summaryrefslogtreecommitdiff
path: root/ssh.1
diff options
context:
space:
mode:
authornaddy@openbsd.org <naddy@openbsd.org>2019-11-07 08:38:38 +0000
committerDamien Miller <djm@mindrot.org>2019-11-08 14:09:32 +1100
commitaa4c640dc362816d63584a16e786d5e314e24390 (patch)
treeff9a6015ea0de5579d49d66d42590d93887fd7aa /ssh.1
parentb236b27d6dada7f0542214003632b4e9b7aa1380 (diff)
upstream: Fill in missing man page bits for U2F security key support:
Mention the new key types, the ~/.ssh/id_ecdsa_sk file, ssh's SecurityKeyProvider keyword, the SSH_SK_PROVIDER environment variable, and ssh-keygen's new -w and -x options. Copy the ssh-sk-helper man page from ssh-pkcs11-helper with minimal substitutions. ok djm@ OpenBSD-Commit-ID: ef2e8f83d0c0ce11ad9b8c28945747e5ca337ac4
Diffstat (limited to 'ssh.1')
-rw-r--r--ssh.117
1 files changed, 15 insertions, 2 deletions
diff --git a/ssh.1 b/ssh.1
index 424d6c3e8..e2666fa56 100644
--- a/ssh.1
+++ b/ssh.1
@@ -33,8 +33,8 @@
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\" 35.\"
36.\" $OpenBSD: ssh.1,v 1.403 2019/06/12 11:31:50 jmc Exp $ 36.\" $OpenBSD: ssh.1,v 1.404 2019/11/07 08:38:38 naddy Exp $
37.Dd $Mdocdate: June 12 2019 $ 37.Dd $Mdocdate: November 7 2019 $
38.Dt SSH 1 38.Dt SSH 1
39.Os 39.Os
40.Sh NAME 40.Sh NAME
@@ -279,6 +279,7 @@ public key authentication is read.
279The default is 279The default is
280.Pa ~/.ssh/id_dsa , 280.Pa ~/.ssh/id_dsa ,
281.Pa ~/.ssh/id_ecdsa , 281.Pa ~/.ssh/id_ecdsa ,
282.Pa ~/.ssh/id_ecdsa_sk ,
282.Pa ~/.ssh/id_ed25519 283.Pa ~/.ssh/id_ed25519
283and 284and
284.Pa ~/.ssh/id_rsa . 285.Pa ~/.ssh/id_rsa .
@@ -896,6 +897,8 @@ This stores the private key in
896(DSA), 897(DSA),
897.Pa ~/.ssh/id_ecdsa 898.Pa ~/.ssh/id_ecdsa
898(ECDSA), 899(ECDSA),
900.Pa ~/.ssh/id_ecdsa_sk
901(security key-hosted ECDSA),
899.Pa ~/.ssh/id_ed25519 902.Pa ~/.ssh/id_ed25519
900(Ed25519), 903(Ed25519),
901or 904or
@@ -906,6 +909,8 @@ and stores the public key in
906(DSA), 909(DSA),
907.Pa ~/.ssh/id_ecdsa.pub 910.Pa ~/.ssh/id_ecdsa.pub
908(ECDSA), 911(ECDSA),
912.Pa ~/.ssh/id_ecdsa_sk.pub
913(security key-hosted ECDSA),
909.Pa ~/.ssh/id_ed25519.pub 914.Pa ~/.ssh/id_ed25519.pub
910(Ed25519), 915(Ed25519),
911or 916or
@@ -1324,6 +1329,12 @@ More permanent VPNs are better provided by tools such as
1324and 1329and
1325.Xr isakmpd 8 . 1330.Xr isakmpd 8 .
1326.Sh ENVIRONMENT 1331.Sh ENVIRONMENT
1332.Bl -tag -width "SSH_ORIGINAL_COMMAND"
1333.It Ev SSH_SK_PROVIDER
1334Specifies the path to a security key provider library used to interact with
1335hardware security keys.
1336.Pp
1337.El
1327.Nm 1338.Nm
1328will normally set the following environment variables: 1339will normally set the following environment variables:
1329.Bl -tag -width "SSH_ORIGINAL_COMMAND" 1340.Bl -tag -width "SSH_ORIGINAL_COMMAND"
@@ -1484,6 +1495,7 @@ above.
1484.Pp 1495.Pp
1485.It Pa ~/.ssh/id_dsa 1496.It Pa ~/.ssh/id_dsa
1486.It Pa ~/.ssh/id_ecdsa 1497.It Pa ~/.ssh/id_ecdsa
1498.It Pa ~/.ssh/id_ecdsa_sk
1487.It Pa ~/.ssh/id_ed25519 1499.It Pa ~/.ssh/id_ed25519
1488.It Pa ~/.ssh/id_rsa 1500.It Pa ~/.ssh/id_rsa
1489Contains the private key for authentication. 1501Contains the private key for authentication.
@@ -1498,6 +1510,7 @@ sensitive part of this file using AES-128.
1498.Pp 1510.Pp
1499.It Pa ~/.ssh/id_dsa.pub 1511.It Pa ~/.ssh/id_dsa.pub
1500.It Pa ~/.ssh/id_ecdsa.pub 1512.It Pa ~/.ssh/id_ecdsa.pub
1513.It Pa ~/.ssh/id_ecdsa_sk.pub
1501.It Pa ~/.ssh/id_ed25519.pub 1514.It Pa ~/.ssh/id_ed25519.pub
1502.It Pa ~/.ssh/id_rsa.pub 1515.It Pa ~/.ssh/id_rsa.pub
1503Contains the public key for authentication. 1516Contains the public key for authentication.