diff options
author | Damien Miller <djm@mindrot.org> | 2010-02-12 09:21:02 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2010-02-12 09:21:02 +1100 |
commit | 7ea845e48df6d34a333ebbe79380cba0938d02a5 (patch) | |
tree | 44ab0d3fdfe0560b7ca92f5747e9dd5d012aea18 /ssh.1 | |
parent | 17751bcab25681d341442fdc2386a30a6bea345e (diff) |
- markus@cvs.openbsd.org 2010/02/08 10:50:20
[pathnames.h readconf.c readconf.h scp.1 sftp.1 ssh-add.1 ssh-add.c]
[ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config.5]
replace our obsolete smartcard code with PKCS#11.
ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf
ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11
provider (shared library) while ssh-agent(1) delegates PKCS#11 to
a forked a ssh-pkcs11-helper process.
PKCS#11 is currently a compile time option.
feedback and ok djm@; inspired by patches from Alon Bar-Lev
`
Diffstat (limited to 'ssh.1')
-rw-r--r-- | ssh.1 | 14 |
1 files changed, 7 insertions, 7 deletions
@@ -34,8 +34,8 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: ssh.1,v 1.290 2010/01/11 01:39:46 dtucker Exp $ | 37 | .\" $OpenBSD: ssh.1,v 1.291 2010/02/08 10:50:20 markus Exp $ |
38 | .Dd $Mdocdate: January 11 2010 $ | 38 | .Dd $Mdocdate: February 8 2010 $ |
39 | .Dt SSH 1 | 39 | .Dt SSH 1 |
40 | .Os | 40 | .Os |
41 | .Sh NAME | 41 | .Sh NAME |
@@ -284,12 +284,12 @@ will wait for all remote port forwards to be successfully established | |||
284 | before placing itself in the background. | 284 | before placing itself in the background. |
285 | .It Fl g | 285 | .It Fl g |
286 | Allows remote hosts to connect to local forwarded ports. | 286 | Allows remote hosts to connect to local forwarded ports. |
287 | .It Fl I Ar smartcard_device | 287 | .It Fl I Ar pkcs11 |
288 | Specify the device | 288 | Specify the PKCS#11 shared libarary |
289 | .Nm | 289 | .Nm |
290 | should use to communicate with a smartcard used for storing the user's | 290 | should use to communicate with a PKCS#11 token used for storing the user's |
291 | private RSA key. | 291 | private RSA key. |
292 | This option is only available if support for smartcard devices | 292 | This option is only available if support for PKCS#11 |
293 | is compiled in (default is no support). | 293 | is compiled in (default is no support). |
294 | .It Fl i Ar identity_file | 294 | .It Fl i Ar identity_file |
295 | Selects a file from which the identity (private key) for | 295 | Selects a file from which the identity (private key) for |
@@ -469,6 +469,7 @@ For full details of the options listed below, and their possible values, see | |||
469 | .It NumberOfPasswordPrompts | 469 | .It NumberOfPasswordPrompts |
470 | .It PasswordAuthentication | 470 | .It PasswordAuthentication |
471 | .It PermitLocalCommand | 471 | .It PermitLocalCommand |
472 | .It PKCS11Provider | ||
472 | .It Port | 473 | .It Port |
473 | .It PreferredAuthentications | 474 | .It PreferredAuthentications |
474 | .It Protocol | 475 | .It Protocol |
@@ -481,7 +482,6 @@ For full details of the options listed below, and their possible values, see | |||
481 | .It SendEnv | 482 | .It SendEnv |
482 | .It ServerAliveInterval | 483 | .It ServerAliveInterval |
483 | .It ServerAliveCountMax | 484 | .It ServerAliveCountMax |
484 | .It SmartcardDevice | ||
485 | .It StrictHostKeyChecking | 485 | .It StrictHostKeyChecking |
486 | .It TCPKeepAlive | 486 | .It TCPKeepAlive |
487 | .It Tunnel | 487 | .It Tunnel |