4 files changed, 27 insertions, 5 deletions
diff --git a/ChangeLog b/ChangeLog
index 5e1bb231b..0f062fa60 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -29,6 +29,10 @@
   - jmc@cvs.openbsd.org 2010/03/05 08:31:20
     [ssh.1]
     document certificate authentication; help/ok djm
+   - djm@cvs.openbsd.org 2010/03/05 10:28:21
+     [ssh-add.1 ssh.1 ssh_config.5]
+     mention loading of certificate files from [private]-cert.pub when
+     they are present; feedback and ok jmc@
 - (tim) [ssh-pkcs11.c] Fix "non-constant initializer" errors in older
   compilers. OK djm@
 - (djm) [ssh-rand-helper.c] declare optind, avoiding compilation failure
diff --git a/ssh-add.1 b/ssh-add.1
index 0d5e39272..d7cc53101 100644
--- a/ssh-add.1
+++ b/ssh-add.1
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: ssh-add.1,v 1.51 2010/02/10 23:20:38 markus Exp $
+.\"     $OpenBSD: ssh-add.1,v 1.52 2010/03/05 10:28:21 djm Exp $
 .\"
 .\"  -*- nroff -*-
 .\"
@@ -37,7 +37,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: February 10 2010 $
+.Dd $Mdocdate: March 5 2010 $
 .Dt SSH-ADD 1
 .Os
 .Sh NAME
@@ -61,7 +61,14 @@ When run without arguments, it adds the files
 .Pa ~/.ssh/id_dsa
 and
 .Pa ~/.ssh/identity .
+After loading a private key,
+.Nm
+will try to load corresponding certificate information from the
+filename obtained by appending
+.Pa -cert.pub
+to the name of the private key file.
 Alternative file names can be given on the command line.
+.Pp
 If any file requires a passphrase,
 .Nm
 asks for the passphrase from the user.
diff --git a/ssh.1 b/ssh.1
index c1a408348..3f815b8e7 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.301 2010/03/05 08:31:20 jmc Exp $
+.\" $OpenBSD: ssh.1,v 1.302 2010/03/05 10:28:21 djm Exp $
 .Dd $Mdocdate: March 5 2010 $
 .Dt SSH 1
 .Os
@@ -306,6 +306,11 @@ It is possible to have multiple
 .Fl i
 options (and multiple identities specified in
 configuration files).
+.Nm
+will also try to load certificate information from the filename obtained
+by appending
+.Pa -cert.pub
+to identity filenames.
 .It Fl K
 Enables GSSAPI-based authentication and forwarding (delegation) of GSSAPI
 credentials to the server.
diff --git a/ssh_config.5 b/ssh_config.5
index 7ab5d02fd..8cf02597d 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,8 +34,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.128 2010/02/10 23:20:38 markus Exp $
+.\" $OpenBSD: ssh_config.5,v 1.129 2010/03/05 10:28:21 djm Exp $
-.Dd $Mdocdate: February 10 2010 $
+.Dd $Mdocdate: March 5 2010 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -559,6 +559,12 @@ and
 for protocol version 2.
 Additionally, any identities represented by the authentication agent
 will be used for authentication.
+.Xr ssh 1
+will try to load certificate information from the filename obtained by
+appending
+.Pa -cert.pub
+to the path of a specified
+.Cm IdentityFile .
 .Pp
 The file name may use the tilde
 syntax to refer to a user's home directory or one of the following

diff --git a/ChangeLog b/ChangeLog index 5e1bb231b..0f062fa60 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -29,6 +29,10 @@
29	- jmc@cvs.openbsd.org 2010/03/05 08:31:20	29	- jmc@cvs.openbsd.org 2010/03/05 08:31:20
30	[ssh.1]	30	[ssh.1]
31	document certificate authentication; help/ok djm	31	document certificate authentication; help/ok djm
		32	- djm@cvs.openbsd.org 2010/03/05 10:28:21
		33	[ssh-add.1 ssh.1 ssh_config.5]
		34	mention loading of certificate files from [private]-cert.pub when
		35	they are present; feedback and ok jmc@
32	- (tim) [ssh-pkcs11.c] Fix "non-constant initializer" errors in older	36	- (tim) [ssh-pkcs11.c] Fix "non-constant initializer" errors in older
33	compilers. OK djm@	37	compilers. OK djm@
34	- (djm) [ssh-rand-helper.c] declare optind, avoiding compilation failure	38	- (djm) [ssh-rand-helper.c] declare optind, avoiding compilation failure


diff --git a/ssh-add.1 b/ssh-add.1 index 0d5e39272..d7cc53101 100644 --- a/ssh-add.1 +++ b/ssh-add.1
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: ssh-add.1,v 1.51 2010/02/10 23:20:38 markus Exp $	1	.\" $OpenBSD: ssh-add.1,v 1.52 2010/03/05 10:28:21 djm Exp $
2	.\"	2	.\"
3	.\" -- nroff --	3	.\" -- nroff --
4	.\"	4	.\"
@@ -37,7 +37,7 @@
37	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	37	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
38	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	38	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
39	.\"	39	.\"
40	.Dd $Mdocdate: February 10 2010 $	40	.Dd $Mdocdate: March 5 2010 $
41	.Dt SSH-ADD 1	41	.Dt SSH-ADD 1
42	.Os	42	.Os
43	.Sh NAME	43	.Sh NAME
@@ -61,7 +61,14 @@ When run without arguments, it adds the files
61	.Pa ~/.ssh/id_dsa	61	.Pa ~/.ssh/id_dsa
62	and	62	and
63	.Pa ~/.ssh/identity .	63	.Pa ~/.ssh/identity .
		64	After loading a private key,
		65	.Nm
		66	will try to load corresponding certificate information from the
		67	filename obtained by appending
		68	.Pa -cert.pub
		69	to the name of the private key file.
64	Alternative file names can be given on the command line.	70	Alternative file names can be given on the command line.
		71	.Pp
65	If any file requires a passphrase,	72	If any file requires a passphrase,
66	.Nm	73	.Nm
67	asks for the passphrase from the user.	74	asks for the passphrase from the user.


diff --git a/ssh.1 b/ssh.1 index c1a408348..3f815b8e7 100644 --- a/ssh.1 +++ b/ssh.1
@@ -34,7 +34,7 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: ssh.1,v 1.301 2010/03/05 08:31:20 jmc Exp $	37	.\" $OpenBSD: ssh.1,v 1.302 2010/03/05 10:28:21 djm Exp $
38	.Dd $Mdocdate: March 5 2010 $	38	.Dd $Mdocdate: March 5 2010 $
39	.Dt SSH 1	39	.Dt SSH 1
40	.Os	40	.Os
@@ -306,6 +306,11 @@ It is possible to have multiple
306	.Fl i	306	.Fl i
307	options (and multiple identities specified in	307	options (and multiple identities specified in
308	configuration files).	308	configuration files).
		309	.Nm
		310	will also try to load certificate information from the filename obtained
		311	by appending
		312	.Pa -cert.pub
		313	to identity filenames.
309	.It Fl K	314	.It Fl K
310	Enables GSSAPI-based authentication and forwarding (delegation) of GSSAPI	315	Enables GSSAPI-based authentication and forwarding (delegation) of GSSAPI
311	credentials to the server.	316	credentials to the server.


diff --git a/ssh_config.5 b/ssh_config.5 index 7ab5d02fd..8cf02597d 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -34,8 +34,8 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: ssh_config.5,v 1.128 2010/02/10 23:20:38 markus Exp $	37	.\" $OpenBSD: ssh_config.5,v 1.129 2010/03/05 10:28:21 djm Exp $
38	.Dd $Mdocdate: February 10 2010 $	38	.Dd $Mdocdate: March 5 2010 $
39	.Dt SSH_CONFIG 5	39	.Dt SSH_CONFIG 5
40	.Os	40	.Os
41	.Sh NAME	41	.Sh NAME
@@ -559,6 +559,12 @@ and
559	for protocol version 2.	559	for protocol version 2.
560	Additionally, any identities represented by the authentication agent	560	Additionally, any identities represented by the authentication agent
561	will be used for authentication.	561	will be used for authentication.
		562	.Xr ssh 1
		563	will try to load certificate information from the filename obtained by
		564	appending
		565	.Pa -cert.pub
		566	to the path of a specified
		567	.Cm IdentityFile .
562	.Pp	568	.Pp
563	The file name may use the tilde	569	The file name may use the tilde
564	syntax to refer to a user's home directory or one of the following	570	syntax to refer to a user's home directory or one of the following