- markus@cvs.openbsd.org 2010/02/08 10:50:20

[pathnames.h readconf.c readconf.h scp.1 sftp.1 ssh-add.1 ssh-add.c] [ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config.5] replace our obsolete smartcard code with PKCS#11. ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11 provider (shared library) while ssh-agent(1) delegates PKCS#11 to a forked a ssh-pkcs11-helper process. PKCS#11 is currently a compile time option. feedback and ok djm@; inspired by patches from Alon Bar-Lev `
author: Damien Miller <djm@mindrot.org> 2010-02-12 09:21:02 +1100
committer: Damien Miller <djm@mindrot.org> 2010-02-12 09:21:02 +1100
commit: 7ea845e48df6d34a333ebbe79380cba0938d02a5 (patch)
tree: 44ab0d3fdfe0560b7ca92f5747e9dd5d012aea18 /ssh.1
parent: 17751bcab25681d341442fdc2386a30a6bea345e (diff)
1 files changed, 7 insertions, 7 deletions
diff --git a/ssh.1 b/ssh.1
index 1ff2cce4d..97a2455ab 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,8 +34,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.290 2010/01/11 01:39:46 dtucker Exp $
+.\" $OpenBSD: ssh.1,v 1.291 2010/02/08 10:50:20 markus Exp $
-.Dd $Mdocdate: January 11 2010 $
+.Dd $Mdocdate: February 8 2010 $
 .Dt SSH 1
 .Os
 .Sh NAME
@@ -284,12 +284,12 @@ will wait for all remote port forwards to be successfully established
 before placing itself in the background.
 .It Fl g
 Allows remote hosts to connect to local forwarded ports.
-.It Fl I Ar smartcard_device
+.It Fl I Ar pkcs11
-Specify the device
+Specify the PKCS#11 shared libarary
 .Nm
-should use to communicate with a smartcard used for storing the user's
+should use to communicate with a PKCS#11 token used for storing the user's
 private RSA key.
-This option is only available if support for smartcard devices
+This option is only available if support for PKCS#11
 is compiled in (default is no support).
 .It Fl i Ar identity_file
 Selects a file from which the identity (private key) for
@@ -469,6 +469,7 @@ For full details of the options listed below, and their possible values, see
 .It NumberOfPasswordPrompts
 .It PasswordAuthentication
 .It PermitLocalCommand
+.It PKCS11Provider
 .It Port
 .It PreferredAuthentications
 .It Protocol
@@ -481,7 +482,6 @@ For full details of the options listed below, and their possible values, see
 .It SendEnv
 .It ServerAliveInterval
 .It ServerAliveCountMax
-.It SmartcardDevice
 .It StrictHostKeyChecking
 .It TCPKeepAlive
 .It Tunnel
author	Damien Miller <djm@mindrot.org>	2010-02-12 09:21:02 +1100
committer	Damien Miller <djm@mindrot.org>	2010-02-12 09:21:02 +1100
commit	7ea845e48df6d34a333ebbe79380cba0938d02a5 (patch)
tree	44ab0d3fdfe0560b7ca92f5747e9dd5d012aea18 /ssh.1
parent	17751bcab25681d341442fdc2386a30a6bea345e (diff)

diff --git a/ssh.1 b/ssh.1 index 1ff2cce4d..97a2455ab 100644 --- a/ssh.1 +++ b/ssh.1
@@ -34,8 +34,8 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: ssh.1,v 1.290 2010/01/11 01:39:46 dtucker Exp $	37	.\" $OpenBSD: ssh.1,v 1.291 2010/02/08 10:50:20 markus Exp $
38	.Dd $Mdocdate: January 11 2010 $	38	.Dd $Mdocdate: February 8 2010 $
39	.Dt SSH 1	39	.Dt SSH 1
40	.Os	40	.Os
41	.Sh NAME	41	.Sh NAME
@@ -284,12 +284,12 @@ will wait for all remote port forwards to be successfully established
284	before placing itself in the background.	284	before placing itself in the background.
285	.It Fl g	285	.It Fl g
286	Allows remote hosts to connect to local forwarded ports.	286	Allows remote hosts to connect to local forwarded ports.
287	.It Fl I Ar smartcard_device	287	.It Fl I Ar pkcs11
288	Specify the device	288	Specify the PKCS#11 shared libarary
289	.Nm	289	.Nm
290	should use to communicate with a smartcard used for storing the user's	290	should use to communicate with a PKCS#11 token used for storing the user's
291	private RSA key.	291	private RSA key.
292	This option is only available if support for smartcard devices	292	This option is only available if support for PKCS#11
293	is compiled in (default is no support).	293	is compiled in (default is no support).
294	.It Fl i Ar identity_file	294	.It Fl i Ar identity_file
295	Selects a file from which the identity (private key) for	295	Selects a file from which the identity (private key) for
@@ -469,6 +469,7 @@ For full details of the options listed below, and their possible values, see
469	.It NumberOfPasswordPrompts	469	.It NumberOfPasswordPrompts
470	.It PasswordAuthentication	470	.It PasswordAuthentication
471	.It PermitLocalCommand	471	.It PermitLocalCommand
		472	.It PKCS11Provider
472	.It Port	473	.It Port
473	.It PreferredAuthentications	474	.It PreferredAuthentications
474	.It Protocol	475	.It Protocol
@@ -481,7 +482,6 @@ For full details of the options listed below, and their possible values, see
481	.It SendEnv	482	.It SendEnv
482	.It ServerAliveInterval	483	.It ServerAliveInterval
483	.It ServerAliveCountMax	484	.It ServerAliveCountMax
484	.It SmartcardDevice
485	.It StrictHostKeyChecking	485	.It StrictHostKeyChecking
486	.It TCPKeepAlive	486	.It TCPKeepAlive
487	.It Tunnel	487	.It Tunnel