diff options
author | naddy@openbsd.org <naddy@openbsd.org> | 2019-11-07 08:38:38 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-11-08 14:09:32 +1100 |
commit | aa4c640dc362816d63584a16e786d5e314e24390 (patch) | |
tree | ff9a6015ea0de5579d49d66d42590d93887fd7aa /ssh.1 | |
parent | b236b27d6dada7f0542214003632b4e9b7aa1380 (diff) |
upstream: Fill in missing man page bits for U2F security key support:
Mention the new key types, the ~/.ssh/id_ecdsa_sk file, ssh's
SecurityKeyProvider keyword, the SSH_SK_PROVIDER environment variable,
and ssh-keygen's new -w and -x options.
Copy the ssh-sk-helper man page from ssh-pkcs11-helper with minimal
substitutions.
ok djm@
OpenBSD-Commit-ID: ef2e8f83d0c0ce11ad9b8c28945747e5ca337ac4
Diffstat (limited to 'ssh.1')
-rw-r--r-- | ssh.1 | 17 |
1 files changed, 15 insertions, 2 deletions
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: ssh.1,v 1.403 2019/06/12 11:31:50 jmc Exp $ | 36 | .\" $OpenBSD: ssh.1,v 1.404 2019/11/07 08:38:38 naddy Exp $ |
37 | .Dd $Mdocdate: June 12 2019 $ | 37 | .Dd $Mdocdate: November 7 2019 $ |
38 | .Dt SSH 1 | 38 | .Dt SSH 1 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -279,6 +279,7 @@ public key authentication is read. | |||
279 | The default is | 279 | The default is |
280 | .Pa ~/.ssh/id_dsa , | 280 | .Pa ~/.ssh/id_dsa , |
281 | .Pa ~/.ssh/id_ecdsa , | 281 | .Pa ~/.ssh/id_ecdsa , |
282 | .Pa ~/.ssh/id_ecdsa_sk , | ||
282 | .Pa ~/.ssh/id_ed25519 | 283 | .Pa ~/.ssh/id_ed25519 |
283 | and | 284 | and |
284 | .Pa ~/.ssh/id_rsa . | 285 | .Pa ~/.ssh/id_rsa . |
@@ -896,6 +897,8 @@ This stores the private key in | |||
896 | (DSA), | 897 | (DSA), |
897 | .Pa ~/.ssh/id_ecdsa | 898 | .Pa ~/.ssh/id_ecdsa |
898 | (ECDSA), | 899 | (ECDSA), |
900 | .Pa ~/.ssh/id_ecdsa_sk | ||
901 | (security key-hosted ECDSA), | ||
899 | .Pa ~/.ssh/id_ed25519 | 902 | .Pa ~/.ssh/id_ed25519 |
900 | (Ed25519), | 903 | (Ed25519), |
901 | or | 904 | or |
@@ -906,6 +909,8 @@ and stores the public key in | |||
906 | (DSA), | 909 | (DSA), |
907 | .Pa ~/.ssh/id_ecdsa.pub | 910 | .Pa ~/.ssh/id_ecdsa.pub |
908 | (ECDSA), | 911 | (ECDSA), |
912 | .Pa ~/.ssh/id_ecdsa_sk.pub | ||
913 | (security key-hosted ECDSA), | ||
909 | .Pa ~/.ssh/id_ed25519.pub | 914 | .Pa ~/.ssh/id_ed25519.pub |
910 | (Ed25519), | 915 | (Ed25519), |
911 | or | 916 | or |
@@ -1324,6 +1329,12 @@ More permanent VPNs are better provided by tools such as | |||
1324 | and | 1329 | and |
1325 | .Xr isakmpd 8 . | 1330 | .Xr isakmpd 8 . |
1326 | .Sh ENVIRONMENT | 1331 | .Sh ENVIRONMENT |
1332 | .Bl -tag -width "SSH_ORIGINAL_COMMAND" | ||
1333 | .It Ev SSH_SK_PROVIDER | ||
1334 | Specifies the path to a security key provider library used to interact with | ||
1335 | hardware security keys. | ||
1336 | .Pp | ||
1337 | .El | ||
1327 | .Nm | 1338 | .Nm |
1328 | will normally set the following environment variables: | 1339 | will normally set the following environment variables: |
1329 | .Bl -tag -width "SSH_ORIGINAL_COMMAND" | 1340 | .Bl -tag -width "SSH_ORIGINAL_COMMAND" |
@@ -1484,6 +1495,7 @@ above. | |||
1484 | .Pp | 1495 | .Pp |
1485 | .It Pa ~/.ssh/id_dsa | 1496 | .It Pa ~/.ssh/id_dsa |
1486 | .It Pa ~/.ssh/id_ecdsa | 1497 | .It Pa ~/.ssh/id_ecdsa |
1498 | .It Pa ~/.ssh/id_ecdsa_sk | ||
1487 | .It Pa ~/.ssh/id_ed25519 | 1499 | .It Pa ~/.ssh/id_ed25519 |
1488 | .It Pa ~/.ssh/id_rsa | 1500 | .It Pa ~/.ssh/id_rsa |
1489 | Contains the private key for authentication. | 1501 | Contains the private key for authentication. |
@@ -1498,6 +1510,7 @@ sensitive part of this file using AES-128. | |||
1498 | .Pp | 1510 | .Pp |
1499 | .It Pa ~/.ssh/id_dsa.pub | 1511 | .It Pa ~/.ssh/id_dsa.pub |
1500 | .It Pa ~/.ssh/id_ecdsa.pub | 1512 | .It Pa ~/.ssh/id_ecdsa.pub |
1513 | .It Pa ~/.ssh/id_ecdsa_sk.pub | ||
1501 | .It Pa ~/.ssh/id_ed25519.pub | 1514 | .It Pa ~/.ssh/id_ed25519.pub |
1502 | .It Pa ~/.ssh/id_rsa.pub | 1515 | .It Pa ~/.ssh/id_rsa.pub |
1503 | Contains the public key for authentication. | 1516 | Contains the public key for authentication. |