upstream: Replace the term "security key" with "(FIDO)

authenticator". The polysemous use of "key" was too confusing. Input from markus@. ok jmc@ OpenBSD-Commit-ID: 12eea973a44c8232af89f86e4269d71ae900ca8f
author: naddy@openbsd.org <naddy@openbsd.org> 2019-12-21 20:22:34 +0000
committer: Damien Miller <djm@mindrot.org> 2019-12-30 14:31:40 +1100
commit: 141df487ba699cfd1ec3dcd98186e7c956e99024 (patch)
tree: d759e3195bf74db1bf1673c563dd24450fcc4c50 /sshd_config.5
parent: fbd9729d4eadf2f7097b6017156387ac64302453 (diff)
1 files changed, 9 insertions, 9 deletions
diff --git a/sshd_config.5 b/sshd_config.5
index 222193170..76ec69baf 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.296 2019/12/19 15:09:30 naddy Exp $
+.\" $OpenBSD: sshd_config.5,v 1.297 2019/12/21 20:22:34 naddy Exp $
-.Dd $Mdocdate: December 19 2019 $
+.Dd $Mdocdate: December 21 2019 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -1462,20 +1462,20 @@ and
 .Pp
 The
 .Cm touch-required
-option causes public key authentication using a security key algorithm
+option causes public key authentication using a FIDO authenticator algorithm
 (i.e.\&
 .Cm ecdsa-sk
 or
 .Cm ed25519-sk )
 to always require the signature to attest that a physically present user
-explicitly confirmed the authentication (usually by touching the security key).
+explicitly confirmed the authentication (usually by touching the authenticator).
 By default,
 .Xr sshd 8
-requires key touch unless overridden with an authorized_keys option.
+requires user presence unless overridden with an authorized_keys option.
 The
 .Cm touch-required
 flag disables this override.
-This option has no effect for other, non-security key, public key types.
+This option has no effect for other, non-authenticator public key types.
 .It Cm PubkeyAuthentication
 Specifies whether public key authentication is allowed.
 The default is
@@ -1527,9 +1527,9 @@ If the routing domain is set to
 .Cm \&%D ,
 then the domain in which the incoming connection was received will be applied.
 .It Cm SecurityKeyProvider
-Specifies a path to a security key provider library that will be used when
+Specifies a path to a library that will be used when loading
-loading any security key-hosted keys, overriding the default of using
+FIDO authenticator-hosted keys, overriding the default of using
-the built-in support for USB HID keys.
+the built-in USB HID support.
 .It Cm SetEnv
 Specifies one or more environment variables to set in child sessions started
 by
author	naddy@openbsd.org <naddy@openbsd.org>	2019-12-21 20:22:34 +0000
committer	Damien Miller <djm@mindrot.org>	2019-12-30 14:31:40 +1100
commit	141df487ba699cfd1ec3dcd98186e7c956e99024 (patch)
tree	d759e3195bf74db1bf1673c563dd24450fcc4c50 /sshd_config.5
parent	fbd9729d4eadf2f7097b6017156387ac64302453 (diff)

diff --git a/sshd_config.5 b/sshd_config.5 index 222193170..76ec69baf 100644 --- a/sshd_config.5 +++ b/sshd_config.5
@@ -33,8 +33,8 @@
33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35	.\"	35	.\"
36	.\" $OpenBSD: sshd_config.5,v 1.296 2019/12/19 15:09:30 naddy Exp $	36	.\" $OpenBSD: sshd_config.5,v 1.297 2019/12/21 20:22:34 naddy Exp $
37	.Dd $Mdocdate: December 19 2019 $	37	.Dd $Mdocdate: December 21 2019 $
38	.Dt SSHD_CONFIG 5	38	.Dt SSHD_CONFIG 5
39	.Os	39	.Os
40	.Sh NAME	40	.Sh NAME
@@ -1462,20 +1462,20 @@ and
1462	.Pp	1462	.Pp
1463	The	1463	The
1464	.Cm touch-required	1464	.Cm touch-required
1465	option causes public key authentication using a security key algorithm	1465	option causes public key authentication using a FIDO authenticator algorithm
1466	(i.e.\&	1466	(i.e.\&
1467	.Cm ecdsa-sk	1467	.Cm ecdsa-sk
1468	or	1468	or
1469	.Cm ed25519-sk )	1469	.Cm ed25519-sk )
1470	to always require the signature to attest that a physically present user	1470	to always require the signature to attest that a physically present user
1471	explicitly confirmed the authentication (usually by touching the security key).	1471	explicitly confirmed the authentication (usually by touching the authenticator).
1472	By default,	1472	By default,
1473	.Xr sshd 8	1473	.Xr sshd 8
1474	requires key touch unless overridden with an authorized_keys option.	1474	requires user presence unless overridden with an authorized_keys option.
1475	The	1475	The
1476	.Cm touch-required	1476	.Cm touch-required
1477	flag disables this override.	1477	flag disables this override.
1478	This option has no effect for other, non-security key, public key types.	1478	This option has no effect for other, non-authenticator public key types.
1479	.It Cm PubkeyAuthentication	1479	.It Cm PubkeyAuthentication
1480	Specifies whether public key authentication is allowed.	1480	Specifies whether public key authentication is allowed.
1481	The default is	1481	The default is
@@ -1527,9 +1527,9 @@ If the routing domain is set to
1527	.Cm \&%D ,	1527	.Cm \&%D ,
1528	then the domain in which the incoming connection was received will be applied.	1528	then the domain in which the incoming connection was received will be applied.
1529	.It Cm SecurityKeyProvider	1529	.It Cm SecurityKeyProvider
1530	Specifies a path to a security key provider library that will be used when	1530	Specifies a path to a library that will be used when loading
1531	loading any security key-hosted keys, overriding the default of using	1531	FIDO authenticator-hosted keys, overriding the default of using
1532	the built-in support for USB HID keys.	1532	the built-in USB HID support.
1533	.It Cm SetEnv	1533	.It Cm SetEnv
1534	Specifies one or more environment variables to set in child sessions started	1534	Specifies one or more environment variables to set in child sessions started
1535	by	1535	by