upstream: Fill in missing man page bits for U2F security key support:

Mention the new key types, the ~/.ssh/id_ecdsa_sk file, ssh's SecurityKeyProvider keyword, the SSH_SK_PROVIDER environment variable, and ssh-keygen's new -w and -x options. Copy the ssh-sk-helper man page from ssh-pkcs11-helper with minimal substitutions. ok djm@ OpenBSD-Commit-ID: ef2e8f83d0c0ce11ad9b8c28945747e5ca337ac4
author: naddy@openbsd.org <naddy@openbsd.org> 2019-11-07 08:38:38 +0000
committer: Damien Miller <djm@mindrot.org> 2019-11-08 14:09:32 +1100
commit: aa4c640dc362816d63584a16e786d5e314e24390 (patch)
tree: ff9a6015ea0de5579d49d66d42590d93887fd7aa /sshd.8
parent: b236b27d6dada7f0542214003632b4e9b7aa1380 (diff)
1 files changed, 24 insertions, 13 deletions
diff --git a/sshd.8 b/sshd.8
index fb133c14b..14d5a2dac 100644
--- a/sshd.8
+++ b/sshd.8
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.304 2018/07/22 12:16:59 dtucker Exp $
+.\" $OpenBSD: sshd.8,v 1.305 2019/11/07 08:38:38 naddy Exp $
-.Dd $Mdocdate: July 22 2018 $
+.Dd $Mdocdate: November 7 2019 $
 .Dt SSHD 8
 .Os
 .Sh NAME
@@ -429,24 +429,35 @@ comments).
 Public keys consist of the following space-separated fields:
 options, keytype, base64-encoded key, comment.
 The options field is optional.
-The keytype is
+The supported key types are:
-.Dq ecdsa-sha2-nistp256 ,
+.Pp
-.Dq ecdsa-sha2-nistp384 ,
+.Bl -item -compact -offset indent
-.Dq ecdsa-sha2-nistp521 ,
+.It
-.Dq ssh-ed25519 ,
+sk-ecdsa-sha2-nistp256@openssh.com
-.Dq ssh-dss
+.It
-or
+ecdsa-sha2-nistp256
-.Dq ssh-rsa ;
+.It
-the comment field is not used for anything (but may be convenient for the
+ecdsa-sha2-nistp384
+.It
+ecdsa-sha2-nistp521
+.It
+ssh-ed25519
+.It
+ssh-dss
+.It
+ssh-rsa
+.El
+.Pp
+The comment field is not used for anything (but may be convenient for the
 user to identify the key).
 .Pp
 Note that lines in this file can be several hundred bytes long
 (because of the size of the public key encoding) up to a limit of
-8 kilobytes, which permits DSA keys up to 8 kilobits and RSA
+8 kilobytes, which permits RSA keys up to 16 kilobits.
-keys up to 16 kilobits.
 You don't want to type them in; instead, copy the
 .Pa id_dsa.pub ,
 .Pa id_ecdsa.pub ,
+.Pa id_ecdsa_sk.pub ,
 .Pa id_ed25519.pub ,
 or the
 .Pa id_rsa.pub
author	naddy@openbsd.org <naddy@openbsd.org>	2019-11-07 08:38:38 +0000
committer	Damien Miller <djm@mindrot.org>	2019-11-08 14:09:32 +1100
commit	aa4c640dc362816d63584a16e786d5e314e24390 (patch)
tree	ff9a6015ea0de5579d49d66d42590d93887fd7aa /sshd.8
parent	b236b27d6dada7f0542214003632b4e9b7aa1380 (diff)

diff --git a/sshd.8 b/sshd.8 index fb133c14b..14d5a2dac 100644 --- a/sshd.8 +++ b/sshd.8
@@ -33,8 +33,8 @@
33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35	.\"	35	.\"
36	.\" $OpenBSD: sshd.8,v 1.304 2018/07/22 12:16:59 dtucker Exp $	36	.\" $OpenBSD: sshd.8,v 1.305 2019/11/07 08:38:38 naddy Exp $
37	.Dd $Mdocdate: July 22 2018 $	37	.Dd $Mdocdate: November 7 2019 $
38	.Dt SSHD 8	38	.Dt SSHD 8
39	.Os	39	.Os
40	.Sh NAME	40	.Sh NAME
@@ -429,24 +429,35 @@ comments).
429	Public keys consist of the following space-separated fields:	429	Public keys consist of the following space-separated fields:
430	options, keytype, base64-encoded key, comment.	430	options, keytype, base64-encoded key, comment.
431	The options field is optional.	431	The options field is optional.
432	The keytype is	432	The supported key types are:
433	.Dq ecdsa-sha2-nistp256 ,	433	.Pp
434	.Dq ecdsa-sha2-nistp384 ,	434	.Bl -item -compact -offset indent
435	.Dq ecdsa-sha2-nistp521 ,	435	.It
436	.Dq ssh-ed25519 ,	436	sk-ecdsa-sha2-nistp256@openssh.com
437	.Dq ssh-dss	437	.It
438	or	438	ecdsa-sha2-nistp256
439	.Dq ssh-rsa ;	439	.It
440	the comment field is not used for anything (but may be convenient for the	440	ecdsa-sha2-nistp384
		441	.It
		442	ecdsa-sha2-nistp521
		443	.It
		444	ssh-ed25519
		445	.It
		446	ssh-dss
		447	.It
		448	ssh-rsa
		449	.El
		450	.Pp
		451	The comment field is not used for anything (but may be convenient for the
441	user to identify the key).	452	user to identify the key).
442	.Pp	453	.Pp
443	Note that lines in this file can be several hundred bytes long	454	Note that lines in this file can be several hundred bytes long
444	(because of the size of the public key encoding) up to a limit of	455	(because of the size of the public key encoding) up to a limit of
445	8 kilobytes, which permits DSA keys up to 8 kilobits and RSA	456	8 kilobytes, which permits RSA keys up to 16 kilobits.
446	keys up to 16 kilobits.
447	You don't want to type them in; instead, copy the	457	You don't want to type them in; instead, copy the
448	.Pa id_dsa.pub ,	458	.Pa id_dsa.pub ,
449	.Pa id_ecdsa.pub ,	459	.Pa id_ecdsa.pub ,
		460	.Pa id_ecdsa_sk.pub ,
450	.Pa id_ed25519.pub ,	461	.Pa id_ed25519.pub ,
451	or the	462	or the
452	.Pa id_rsa.pub	463	.Pa id_rsa.pub