upstream commit

since these pages now clearly tell folks to avoid v1, normalise the docs from a v2 perspective (i.e. stop pointing out which bits are v2 only); ok/tweaks djm ok markus Upstream-ID: eb474f8c36fb6a532dc05c282f7965e38dcfa129
author: jmc@openbsd.org <jmc@openbsd.org> 2016-02-17 07:38:19 +0000
committer: Damien Miller <djm@mindrot.org> 2016-02-18 09:24:40 +1100
commit: a685ae8d1c24fb7c712c55a4f3280ee76f5f1e4b (patch)
tree: e584cc9a85e18c54887ca626295a6222d075e6ae /sshd.8
parent: c5c3f3279a0e4044b8de71b70d3570d692d0f29d (diff)
1 files changed, 7 insertions, 9 deletions
diff --git a/sshd.8 b/sshd.8
index e658523a5..6c521f23e 100644
--- a/sshd.8
+++ b/sshd.8
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.283 2016/02/05 03:07:06 djm Exp $
+.\" $OpenBSD: sshd.8,v 1.284 2016/02/17 07:38:19 jmc Exp $
-.Dd $Mdocdate: February 5 2016 $
+.Dd $Mdocdate: February 17 2016 $
 .Dt SSHD 8
 .Os
 .Sh NAME
@@ -275,14 +275,12 @@ though this can be changed via the
 .Cm Protocol
 option in
 .Xr sshd_config 5 .
-Protocol 2 supports DSA, ECDSA, Ed25519 and RSA keys;
+Protocol 1 should not be used
-protocol 1 only supports RSA keys.
+and is only offered to support legacy devices.
-For both protocols,
-each host has a host-specific key,
-normally 2048 bits,
-used to identify the host.
 .Pp
-Forward security for protocol 1 is provided through
+Each host has a host-specific key,
+used to identify the host.
+Partial forward security for protocol 1 is provided through
 an additional server key,
 normally 1024 bits,
 generated when the server starts.
author	jmc@openbsd.org <jmc@openbsd.org>	2016-02-17 07:38:19 +0000
committer	Damien Miller <djm@mindrot.org>	2016-02-18 09:24:40 +1100
commit	a685ae8d1c24fb7c712c55a4f3280ee76f5f1e4b (patch)
tree	e584cc9a85e18c54887ca626295a6222d075e6ae /sshd.8
parent	c5c3f3279a0e4044b8de71b70d3570d692d0f29d (diff)

diff --git a/sshd.8 b/sshd.8 index e658523a5..6c521f23e 100644 --- a/sshd.8 +++ b/sshd.8
@@ -33,8 +33,8 @@
33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35	.\"	35	.\"
36	.\" $OpenBSD: sshd.8,v 1.283 2016/02/05 03:07:06 djm Exp $	36	.\" $OpenBSD: sshd.8,v 1.284 2016/02/17 07:38:19 jmc Exp $
37	.Dd $Mdocdate: February 5 2016 $	37	.Dd $Mdocdate: February 17 2016 $
38	.Dt SSHD 8	38	.Dt SSHD 8
39	.Os	39	.Os
40	.Sh NAME	40	.Sh NAME
@@ -275,14 +275,12 @@ though this can be changed via the
275	.Cm Protocol	275	.Cm Protocol
276	option in	276	option in
277	.Xr sshd_config 5 .	277	.Xr sshd_config 5 .
278	Protocol 2 supports DSA, ECDSA, Ed25519 and RSA keys;	278	Protocol 1 should not be used
279	protocol 1 only supports RSA keys.	279	and is only offered to support legacy devices.
280	For both protocols,
281	each host has a host-specific key,
282	normally 2048 bits,
283	used to identify the host.
284	.Pp	280	.Pp
285	Forward security for protocol 1 is provided through	281	Each host has a host-specific key,
		282	used to identify the host.
		283	Partial forward security for protocol 1 is provided through
286	an additional server key,	284	an additional server key,
287	normally 1024 bits,	285	normally 1024 bits,
288	generated when the server starts.	286	generated when the server starts.