diff options
author | naddy@openbsd.org <naddy@openbsd.org> | 2019-11-07 08:38:38 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2019-11-08 14:09:32 +1100 |
commit | aa4c640dc362816d63584a16e786d5e314e24390 (patch) | |
tree | ff9a6015ea0de5579d49d66d42590d93887fd7aa /ssh_config.5 | |
parent | b236b27d6dada7f0542214003632b4e9b7aa1380 (diff) |
upstream: Fill in missing man page bits for U2F security key support:
Mention the new key types, the ~/.ssh/id_ecdsa_sk file, ssh's
SecurityKeyProvider keyword, the SSH_SK_PROVIDER environment variable,
and ssh-keygen's new -w and -x options.
Copy the ssh-sk-helper man page from ssh-pkcs11-helper with minimal
substitutions.
ok djm@
OpenBSD-Commit-ID: ef2e8f83d0c0ce11ad9b8c28945747e5ca337ac4
Diffstat (limited to 'ssh_config.5')
-rw-r--r-- | ssh_config.5 | 31 |
1 files changed, 23 insertions, 8 deletions
diff --git a/ssh_config.5 b/ssh_config.5 index 02a87892d..ad016470c 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: ssh_config.5,v 1.304 2019/09/13 04:52:34 djm Exp $ | 36 | .\" $OpenBSD: ssh_config.5,v 1.305 2019/11/07 08:38:38 naddy Exp $ |
37 | .Dd $Mdocdate: September 13 2019 $ | 37 | .Dd $Mdocdate: November 7 2019 $ |
38 | .Dt SSH_CONFIG 5 | 38 | .Dt SSH_CONFIG 5 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -381,7 +381,9 @@ flag to | |||
381 | via | 381 | via |
382 | .Xr ssh-agent 1 , | 382 | .Xr ssh-agent 1 , |
383 | or via a | 383 | or via a |
384 | .Cm PKCS11Provider . | 384 | .Cm PKCS11Provider |
385 | or | ||
386 | .Cm SecurityKeyProvider . | ||
385 | .Pp | 387 | .Pp |
386 | Arguments to | 388 | Arguments to |
387 | .Cm CertificateFile | 389 | .Cm CertificateFile |
@@ -808,7 +810,8 @@ ecdsa-sha2-nistp256-cert-v01@openssh.com, | |||
808 | ecdsa-sha2-nistp384-cert-v01@openssh.com, | 810 | ecdsa-sha2-nistp384-cert-v01@openssh.com, |
809 | ecdsa-sha2-nistp521-cert-v01@openssh.com, | 811 | ecdsa-sha2-nistp521-cert-v01@openssh.com, |
810 | ssh-ed25519-cert-v01@openssh.com, | 812 | ssh-ed25519-cert-v01@openssh.com, |
811 | rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com, | 813 | rsa-sha2-512-cert-v01@openssh.com, |
814 | rsa-sha2-256-cert-v01@openssh.com, | ||
812 | ssh-rsa-cert-v01@openssh.com, | 815 | ssh-rsa-cert-v01@openssh.com, |
813 | ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, | 816 | ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, |
814 | ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa | 817 | ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa |
@@ -840,7 +843,8 @@ ecdsa-sha2-nistp256-cert-v01@openssh.com, | |||
840 | ecdsa-sha2-nistp384-cert-v01@openssh.com, | 843 | ecdsa-sha2-nistp384-cert-v01@openssh.com, |
841 | ecdsa-sha2-nistp521-cert-v01@openssh.com, | 844 | ecdsa-sha2-nistp521-cert-v01@openssh.com, |
842 | ssh-ed25519-cert-v01@openssh.com, | 845 | ssh-ed25519-cert-v01@openssh.com, |
843 | rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com, | 846 | rsa-sha2-512-cert-v01@openssh.com, |
847 | rsa-sha2-256-cert-v01@openssh.com, | ||
844 | ssh-rsa-cert-v01@openssh.com, | 848 | ssh-rsa-cert-v01@openssh.com, |
845 | ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, | 849 | ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, |
846 | ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa | 850 | ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa |
@@ -883,6 +887,8 @@ even if | |||
883 | .Xr ssh-agent 1 | 887 | .Xr ssh-agent 1 |
884 | or a | 888 | or a |
885 | .Cm PKCS11Provider | 889 | .Cm PKCS11Provider |
890 | or | ||
891 | .Cm SecurityKeyProvider | ||
886 | offers more identities. | 892 | offers more identities. |
887 | The argument to this keyword must be | 893 | The argument to this keyword must be |
888 | .Cm yes | 894 | .Cm yes |
@@ -919,11 +925,12 @@ or the tokens described in the | |||
919 | .Sx TOKENS | 925 | .Sx TOKENS |
920 | section. | 926 | section. |
921 | .It Cm IdentityFile | 927 | .It Cm IdentityFile |
922 | Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA authentication | 928 | Specifies a file from which the user's DSA, ECDSA, security key-hosted ECDSA, |
923 | identity is read. | 929 | Ed25519 or RSA authentication identity is read. |
924 | The default is | 930 | The default is |
925 | .Pa ~/.ssh/id_dsa , | 931 | .Pa ~/.ssh/id_dsa , |
926 | .Pa ~/.ssh/id_ecdsa , | 932 | .Pa ~/.ssh/id_ecdsa , |
933 | .Pa ~/.ssh/id_ecdsa_sk , | ||
927 | .Pa ~/.ssh/id_ed25519 | 934 | .Pa ~/.ssh/id_ed25519 |
928 | and | 935 | and |
929 | .Pa ~/.ssh/id_rsa . | 936 | .Pa ~/.ssh/id_rsa . |
@@ -1315,12 +1322,15 @@ character, then the specified key types will be placed at the head of the | |||
1315 | default set. | 1322 | default set. |
1316 | The default for this option is: | 1323 | The default for this option is: |
1317 | .Bd -literal -offset 3n | 1324 | .Bd -literal -offset 3n |
1325 | sk-ecdsa-sha2-nistp256-cert-v01@openssh.com, | ||
1318 | ecdsa-sha2-nistp256-cert-v01@openssh.com, | 1326 | ecdsa-sha2-nistp256-cert-v01@openssh.com, |
1319 | ecdsa-sha2-nistp384-cert-v01@openssh.com, | 1327 | ecdsa-sha2-nistp384-cert-v01@openssh.com, |
1320 | ecdsa-sha2-nistp521-cert-v01@openssh.com, | 1328 | ecdsa-sha2-nistp521-cert-v01@openssh.com, |
1321 | ssh-ed25519-cert-v01@openssh.com, | 1329 | ssh-ed25519-cert-v01@openssh.com, |
1322 | rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com, | 1330 | rsa-sha2-512-cert-v01@openssh.com, |
1331 | rsa-sha2-256-cert-v01@openssh.com, | ||
1323 | ssh-rsa-cert-v01@openssh.com, | 1332 | ssh-rsa-cert-v01@openssh.com, |
1333 | sk-ecdsa-sha2-nistp256@openssh.com, | ||
1324 | ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, | 1334 | ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, |
1325 | ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa | 1335 | ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa |
1326 | .Ed | 1336 | .Ed |
@@ -1437,6 +1447,11 @@ an OpenSSH Key Revocation List (KRL) as generated by | |||
1437 | .Xr ssh-keygen 1 . | 1447 | .Xr ssh-keygen 1 . |
1438 | For more information on KRLs, see the KEY REVOCATION LISTS section in | 1448 | For more information on KRLs, see the KEY REVOCATION LISTS section in |
1439 | .Xr ssh-keygen 1 . | 1449 | .Xr ssh-keygen 1 . |
1450 | .It Cm SecurityKeyProvider | ||
1451 | Specifies a path to a security key provider library that will be used when | ||
1452 | loading any security key-hosted keys, overriding the default of using the | ||
1453 | .Ev SSH_SK_PROVIDER | ||
1454 | environment variable to specify a provider. | ||
1440 | .It Cm SendEnv | 1455 | .It Cm SendEnv |
1441 | Specifies what variables from the local | 1456 | Specifies what variables from the local |
1442 | .Xr environ 7 | 1457 | .Xr environ 7 |