: sshd.8,v 1.251 2010/02/26 20:29:54 djm Exp $	37	.\" $OpenBSD: sshd.8,v 1.252 2010/02/26 22:09:28 jmc Exp $
38	.Dd $Mdocdate: February 26 2010 $	38	.Dd $Mdocdate: February 26 2010 $
39	.Dt SSHD 8	39	.Dt SSHD 8
40	.Os	40	.Os
@@ -102,15 +102,6 @@ to use IPv6 addresses only.
102	.It Fl b Ar bits	102	.It Fl b Ar bits
103	Specifies the number of bits in the ephemeral protocol version 1	103	Specifies the number of bits in the ephemeral protocol version 1
104	server key (default 1024).	104	server key (default 1024).
105	.It Fl c Ar host_certificate_file
106	Specifies a path to a certificate file to identify
107	.Nm
108	during key exchange.
109	The certificate file must match a host key file specified using the
110	.Fl -h
111	option or the
112	.Cm HostKey
113	configuration directive.
114	.It Fl C Ar connection_spec	105	.It Fl C Ar connection_spec
115	Specify the connection parameters to use for the	106	Specify the connection parameters to use for the
116	.Fl T	107	.Fl T
@@ -129,6 +120,15 @@ and
129	All are required and may be supplied in any order, either with multiple	120	All are required and may be supplied in any order, either with multiple
130	.Fl C	121	.Fl C
131	options or as a comma-separated list.	122	options or as a comma-separated list.
		123	.It Fl c Ar host_certificate_file
		124	Specifies a path to a certificate file to identify
		125	.Nm
		126	during key exchange.
		127	The certificate file must match a host key file specified using the
		128	.Fl h
		129	option or the
		130	.Cm HostKey
		131	configuration directive.
132	.It Fl D	132	.It Fl D
133	When this option is specified,	133	When this option is specified,
134	.Nm	134	.Nm