summaryrefslogtreecommitdiff
path: root/ssh_config.5
diff options
context:
space:
mode:
authornaddy@openbsd.org <naddy@openbsd.org>2019-11-07 08:38:38 +0000
committerDamien Miller <djm@mindrot.org>2019-11-08 14:09:32 +1100
commitaa4c640dc362816d63584a16e786d5e314e24390 (patch)
treeff9a6015ea0de5579d49d66d42590d93887fd7aa /ssh_config.5
parentb236b27d6dada7f0542214003632b4e9b7aa1380 (diff)
upstream: Fill in missing man page bits for U2F security key support:
Mention the new key types, the ~/.ssh/id_ecdsa_sk file, ssh's SecurityKeyProvider keyword, the SSH_SK_PROVIDER environment variable, and ssh-keygen's new -w and -x options. Copy the ssh-sk-helper man page from ssh-pkcs11-helper with minimal substitutions. ok djm@ OpenBSD-Commit-ID: ef2e8f83d0c0ce11ad9b8c28945747e5ca337ac4
Diffstat (limited to 'ssh_config.5')
-rw-r--r--ssh_config.531
1 files changed, 23 insertions, 8 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index 02a87892d..ad016470c 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\" 35.\"
36.\" $OpenBSD: ssh_config.5,v 1.304 2019/09/13 04:52:34 djm Exp $ 36.\" $OpenBSD: ssh_config.5,v 1.305 2019/11/07 08:38:38 naddy Exp $
37.Dd $Mdocdate: September 13 2019 $ 37.Dd $Mdocdate: November 7 2019 $
38.Dt SSH_CONFIG 5 38.Dt SSH_CONFIG 5
39.Os 39.Os
40.Sh NAME 40.Sh NAME
@@ -381,7 +381,9 @@ flag to
381via 381via
382.Xr ssh-agent 1 , 382.Xr ssh-agent 1 ,
383or via a 383or via a
384.Cm PKCS11Provider . 384.Cm PKCS11Provider
385or
386.Cm SecurityKeyProvider .
385.Pp 387.Pp
386Arguments to 388Arguments to
387.Cm CertificateFile 389.Cm CertificateFile
@@ -808,7 +810,8 @@ ecdsa-sha2-nistp256-cert-v01@openssh.com,
808ecdsa-sha2-nistp384-cert-v01@openssh.com, 810ecdsa-sha2-nistp384-cert-v01@openssh.com,
809ecdsa-sha2-nistp521-cert-v01@openssh.com, 811ecdsa-sha2-nistp521-cert-v01@openssh.com,
810ssh-ed25519-cert-v01@openssh.com, 812ssh-ed25519-cert-v01@openssh.com,
811rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com, 813rsa-sha2-512-cert-v01@openssh.com,
814rsa-sha2-256-cert-v01@openssh.com,
812ssh-rsa-cert-v01@openssh.com, 815ssh-rsa-cert-v01@openssh.com,
813ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 816ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
814ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa 817ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
@@ -840,7 +843,8 @@ ecdsa-sha2-nistp256-cert-v01@openssh.com,
840ecdsa-sha2-nistp384-cert-v01@openssh.com, 843ecdsa-sha2-nistp384-cert-v01@openssh.com,
841ecdsa-sha2-nistp521-cert-v01@openssh.com, 844ecdsa-sha2-nistp521-cert-v01@openssh.com,
842ssh-ed25519-cert-v01@openssh.com, 845ssh-ed25519-cert-v01@openssh.com,
843rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com, 846rsa-sha2-512-cert-v01@openssh.com,
847rsa-sha2-256-cert-v01@openssh.com,
844ssh-rsa-cert-v01@openssh.com, 848ssh-rsa-cert-v01@openssh.com,
845ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 849ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
846ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa 850ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
@@ -883,6 +887,8 @@ even if
883.Xr ssh-agent 1 887.Xr ssh-agent 1
884or a 888or a
885.Cm PKCS11Provider 889.Cm PKCS11Provider
890or
891.Cm SecurityKeyProvider
886offers more identities. 892offers more identities.
887The argument to this keyword must be 893The argument to this keyword must be
888.Cm yes 894.Cm yes
@@ -919,11 +925,12 @@ or the tokens described in the
919.Sx TOKENS 925.Sx TOKENS
920section. 926section.
921.It Cm IdentityFile 927.It Cm IdentityFile
922Specifies a file from which the user's DSA, ECDSA, Ed25519 or RSA authentication 928Specifies a file from which the user's DSA, ECDSA, security key-hosted ECDSA,
923identity is read. 929Ed25519 or RSA authentication identity is read.
924The default is 930The default is
925.Pa ~/.ssh/id_dsa , 931.Pa ~/.ssh/id_dsa ,
926.Pa ~/.ssh/id_ecdsa , 932.Pa ~/.ssh/id_ecdsa ,
933.Pa ~/.ssh/id_ecdsa_sk ,
927.Pa ~/.ssh/id_ed25519 934.Pa ~/.ssh/id_ed25519
928and 935and
929.Pa ~/.ssh/id_rsa . 936.Pa ~/.ssh/id_rsa .
@@ -1315,12 +1322,15 @@ character, then the specified key types will be placed at the head of the
1315default set. 1322default set.
1316The default for this option is: 1323The default for this option is:
1317.Bd -literal -offset 3n 1324.Bd -literal -offset 3n
1325sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
1318ecdsa-sha2-nistp256-cert-v01@openssh.com, 1326ecdsa-sha2-nistp256-cert-v01@openssh.com,
1319ecdsa-sha2-nistp384-cert-v01@openssh.com, 1327ecdsa-sha2-nistp384-cert-v01@openssh.com,
1320ecdsa-sha2-nistp521-cert-v01@openssh.com, 1328ecdsa-sha2-nistp521-cert-v01@openssh.com,
1321ssh-ed25519-cert-v01@openssh.com, 1329ssh-ed25519-cert-v01@openssh.com,
1322rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com, 1330rsa-sha2-512-cert-v01@openssh.com,
1331rsa-sha2-256-cert-v01@openssh.com,
1323ssh-rsa-cert-v01@openssh.com, 1332ssh-rsa-cert-v01@openssh.com,
1333sk-ecdsa-sha2-nistp256@openssh.com,
1324ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521, 1334ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
1325ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa 1335ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
1326.Ed 1336.Ed
@@ -1437,6 +1447,11 @@ an OpenSSH Key Revocation List (KRL) as generated by
1437.Xr ssh-keygen 1 . 1447.Xr ssh-keygen 1 .
1438For more information on KRLs, see the KEY REVOCATION LISTS section in 1448For more information on KRLs, see the KEY REVOCATION LISTS section in
1439.Xr ssh-keygen 1 . 1449.Xr ssh-keygen 1 .
1450.It Cm SecurityKeyProvider
1451Specifies a path to a security key provider library that will be used when
1452loading any security key-hosted keys, overriding the default of using the
1453.Ev SSH_SK_PROVIDER
1454environment variable to specify a provider.
1440.It Cm SendEnv 1455.It Cm SendEnv
1441Specifies what variables from the local 1456Specifies what variables from the local
1442.Xr environ 7 1457.Xr environ 7