diff options
-rw-r--r-- | moduli.5 | 4 | ||||
-rw-r--r-- | ssh-keygen.1 | 12 | ||||
-rw-r--r-- | ssh.1 | 4 | ||||
-rw-r--r-- | sshd.8 | 5 | ||||
-rw-r--r-- | sshd_config.5 | 3 |
5 files changed, 13 insertions, 15 deletions
@@ -21,7 +21,7 @@ | |||
21 | .Nd Diffie-Hellman moduli | 21 | .Nd Diffie-Hellman moduli |
22 | .Sh DESCRIPTION | 22 | .Sh DESCRIPTION |
23 | The | 23 | The |
24 | .Pa /etc/moduli | 24 | .Pa /etc/ssh/moduli |
25 | file contains prime numbers and generators for use by | 25 | file contains prime numbers and generators for use by |
26 | .Xr sshd 8 | 26 | .Xr sshd 8 |
27 | in the Diffie-Hellman Group Exchange key exchange method. | 27 | in the Diffie-Hellman Group Exchange key exchange method. |
@@ -110,7 +110,7 @@ first estimates the size of the modulus required to produce enough | |||
110 | Diffie-Hellman output to sufficiently key the selected symmetric cipher. | 110 | Diffie-Hellman output to sufficiently key the selected symmetric cipher. |
111 | .Xr sshd 8 | 111 | .Xr sshd 8 |
112 | then randomly selects a modulus from | 112 | then randomly selects a modulus from |
113 | .Fa /etc/moduli | 113 | .Fa /etc/ssh/moduli |
114 | that best meets the size requirement. | 114 | that best meets the size requirement. |
115 | .Sh SEE ALSO | 115 | .Sh SEE ALSO |
116 | .Xr ssh-keygen 1 , | 116 | .Xr ssh-keygen 1 , |
diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 0d55854e9..151cab0ef 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 | |||
@@ -171,9 +171,7 @@ key in | |||
171 | .Pa ~/.ssh/id_dsa | 171 | .Pa ~/.ssh/id_dsa |
172 | or | 172 | or |
173 | .Pa ~/.ssh/id_rsa . | 173 | .Pa ~/.ssh/id_rsa . |
174 | Additionally, the system administrator may use this to generate host keys, | 174 | Additionally, the system administrator may use this to generate host keys. |
175 | as seen in | ||
176 | .Pa /etc/rc . | ||
177 | .Pp | 175 | .Pp |
178 | Normally this program generates the key and asks for a file in which | 176 | Normally this program generates the key and asks for a file in which |
179 | to store the private key. | 177 | to store the private key. |
@@ -219,9 +217,7 @@ The options are as follows: | |||
219 | For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys | 217 | For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys |
220 | do not exist, generate the host keys with the default key file path, | 218 | do not exist, generate the host keys with the default key file path, |
221 | an empty passphrase, default bits for the key type, and default comment. | 219 | an empty passphrase, default bits for the key type, and default comment. |
222 | This is used by | 220 | This is used by system administration scripts to generate new host keys. |
223 | .Pa /etc/rc | ||
224 | to generate new host keys. | ||
225 | .It Fl a Ar trials | 221 | .It Fl a Ar trials |
226 | Specifies the number of primality tests to perform when screening DH-GEX | 222 | Specifies the number of primality tests to perform when screening DH-GEX |
227 | candidates using the | 223 | candidates using the |
@@ -605,7 +601,7 @@ option. | |||
605 | Valid generator values are 2, 3, and 5. | 601 | Valid generator values are 2, 3, and 5. |
606 | .Pp | 602 | .Pp |
607 | Screened DH groups may be installed in | 603 | Screened DH groups may be installed in |
608 | .Pa /etc/moduli . | 604 | .Pa /etc/ssh/moduli . |
609 | It is important that this file contains moduli of a range of bit lengths and | 605 | It is important that this file contains moduli of a range of bit lengths and |
610 | that both ends of a connection share common moduli. | 606 | that both ends of a connection share common moduli. |
611 | .Sh CERTIFICATES | 607 | .Sh CERTIFICATES |
@@ -800,7 +796,7 @@ on all machines | |||
800 | where the user wishes to log in using public key authentication. | 796 | where the user wishes to log in using public key authentication. |
801 | There is no need to keep the contents of this file secret. | 797 | There is no need to keep the contents of this file secret. |
802 | .Pp | 798 | .Pp |
803 | .It Pa /etc/moduli | 799 | .It Pa /etc/ssh/moduli |
804 | Contains Diffie-Hellman groups used for DH-GEX. | 800 | Contains Diffie-Hellman groups used for DH-GEX. |
805 | The file format is described in | 801 | The file format is described in |
806 | .Xr moduli 5 . | 802 | .Xr moduli 5 . |
@@ -756,6 +756,10 @@ Protocol 1 is restricted to using only RSA keys, | |||
756 | but protocol 2 may use any. | 756 | but protocol 2 may use any. |
757 | The HISTORY section of | 757 | The HISTORY section of |
758 | .Xr ssl 8 | 758 | .Xr ssl 8 |
759 | (on non-OpenBSD systems, see | ||
760 | .nh | ||
761 | http://www.openbsd.org/cgi\-bin/man.cgi?query=ssl&sektion=8#HISTORY) | ||
762 | .hy | ||
759 | contains a brief discussion of the DSA and RSA algorithms. | 763 | contains a brief discussion of the DSA and RSA algorithms. |
760 | .Pp | 764 | .Pp |
761 | The file | 765 | The file |
@@ -70,7 +70,7 @@ over an insecure network. | |||
70 | .Nm | 70 | .Nm |
71 | listens for connections from clients. | 71 | listens for connections from clients. |
72 | It is normally started at boot from | 72 | It is normally started at boot from |
73 | .Pa /etc/rc . | 73 | .Pa /etc/init.d/ssh . |
74 | It forks a new | 74 | It forks a new |
75 | daemon for each incoming connection. | 75 | daemon for each incoming connection. |
76 | The forked daemons handle | 76 | The forked daemons handle |
@@ -859,7 +859,7 @@ This file is for host-based authentication (see | |||
859 | .Xr ssh 1 ) . | 859 | .Xr ssh 1 ) . |
860 | It should only be writable by root. | 860 | It should only be writable by root. |
861 | .Pp | 861 | .Pp |
862 | .It Pa /etc/moduli | 862 | .It Pa /etc/ssh/moduli |
863 | Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". | 863 | Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". |
864 | The file format is described in | 864 | The file format is described in |
865 | .Xr moduli 5 . | 865 | .Xr moduli 5 . |
@@ -956,7 +956,6 @@ The content of this file is not sensitive; it can be world-readable. | |||
956 | .Xr ssh-keyscan 1 , | 956 | .Xr ssh-keyscan 1 , |
957 | .Xr chroot 2 , | 957 | .Xr chroot 2 , |
958 | .Xr hosts_access 5 , | 958 | .Xr hosts_access 5 , |
959 | .Xr login.conf 5 , | ||
960 | .Xr moduli 5 , | 959 | .Xr moduli 5 , |
961 | .Xr sshd_config 5 , | 960 | .Xr sshd_config 5 , |
962 | .Xr inetd 8 , | 961 | .Xr inetd 8 , |
diff --git a/sshd_config.5 b/sshd_config.5 index 50eec53ab..04b5f1ae8 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -283,8 +283,7 @@ This option is only available for protocol version 2. | |||
283 | By default, no banner is displayed. | 283 | By default, no banner is displayed. |
284 | .It Cm ChallengeResponseAuthentication | 284 | .It Cm ChallengeResponseAuthentication |
285 | Specifies whether challenge-response authentication is allowed (e.g. via | 285 | Specifies whether challenge-response authentication is allowed (e.g. via |
286 | PAM or though authentication styles supported in | 286 | PAM). |
287 | .Xr login.conf 5 ) | ||
288 | The default is | 287 | The default is |
289 | .Dq yes . | 288 | .Dq yes . |
290 | .It Cm ChrootDirectory | 289 | .It Cm ChrootDirectory |