- naddy@cvs.openbsd.org 2010/09/10 15:19:29

[ssh-keygen.1] * mention ECDSA in more places * less repetition in FILES section * SSHv1 keys are still encrypted with 3DES help and ok jmc@
author: Damien Miller <djm@mindrot.org> 2010-09-24 22:00:54 +1000
committer: Damien Miller <djm@mindrot.org> 2010-09-24 22:00:54 +1000
commit: 6186bbc7fbdda96d8a5febba9e158fdf2f3f4db4 (patch)
tree: d6e5cf63b9d847d1a11c580e61e290e8dcd05532 /ssh-keygen.1
parent: 8ccb7392e7ea45d2997afdfa981a450c7db85211 (diff)
1 files changed, 17 insertions, 26 deletions
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 4b95a4e1c..b9700230b 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: ssh-keygen.1,v 1.99 2010/08/31 11:54:45 djm Exp $
+.\"     $OpenBSD: ssh-keygen.1,v 1.100 2010/09/10 15:19:29 naddy Exp $
 .\"
 .\"  -*- nroff -*-
 .\"
@@ -37,7 +37,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: August 31 2010 $
+.Dd $Mdocdate: September 10 2010 $
 .Dt SSH-KEYGEN 1
 .Os
 .Sh NAME
@@ -125,7 +125,7 @@
 generates, manages and converts authentication keys for
 .Xr ssh 1 .
 .Nm
-can create RSA keys for use by SSH protocol version 1 and RSA, DSA or ECDSA
+can create RSA keys for use by SSH protocol version 1 and DSA, ECDSA or RSA
 keys for use by SSH protocol version 2.
 The type of key to be generated is specified with the
 .Fl t
@@ -427,9 +427,10 @@ Specifies the type of key to create.
 The possible values are
 .Dq rsa1
 for protocol version 1 and
-.Dq rsa
+.Dq dsa ,
+.Dq ecdsa
 or
-.Dq dsa
+.Dq rsa
 for protocol version 2.
 .It Fl V Ar validity_interval
 Specify a validity interval when signing a certificate.
@@ -606,18 +607,19 @@ or
 .Xr ssh 1 .
 Please refer to those manual pages for details.
 .Sh FILES
-.Bl -tag -width Ds
+.Bl -tag -width Ds -compact
 .It Pa ~/.ssh/identity
 Contains the protocol version 1 RSA authentication identity of the user.
 This file should not be readable by anyone but the user.
 It is possible to
 specify a passphrase when generating the key; that passphrase will be
-used to encrypt the private part of this file using 128-bit AES.
+used to encrypt the private part of this file using 3DES.
 This file is not automatically accessed by
 .Nm
 but it is offered as the default file for the private key.
 .Xr ssh 1
 will read this file when a login attempt is made.
+.Pp
 .It Pa ~/.ssh/identity.pub
 Contains the protocol version 1 RSA public key for authentication.
 The contents of this file should be added to
@@ -625,26 +627,11 @@ The contents of this file should be added to
 on all machines
 where the user wishes to log in using RSA authentication.
 There is no need to keep the contents of this file secret.
+.Pp
 .It Pa ~/.ssh/id_dsa
-Contains the protocol version 2 DSA authentication identity of the user.
+.It Pa ~/.ssh/id_ecdsa
-This file should not be readable by anyone but the user.
-It is possible to
-specify a passphrase when generating the key; that passphrase will be
-used to encrypt the private part of this file using 128-bit AES.
-This file is not automatically accessed by
-.Nm
-but it is offered as the default file for the private key.
-.Xr ssh 1
-will read this file when a login attempt is made.
-.It Pa ~/.ssh/id_dsa.pub
-Contains the protocol version 2 DSA public key for authentication.
-The contents of this file should be added to
-.Pa ~/.ssh/authorized_keys
-on all machines
-where the user wishes to log in using public key authentication.
-There is no need to keep the contents of this file secret.
 .It Pa ~/.ssh/id_rsa
-Contains the protocol version 2 RSA authentication identity of the user.
+Contains the protocol version 2 DSA, ECDSA or RSA authentication identity of the user.
 This file should not be readable by anyone but the user.
 It is possible to
 specify a passphrase when generating the key; that passphrase will be
@@ -654,13 +641,17 @@ This file is not automatically accessed by
 but it is offered as the default file for the private key.
 .Xr ssh 1
 will read this file when a login attempt is made.
+.Pp
+.It Pa ~/.ssh/id_dsa.pub
+.It Pa ~/.ssh/id_ecdsa.pub
 .It Pa ~/.ssh/id_rsa.pub
-Contains the protocol version 2 RSA public key for authentication.
+Contains the protocol version 2 DSA, ECDSA or RSA public key for authentication.
 The contents of this file should be added to
 .Pa ~/.ssh/authorized_keys
 on all machines
 where the user wishes to log in using public key authentication.
 There is no need to keep the contents of this file secret.
+.Pp
 .It Pa /etc/moduli
 Contains Diffie-Hellman groups used for DH-GEX.
 The file format is described in
author	Damien Miller <djm@mindrot.org>	2010-09-24 22:00:54 +1000
committer	Damien Miller <djm@mindrot.org>	2010-09-24 22:00:54 +1000
commit	6186bbc7fbdda96d8a5febba9e158fdf2f3f4db4 (patch)
tree	d6e5cf63b9d847d1a11c580e61e290e8dcd05532 /ssh-keygen.1
parent	8ccb7392e7ea45d2997afdfa981a450c7db85211 (diff)

diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 4b95a4e1c..b9700230b 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: ssh-keygen.1,v 1.99 2010/08/31 11:54:45 djm Exp $	1	.\" $OpenBSD: ssh-keygen.1,v 1.100 2010/09/10 15:19:29 naddy Exp $
2	.\"	2	.\"
3	.\" -- nroff --	3	.\" -- nroff --
4	.\"	4	.\"
@@ -37,7 +37,7 @@
37	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	37	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
38	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	38	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
39	.\"	39	.\"
40	.Dd $Mdocdate: August 31 2010 $	40	.Dd $Mdocdate: September 10 2010 $
41	.Dt SSH-KEYGEN 1	41	.Dt SSH-KEYGEN 1
42	.Os	42	.Os
43	.Sh NAME	43	.Sh NAME
@@ -125,7 +125,7 @@
125	generates, manages and converts authentication keys for	125	generates, manages and converts authentication keys for
126	.Xr ssh 1 .	126	.Xr ssh 1 .
127	.Nm	127	.Nm
128	can create RSA keys for use by SSH protocol version 1 and RSA, DSA or ECDSA	128	can create RSA keys for use by SSH protocol version 1 and DSA, ECDSA or RSA
129	keys for use by SSH protocol version 2.	129	keys for use by SSH protocol version 2.
130	The type of key to be generated is specified with the	130	The type of key to be generated is specified with the
131	.Fl t	131	.Fl t
@@ -427,9 +427,10 @@ Specifies the type of key to create.
427	The possible values are	427	The possible values are
428	.Dq rsa1	428	.Dq rsa1
429	for protocol version 1 and	429	for protocol version 1 and
430	.Dq rsa	430	.Dq dsa ,
		431	.Dq ecdsa
431	or	432	or
432	.Dq dsa	433	.Dq rsa
433	for protocol version 2.	434	for protocol version 2.
434	.It Fl V Ar validity_interval	435	.It Fl V Ar validity_interval
435	Specify a validity interval when signing a certificate.	436	Specify a validity interval when signing a certificate.
@@ -606,18 +607,19 @@ or
606	.Xr ssh 1 .	607	.Xr ssh 1 .
607	Please refer to those manual pages for details.	608	Please refer to those manual pages for details.
608	.Sh FILES	609	.Sh FILES
609	.Bl -tag -width Ds	610	.Bl -tag -width Ds -compact
610	.It Pa ~/.ssh/identity	611	.It Pa ~/.ssh/identity
611	Contains the protocol version 1 RSA authentication identity of the user.	612	Contains the protocol version 1 RSA authentication identity of the user.
612	This file should not be readable by anyone but the user.	613	This file should not be readable by anyone but the user.
613	It is possible to	614	It is possible to
614	specify a passphrase when generating the key; that passphrase will be	615	specify a passphrase when generating the key; that passphrase will be
615	used to encrypt the private part of this file using 128-bit AES.	616	used to encrypt the private part of this file using 3DES.
616	This file is not automatically accessed by	617	This file is not automatically accessed by
617	.Nm	618	.Nm
618	but it is offered as the default file for the private key.	619	but it is offered as the default file for the private key.
619	.Xr ssh 1	620	.Xr ssh 1
620	will read this file when a login attempt is made.	621	will read this file when a login attempt is made.
		622	.Pp
621	.It Pa ~/.ssh/identity.pub	623	.It Pa ~/.ssh/identity.pub
622	Contains the protocol version 1 RSA public key for authentication.	624	Contains the protocol version 1 RSA public key for authentication.
623	The contents of this file should be added to	625	The contents of this file should be added to
@@ -625,26 +627,11 @@ The contents of this file should be added to
625	on all machines	627	on all machines
626	where the user wishes to log in using RSA authentication.	628	where the user wishes to log in using RSA authentication.
627	There is no need to keep the contents of this file secret.	629	There is no need to keep the contents of this file secret.
		630	.Pp
628	.It Pa ~/.ssh/id_dsa	631	.It Pa ~/.ssh/id_dsa
629	Contains the protocol version 2 DSA authentication identity of the user.	632	.It Pa ~/.ssh/id_ecdsa
630	This file should not be readable by anyone but the user.
631	It is possible to
632	specify a passphrase when generating the key; that passphrase will be
633	used to encrypt the private part of this file using 128-bit AES.
634	This file is not automatically accessed by
635	.Nm
636	but it is offered as the default file for the private key.
637	.Xr ssh 1
638	will read this file when a login attempt is made.
639	.It Pa ~/.ssh/id_dsa.pub
640	Contains the protocol version 2 DSA public key for authentication.
641	The contents of this file should be added to
642	.Pa ~/.ssh/authorized_keys
643	on all machines
644	where the user wishes to log in using public key authentication.
645	There is no need to keep the contents of this file secret.
646	.It Pa ~/.ssh/id_rsa	633	.It Pa ~/.ssh/id_rsa
647	Contains the protocol version 2 RSA authentication identity of the user.	634	Contains the protocol version 2 DSA, ECDSA or RSA authentication identity of the user.
648	This file should not be readable by anyone but the user.	635	This file should not be readable by anyone but the user.
649	It is possible to	636	It is possible to
650	specify a passphrase when generating the key; that passphrase will be	637	specify a passphrase when generating the key; that passphrase will be
@@ -654,13 +641,17 @@ This file is not automatically accessed by
654	but it is offered as the default file for the private key.	641	but it is offered as the default file for the private key.
655	.Xr ssh 1	642	.Xr ssh 1
656	will read this file when a login attempt is made.	643	will read this file when a login attempt is made.
		644	.Pp
		645	.It Pa ~/.ssh/id_dsa.pub
		646	.It Pa ~/.ssh/id_ecdsa.pub
657	.It Pa ~/.ssh/id_rsa.pub	647	.It Pa ~/.ssh/id_rsa.pub
658	Contains the protocol version 2 RSA public key for authentication.	648	Contains the protocol version 2 DSA, ECDSA or RSA public key for authentication.
659	The contents of this file should be added to	649	The contents of this file should be added to
660	.Pa ~/.ssh/authorized_keys	650	.Pa ~/.ssh/authorized_keys
661	on all machines	651	on all machines
662	where the user wishes to log in using public key authentication.	652	where the user wishes to log in using public key authentication.
663	There is no need to keep the contents of this file secret.	653	There is no need to keep the contents of this file secret.
		654	.Pp
664	.It Pa /etc/moduli	655	.It Pa /etc/moduli
665	Contains Diffie-Hellman groups used for DH-GEX.	656	Contains Diffie-Hellman groups used for DH-GEX.
666	The file format is described in	657	The file format is described in