diff options
| -rw-r--r-- | ssh-add.1 | 9 | ||||
| -rw-r--r-- | ssh-keygen.1 | 17 | ||||
| -rw-r--r-- | ssh-keygen.c | 4 | ||||
| -rw-r--r-- | ssh.1 | 13 | ||||
| -rw-r--r-- | ssh_config.5 | 6 |
5 files changed, 31 insertions, 18 deletions
| @@ -1,4 +1,4 @@ | |||
| 1 | .\" $OpenBSD: ssh-add.1,v 1.74 2019/11/15 11:16:28 jmc Exp $ | 1 | .\" $OpenBSD: ssh-add.1,v 1.75 2019/11/18 23:16:49 naddy Exp $ |
| 2 | .\" | 2 | .\" |
| 3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -35,7 +35,7 @@ | |||
| 35 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 35 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 36 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 36 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 37 | .\" | 37 | .\" |
| 38 | .Dd $Mdocdate: November 15 2019 $ | 38 | .Dd $Mdocdate: November 18 2019 $ |
| 39 | .Dt SSH-ADD 1 | 39 | .Dt SSH-ADD 1 |
| 40 | .Os | 40 | .Os |
| 41 | .Sh NAME | 41 | .Sh NAME |
| @@ -64,8 +64,9 @@ When run without arguments, it adds the files | |||
| 64 | .Pa ~/.ssh/id_dsa , | 64 | .Pa ~/.ssh/id_dsa , |
| 65 | .Pa ~/.ssh/id_ecdsa , | 65 | .Pa ~/.ssh/id_ecdsa , |
| 66 | .Pa ~/.ssh/id_ecdsa_sk , | 66 | .Pa ~/.ssh/id_ecdsa_sk , |
| 67 | .Pa ~/.ssh/id_ed25519 , | ||
| 67 | and | 68 | and |
| 68 | .Pa ~/.ssh/id_ed25519 . | 69 | .Pa ~/.ssh/id_ed25519_sk . |
| 69 | After loading a private key, | 70 | After loading a private key, |
| 70 | .Nm | 71 | .Nm |
| 71 | will try to load corresponding certificate information from the | 72 | will try to load corresponding certificate information from the |
| @@ -209,6 +210,8 @@ Contains the ECDSA authentication identity of the user. | |||
| 209 | Contains the security key-hosted ECDSA authentication identity of the user. | 210 | Contains the security key-hosted ECDSA authentication identity of the user. |
| 210 | .It Pa ~/.ssh/id_ed25519 | 211 | .It Pa ~/.ssh/id_ed25519 |
| 211 | Contains the Ed25519 authentication identity of the user. | 212 | Contains the Ed25519 authentication identity of the user. |
| 213 | .It Pa ~/.ssh/id_ed25519_sk | ||
| 214 | Contains the security key-hosted Ed25519 authentication identity of the user. | ||
| 212 | .It Pa ~/.ssh/id_rsa | 215 | .It Pa ~/.ssh/id_rsa |
| 213 | Contains the RSA authentication identity of the user. | 216 | Contains the RSA authentication identity of the user. |
| 214 | .El | 217 | .El |
diff --git a/ssh-keygen.1 b/ssh-keygen.1 index e4b5e9d69..feaa69efe 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | .\" $OpenBSD: ssh-keygen.1,v 1.175 2019/11/18 04:50:45 djm Exp $ | 1 | .\" $OpenBSD: ssh-keygen.1,v 1.176 2019/11/18 23:16:49 naddy Exp $ |
| 2 | .\" | 2 | .\" |
| 3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -191,7 +191,8 @@ key in | |||
| 191 | .Pa ~/.ssh/id_dsa , | 191 | .Pa ~/.ssh/id_dsa , |
| 192 | .Pa ~/.ssh/id_ecdsa , | 192 | .Pa ~/.ssh/id_ecdsa , |
| 193 | .Pa ~/.ssh/id_ecdsa_sk , | 193 | .Pa ~/.ssh/id_ecdsa_sk , |
| 194 | .Pa ~/.ssh/id_ed25519 | 194 | .Pa ~/.ssh/id_ed25519 , |
| 195 | .Pa ~/.ssh/id_ed25519_sk | ||
| 195 | or | 196 | or |
| 196 | .Pa ~/.ssh/id_rsa . | 197 | .Pa ~/.ssh/id_rsa . |
| 197 | Additionally, the system administrator may use this to generate host keys, | 198 | Additionally, the system administrator may use this to generate host keys, |
| @@ -285,7 +286,7 @@ flag determines the key length by selecting from one of three elliptic | |||
| 285 | curve sizes: 256, 384 or 521 bits. | 286 | curve sizes: 256, 384 or 521 bits. |
| 286 | Attempting to use bit lengths other than these three values for ECDSA keys | 287 | Attempting to use bit lengths other than these three values for ECDSA keys |
| 287 | will fail. | 288 | will fail. |
| 288 | ECDSA-SK and Ed25519 keys have a fixed length and the | 289 | ECDSA-SK, Ed25519 and Ed25519-SK keys have a fixed length and the |
| 289 | .Fl b | 290 | .Fl b |
| 290 | flag will be ignored. | 291 | flag will be ignored. |
| 291 | .It Fl C Ar comment | 292 | .It Fl C Ar comment |
| @@ -1044,9 +1045,10 @@ hardware security keys. | |||
| 1044 | .It Pa ~/.ssh/id_ecdsa | 1045 | .It Pa ~/.ssh/id_ecdsa |
| 1045 | .It Pa ~/.ssh/id_ecdsa_sk | 1046 | .It Pa ~/.ssh/id_ecdsa_sk |
| 1046 | .It Pa ~/.ssh/id_ed25519 | 1047 | .It Pa ~/.ssh/id_ed25519 |
| 1048 | .It Pa ~/.ssh/id_ed25519_sk | ||
| 1047 | .It Pa ~/.ssh/id_rsa | 1049 | .It Pa ~/.ssh/id_rsa |
| 1048 | Contains the DSA, ECDSA, security key-hosted ECDSA, Ed25519 or RSA | 1050 | Contains the DSA, ECDSA, security key-hosted ECDSA, Ed25519, |
| 1049 | authentication identity of the user. | 1051 | security key-hosted Ed25519 or RSA authentication identity of the user. |
| 1050 | This file should not be readable by anyone but the user. | 1052 | This file should not be readable by anyone but the user. |
| 1051 | It is possible to | 1053 | It is possible to |
| 1052 | specify a passphrase when generating the key; that passphrase will be | 1054 | specify a passphrase when generating the key; that passphrase will be |
| @@ -1061,9 +1063,10 @@ will read this file when a login attempt is made. | |||
| 1061 | .It Pa ~/.ssh/id_ecdsa.pub | 1063 | .It Pa ~/.ssh/id_ecdsa.pub |
| 1062 | .It Pa ~/.ssh/id_ecdsa_sk.pub | 1064 | .It Pa ~/.ssh/id_ecdsa_sk.pub |
| 1063 | .It Pa ~/.ssh/id_ed25519.pub | 1065 | .It Pa ~/.ssh/id_ed25519.pub |
| 1066 | .It Pa ~/.ssh/id_ed25519_sk.pub | ||
| 1064 | .It Pa ~/.ssh/id_rsa.pub | 1067 | .It Pa ~/.ssh/id_rsa.pub |
| 1065 | Contains the DSA, ECDSA, security key-hosted ECDSA, Ed25519 or RSA | 1068 | Contains the DSA, ECDSA, security key-hosted ECDSA, Ed25519, |
| 1066 | public key for authentication. | 1069 | security key-hosted Ed25519 or RSA public key for authentication. |
| 1067 | The contents of this file should be added to | 1070 | The contents of this file should be added to |
| 1068 | .Pa ~/.ssh/authorized_keys | 1071 | .Pa ~/.ssh/authorized_keys |
| 1069 | on all machines | 1072 | on all machines |
diff --git a/ssh-keygen.c b/ssh-keygen.c index c4ce18d94..e869989d7 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssh-keygen.c,v 1.368 2019/11/18 16:10:05 naddy Exp $ */ | 1 | /* $OpenBSD: ssh-keygen.c,v 1.369 2019/11/18 23:16:49 naddy Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
| 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -2735,7 +2735,7 @@ usage(void) | |||
| 2735 | { | 2735 | { |
| 2736 | fprintf(stderr, | 2736 | fprintf(stderr, |
| 2737 | "usage: ssh-keygen [-q] [-b bits] [-C comment] [-f output_keyfile] [-m format]\n" | 2737 | "usage: ssh-keygen [-q] [-b bits] [-C comment] [-f output_keyfile] [-m format]\n" |
| 2738 | " [-t dsa | ecdsa | ecdsa-sk | ed25519 | rsa]\n" | 2738 | " [-t dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa]\n" |
| 2739 | " [-N new_passphrase] [-w provider] [-x flags]\n" | 2739 | " [-N new_passphrase] [-w provider] [-x flags]\n" |
| 2740 | " ssh-keygen -p [-f keyfile] [-m format] [-N new_passphrase]\n" | 2740 | " ssh-keygen -p [-f keyfile] [-m format] [-N new_passphrase]\n" |
| 2741 | " [-P old_passphrase]\n" | 2741 | " [-P old_passphrase]\n" |
| @@ -33,8 +33,8 @@ | |||
| 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 35 | .\" | 35 | .\" |
| 36 | .\" $OpenBSD: ssh.1,v 1.405 2019/11/14 21:27:30 djm Exp $ | 36 | .\" $OpenBSD: ssh.1,v 1.406 2019/11/18 23:16:49 naddy Exp $ |
| 37 | .Dd $Mdocdate: November 14 2019 $ | 37 | .Dd $Mdocdate: November 18 2019 $ |
| 38 | .Dt SSH 1 | 38 | .Dt SSH 1 |
| 39 | .Os | 39 | .Os |
| 40 | .Sh NAME | 40 | .Sh NAME |
| @@ -280,7 +280,8 @@ The default is | |||
| 280 | .Pa ~/.ssh/id_dsa , | 280 | .Pa ~/.ssh/id_dsa , |
| 281 | .Pa ~/.ssh/id_ecdsa , | 281 | .Pa ~/.ssh/id_ecdsa , |
| 282 | .Pa ~/.ssh/id_ecdsa_sk , | 282 | .Pa ~/.ssh/id_ecdsa_sk , |
| 283 | .Pa ~/.ssh/id_ed25519 | 283 | .Pa ~/.ssh/id_ed25519 , |
| 284 | .Pa ~/.ssh/id_ed25519_sk | ||
| 284 | and | 285 | and |
| 285 | .Pa ~/.ssh/id_rsa . | 286 | .Pa ~/.ssh/id_rsa . |
| 286 | Identity files may also be specified on | 287 | Identity files may also be specified on |
| @@ -901,6 +902,8 @@ This stores the private key in | |||
| 901 | (security key-hosted ECDSA), | 902 | (security key-hosted ECDSA), |
| 902 | .Pa ~/.ssh/id_ed25519 | 903 | .Pa ~/.ssh/id_ed25519 |
| 903 | (Ed25519), | 904 | (Ed25519), |
| 905 | .Pa ~/.ssh/id_ed25519_sk | ||
| 906 | (security key-hosted Ed25519), | ||
| 904 | or | 907 | or |
| 905 | .Pa ~/.ssh/id_rsa | 908 | .Pa ~/.ssh/id_rsa |
| 906 | (RSA) | 909 | (RSA) |
| @@ -913,6 +916,8 @@ and stores the public key in | |||
| 913 | (security key-hosted ECDSA), | 916 | (security key-hosted ECDSA), |
| 914 | .Pa ~/.ssh/id_ed25519.pub | 917 | .Pa ~/.ssh/id_ed25519.pub |
| 915 | (Ed25519), | 918 | (Ed25519), |
| 919 | .Pa ~/.ssh/id_ed25519_sk.pub | ||
| 920 | (security key-hosted Ed25519), | ||
| 916 | or | 921 | or |
| 917 | .Pa ~/.ssh/id_rsa.pub | 922 | .Pa ~/.ssh/id_rsa.pub |
| 918 | (RSA) | 923 | (RSA) |
| @@ -1491,6 +1496,7 @@ above. | |||
| 1491 | .It Pa ~/.ssh/id_ecdsa | 1496 | .It Pa ~/.ssh/id_ecdsa |
| 1492 | .It Pa ~/.ssh/id_ecdsa_sk | 1497 | .It Pa ~/.ssh/id_ecdsa_sk |
| 1493 | .It Pa ~/.ssh/id_ed25519 | 1498 | .It Pa ~/.ssh/id_ed25519 |
| 1499 | .It Pa ~/.ssh/id_ed25519_sk | ||
| 1494 | .It Pa ~/.ssh/id_rsa | 1500 | .It Pa ~/.ssh/id_rsa |
| 1495 | Contains the private key for authentication. | 1501 | Contains the private key for authentication. |
| 1496 | These files | 1502 | These files |
| @@ -1506,6 +1512,7 @@ sensitive part of this file using AES-128. | |||
| 1506 | .It Pa ~/.ssh/id_ecdsa.pub | 1512 | .It Pa ~/.ssh/id_ecdsa.pub |
| 1507 | .It Pa ~/.ssh/id_ecdsa_sk.pub | 1513 | .It Pa ~/.ssh/id_ecdsa_sk.pub |
| 1508 | .It Pa ~/.ssh/id_ed25519.pub | 1514 | .It Pa ~/.ssh/id_ed25519.pub |
| 1515 | .It Pa ~/.ssh/id_ed25519_sk.pub | ||
| 1509 | .It Pa ~/.ssh/id_rsa.pub | 1516 | .It Pa ~/.ssh/id_rsa.pub |
| 1510 | Contains the public key for authentication. | 1517 | Contains the public key for authentication. |
| 1511 | These files are not | 1518 | These files are not |
diff --git a/ssh_config.5 b/ssh_config.5 index 1f3c3413f..1c0663d81 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
| @@ -33,7 +33,7 @@ | |||
| 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 35 | .\" | 35 | .\" |
| 36 | .\" $OpenBSD: ssh_config.5,v 1.307 2019/11/18 04:55:02 djm Exp $ | 36 | .\" $OpenBSD: ssh_config.5,v 1.308 2019/11/18 23:16:49 naddy Exp $ |
| 37 | .Dd $Mdocdate: November 18 2019 $ | 37 | .Dd $Mdocdate: November 18 2019 $ |
| 38 | .Dt SSH_CONFIG 5 | 38 | .Dt SSH_CONFIG 5 |
| 39 | .Os | 39 | .Os |
| @@ -931,8 +931,8 @@ The default is | |||
| 931 | .Pa ~/.ssh/id_dsa , | 931 | .Pa ~/.ssh/id_dsa , |
| 932 | .Pa ~/.ssh/id_ecdsa , | 932 | .Pa ~/.ssh/id_ecdsa , |
| 933 | .Pa ~/.ssh/id_ecdsa_sk , | 933 | .Pa ~/.ssh/id_ecdsa_sk , |
| 934 | .Pa ~/.ssh/id_ed25519_sk , | 934 | .Pa ~/.ssh/id_ed25519 , |
| 935 | .Pa ~/.ssh/id_ed25519 | 935 | .Pa ~/.ssh/id_ed25519_sk |
| 936 | and | 936 | and |
| 937 | .Pa ~/.ssh/id_rsa . | 937 | .Pa ~/.ssh/id_rsa . |
| 938 | Additionally, any identities represented by the authentication agent | 938 | Additionally, any identities represented by the authentication agent |