4 files changed, 13 insertions, 47 deletions
diff --git a/sftp.1 b/sftp.1
index fc5e00503..5dce807f6 100644
--- a/sftp.1
+++ b/sftp.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: sftp.1,v 1.108 2017/05/02 14:06:37 jmc Exp $
+.\" $OpenBSD: sftp.1,v 1.109 2017/05/03 06:32:02 jmc Exp $
 .\"
 .\" Copyright (c) 2001 Damien Miller.  All rights reserved.
 .\"
@@ -22,7 +22,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: May 2 2017 $
+.Dd $Mdocdate: May 3 2017 $
 .Dt SFTP 1
 .Os
 .Sh NAME
@@ -273,9 +273,7 @@ options.
 .It Fl s Ar subsystem | sftp_server
 Specifies the SSH2 subsystem or the path for an sftp server
 on the remote host.
-A path is useful for using
+A path is useful when the remote
-.Nm
-over protocol version 1, or when the remote
 .Xr sshd 8
 does not have an sftp subsystem configured.
 .It Fl v
diff --git a/ssh-add.1 b/ssh-add.1
index f02b595d5..38631f858 100644
--- a/ssh-add.1
+++ b/ssh-add.1
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: ssh-add.1,v 1.62 2015/03/30 18:28:37 jmc Exp $
+.\"     $OpenBSD: ssh-add.1,v 1.63 2017/05/03 06:32:02 jmc Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 30 2015 $
+.Dd $Mdocdate: May 3 2017 $
 .Dt SSH-ADD 1
 .Os
 .Sh NAME
@@ -59,9 +59,8 @@ When run without arguments, it adds the files
 .Pa ~/.ssh/id_rsa ,
 .Pa ~/.ssh/id_dsa ,
 .Pa ~/.ssh/id_ecdsa ,
-.Pa ~/.ssh/id_ed25519
 and
-.Pa ~/.ssh/identity .
+.Pa ~/.ssh/id_ed25519 .
 After loading a private key,
 .Nm
 will try to load corresponding certificate information from the
@@ -174,8 +173,6 @@ socket used to communicate with the agent.
 .El
 .Sh FILES
 .Bl -tag -width Ds
-.It Pa ~/.ssh/identity
-Contains the protocol version 1 RSA authentication identity of the user.
 .It Pa ~/.ssh/id_dsa
 Contains the protocol version 2 DSA authentication identity of the user.
 .It Pa ~/.ssh/id_ecdsa
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 624995617..d8ae3fada 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: ssh-keygen.1,v 1.139 2017/05/02 17:04:09 jmc Exp $
+.\"     $OpenBSD: ssh-keygen.1,v 1.140 2017/05/03 06:32:02 jmc Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: May 2 2017 $
+.Dd $Mdocdate: May 3 2017 $
 .Dt SSH-KEYGEN 1
 .Os
 .Sh NAME
@@ -141,11 +141,7 @@
 generates, manages and converts authentication keys for
 .Xr ssh 1 .
 .Nm
-can create keys for use by SSH protocol versions 1 and 2.
+can create keys for use by SSH protocol version 2.
-Protocol 1 should not be used
-and is only offered to support legacy devices.
-It suffers from a number of cryptographic weaknesses
-and doesn't support many of the advanced features available for protocol 2.
 .Pp
 The type of key to be generated is specified with the
 .Fl t
@@ -172,7 +168,6 @@ section for details.
 Normally each user wishing to use SSH
 with public key authentication runs this once to create the authentication
 key in
-.Pa ~/.ssh/identity ,
 .Pa ~/.ssh/id_dsa ,
 .Pa ~/.ssh/id_ecdsa ,
 .Pa ~/.ssh/id_ed25519
@@ -231,16 +226,14 @@ This is used by
 .Pa /etc/rc
 to generate new host keys.
 .It Fl a Ar rounds
-When saving a new-format private key (i.e. an ed25519 key or any SSH protocol
+When saving a new-format private key (i.e. an ed25519 key or when the
-2 key when the
 .Fl o
 flag is set), this option specifies the number of KDF (key derivation function)
 rounds used.
 Higher numbers result in slower passphrase verification and increased
 resistance to brute-force password cracking (should the keys be stolen).
 .Pp
-When screening DH-GEX candidates (
+When screening DH-GEX candidates (using the
-using the
 .Fl T
 command).
 This option specifies the number of primality tests to perform.
@@ -819,26 +812,6 @@ will exit with a non-zero exit status.
 A zero exit status will only be returned if no key was revoked.
 .Sh FILES
 .Bl -tag -width Ds -compact
-.It Pa ~/.ssh/identity
-Contains the protocol version 1 RSA authentication identity of the user.
-This file should not be readable by anyone but the user.
-It is possible to
-specify a passphrase when generating the key; that passphrase will be
-used to encrypt the private part of this file using 3DES.
-This file is not automatically accessed by
-.Nm
-but it is offered as the default file for the private key.
-.Xr ssh 1
-will read this file when a login attempt is made.
-.Pp
-.It Pa ~/.ssh/identity.pub
-Contains the protocol version 1 RSA public key for authentication.
-The contents of this file should be added to
-.Pa ~/.ssh/authorized_keys
-on all machines
-where the user wishes to log in using RSA authentication.
-There is no need to keep the contents of this file secret.
-.Pp
 .It Pa ~/.ssh/id_dsa
 .It Pa ~/.ssh/id_ecdsa
 .It Pa ~/.ssh/id_ed25519
diff --git a/ssh.1 b/ssh.1
index 7ef599028..b9a85aff9 100644
--- a/ssh.1
+++ b/ssh.1
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.378 2017/05/02 13:44:51 jmc Exp $
+.\" $OpenBSD: ssh.1,v 1.379 2017/05/03 06:32:02 jmc Exp $
-.Dd $Mdocdate: May 2 2017 $
+.Dd $Mdocdate: May 3 2017 $
 .Dt SSH 1
 .Os
 .Sh NAME
@@ -1441,7 +1441,6 @@ Contains additional definitions for environment variables; see
 .Sx ENVIRONMENT ,
 above.
 .Pp
-.It Pa ~/.ssh/identity
 .It Pa ~/.ssh/id_dsa
 .It Pa ~/.ssh/id_ecdsa
 .It Pa ~/.ssh/id_ed25519
@@ -1456,7 +1455,6 @@ It is possible to specify a passphrase when
 generating the key which will be used to encrypt the
 sensitive part of this file using 3DES.
 .Pp
-.It Pa ~/.ssh/identity.pub
 .It Pa ~/.ssh/id_dsa.pub
 .It Pa ~/.ssh/id_ecdsa.pub
 .It Pa ~/.ssh/id_ed25519.pub

diff --git a/sftp.1 b/sftp.1 index fc5e00503..5dce807f6 100644 --- a/sftp.1 +++ b/sftp.1
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: sftp.1,v 1.108 2017/05/02 14:06:37 jmc Exp $	1	.\" $OpenBSD: sftp.1,v 1.109 2017/05/03 06:32:02 jmc Exp $
2	.\"	2	.\"
3	.\" Copyright (c) 2001 Damien Miller. All rights reserved.	3	.\" Copyright (c) 2001 Damien Miller. All rights reserved.
4	.\"	4	.\"
@@ -22,7 +22,7 @@
22	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	22	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	23	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24	.\"	24	.\"
25	.Dd $Mdocdate: May 2 2017 $	25	.Dd $Mdocdate: May 3 2017 $
26	.Dt SFTP 1	26	.Dt SFTP 1
27	.Os	27	.Os
28	.Sh NAME	28	.Sh NAME
@@ -273,9 +273,7 @@ options.
273	.It Fl s Ar subsystem \| sftp_server	273	.It Fl s Ar subsystem \| sftp_server
274	Specifies the SSH2 subsystem or the path for an sftp server	274	Specifies the SSH2 subsystem or the path for an sftp server
275	on the remote host.	275	on the remote host.
276	A path is useful for using	276	A path is useful when the remote
277	.Nm
278	over protocol version 1, or when the remote
279	.Xr sshd 8	277	.Xr sshd 8
280	does not have an sftp subsystem configured.	278	does not have an sftp subsystem configured.
281	.It Fl v	279	.It Fl v


diff --git a/ssh-add.1 b/ssh-add.1 index f02b595d5..38631f858 100644 --- a/ssh-add.1 +++ b/ssh-add.1
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: ssh-add.1,v 1.62 2015/03/30 18:28:37 jmc Exp $	1	.\" $OpenBSD: ssh-add.1,v 1.63 2017/05/03 06:32:02 jmc Exp $
2	.\"	2	.\"
3	.\" Author: Tatu Ylonen <ylo@cs.hut.fi>	3	.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4	.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
35	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	35	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
36	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	36	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
37	.\"	37	.\"
38	.Dd $Mdocdate: March 30 2015 $	38	.Dd $Mdocdate: May 3 2017 $
39	.Dt SSH-ADD 1	39	.Dt SSH-ADD 1
40	.Os	40	.Os
41	.Sh NAME	41	.Sh NAME
@@ -59,9 +59,8 @@ When run without arguments, it adds the files
59	.Pa ~/.ssh/id_rsa ,	59	.Pa ~/.ssh/id_rsa ,
60	.Pa ~/.ssh/id_dsa ,	60	.Pa ~/.ssh/id_dsa ,
61	.Pa ~/.ssh/id_ecdsa ,	61	.Pa ~/.ssh/id_ecdsa ,
62	.Pa ~/.ssh/id_ed25519
63	and	62	and
64	.Pa ~/.ssh/identity .	63	.Pa ~/.ssh/id_ed25519 .
65	After loading a private key,	64	After loading a private key,
66	.Nm	65	.Nm
67	will try to load corresponding certificate information from the	66	will try to load corresponding certificate information from the
@@ -174,8 +173,6 @@ socket used to communicate with the agent.
174	.El	173	.El
175	.Sh FILES	174	.Sh FILES
176	.Bl -tag -width Ds	175	.Bl -tag -width Ds
177	.It Pa ~/.ssh/identity
178	Contains the protocol version 1 RSA authentication identity of the user.
179	.It Pa ~/.ssh/id_dsa	176	.It Pa ~/.ssh/id_dsa
180	Contains the protocol version 2 DSA authentication identity of the user.	177	Contains the protocol version 2 DSA authentication identity of the user.
181	.It Pa ~/.ssh/id_ecdsa	178	.It Pa ~/.ssh/id_ecdsa


diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 624995617..d8ae3fada 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: ssh-keygen.1,v 1.139 2017/05/02 17:04:09 jmc Exp $	1	.\" $OpenBSD: ssh-keygen.1,v 1.140 2017/05/03 06:32:02 jmc Exp $
2	.\"	2	.\"
3	.\" Author: Tatu Ylonen <ylo@cs.hut.fi>	3	.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4	.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
35	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	35	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
36	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	36	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
37	.\"	37	.\"
38	.Dd $Mdocdate: May 2 2017 $	38	.Dd $Mdocdate: May 3 2017 $
39	.Dt SSH-KEYGEN 1	39	.Dt SSH-KEYGEN 1
40	.Os	40	.Os
41	.Sh NAME	41	.Sh NAME
@@ -141,11 +141,7 @@
141	generates, manages and converts authentication keys for	141	generates, manages and converts authentication keys for
142	.Xr ssh 1 .	142	.Xr ssh 1 .
143	.Nm	143	.Nm
144	can create keys for use by SSH protocol versions 1 and 2.	144	can create keys for use by SSH protocol version 2.
145	Protocol 1 should not be used
146	and is only offered to support legacy devices.
147	It suffers from a number of cryptographic weaknesses
148	and doesn't support many of the advanced features available for protocol 2.
149	.Pp	145	.Pp
150	The type of key to be generated is specified with the	146	The type of key to be generated is specified with the
151	.Fl t	147	.Fl t
@@ -172,7 +168,6 @@ section for details.
172	Normally each user wishing to use SSH	168	Normally each user wishing to use SSH
173	with public key authentication runs this once to create the authentication	169	with public key authentication runs this once to create the authentication
174	key in	170	key in
175	.Pa ~/.ssh/identity ,
176	.Pa ~/.ssh/id_dsa ,	171	.Pa ~/.ssh/id_dsa ,
177	.Pa ~/.ssh/id_ecdsa ,	172	.Pa ~/.ssh/id_ecdsa ,
178	.Pa ~/.ssh/id_ed25519	173	.Pa ~/.ssh/id_ed25519
@@ -231,16 +226,14 @@ This is used by
231	.Pa /etc/rc	226	.Pa /etc/rc
232	to generate new host keys.	227	to generate new host keys.
233	.It Fl a Ar rounds	228	.It Fl a Ar rounds
234	When saving a new-format private key (i.e. an ed25519 key or any SSH protocol	229	When saving a new-format private key (i.e. an ed25519 key or when the
235	2 key when the
236	.Fl o	230	.Fl o
237	flag is set), this option specifies the number of KDF (key derivation function)	231	flag is set), this option specifies the number of KDF (key derivation function)
238	rounds used.	232	rounds used.
239	Higher numbers result in slower passphrase verification and increased	233	Higher numbers result in slower passphrase verification and increased
240	resistance to brute-force password cracking (should the keys be stolen).	234	resistance to brute-force password cracking (should the keys be stolen).
241	.Pp	235	.Pp
242	When screening DH-GEX candidates (	236	When screening DH-GEX candidates (using the
243	using the
244	.Fl T	237	.Fl T
245	command).	238	command).
246	This option specifies the number of primality tests to perform.	239	This option specifies the number of primality tests to perform.
@@ -819,26 +812,6 @@ will exit with a non-zero exit status.
819	A zero exit status will only be returned if no key was revoked.	812	A zero exit status will only be returned if no key was revoked.
820	.Sh FILES	813	.Sh FILES
821	.Bl -tag -width Ds -compact	814	.Bl -tag -width Ds -compact
822	.It Pa ~/.ssh/identity
823	Contains the protocol version 1 RSA authentication identity of the user.
824	This file should not be readable by anyone but the user.
825	It is possible to
826	specify a passphrase when generating the key; that passphrase will be
827	used to encrypt the private part of this file using 3DES.
828	This file is not automatically accessed by
829	.Nm
830	but it is offered as the default file for the private key.
831	.Xr ssh 1
832	will read this file when a login attempt is made.
833	.Pp
834	.It Pa ~/.ssh/identity.pub
835	Contains the protocol version 1 RSA public key for authentication.
836	The contents of this file should be added to
837	.Pa ~/.ssh/authorized_keys
838	on all machines
839	where the user wishes to log in using RSA authentication.
840	There is no need to keep the contents of this file secret.
841	.Pp
842	.It Pa ~/.ssh/id_dsa	815	.It Pa ~/.ssh/id_dsa
843	.It Pa ~/.ssh/id_ecdsa	816	.It Pa ~/.ssh/id_ecdsa
844	.It Pa ~/.ssh/id_ed25519	817	.It Pa ~/.ssh/id_ed25519


diff --git a/ssh.1 b/ssh.1 index 7ef599028..b9a85aff9 100644 --- a/ssh.1 +++ b/ssh.1
@@ -33,8 +33,8 @@
33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35	.\"	35	.\"
36	.\" $OpenBSD: ssh.1,v 1.378 2017/05/02 13:44:51 jmc Exp $	36	.\" $OpenBSD: ssh.1,v 1.379 2017/05/03 06:32:02 jmc Exp $
37	.Dd $Mdocdate: May 2 2017 $	37	.Dd $Mdocdate: May 3 2017 $
38	.Dt SSH 1	38	.Dt SSH 1
39	.Os	39	.Os
40	.Sh NAME	40	.Sh NAME
@@ -1441,7 +1441,6 @@ Contains additional definitions for environment variables; see
1441	.Sx ENVIRONMENT ,	1441	.Sx ENVIRONMENT ,
1442	above.	1442	above.
1443	.Pp	1443	.Pp
1444	.It Pa ~/.ssh/identity
1445	.It Pa ~/.ssh/id_dsa	1444	.It Pa ~/.ssh/id_dsa
1446	.It Pa ~/.ssh/id_ecdsa	1445	.It Pa ~/.ssh/id_ecdsa
1447	.It Pa ~/.ssh/id_ed25519	1446	.It Pa ~/.ssh/id_ed25519
@@ -1456,7 +1455,6 @@ It is possible to specify a passphrase when
1456	generating the key which will be used to encrypt the	1455	generating the key which will be used to encrypt the
1457	sensitive part of this file using 3DES.	1456	sensitive part of this file using 3DES.
1458	.Pp	1457	.Pp
1459	.It Pa ~/.ssh/identity.pub
1460	.It Pa ~/.ssh/id_dsa.pub	1458	.It Pa ~/.ssh/id_dsa.pub
1461	.It Pa ~/.ssh/id_ecdsa.pub	1459	.It Pa ~/.ssh/id_ecdsa.pub
1462	.It Pa ~/.ssh/id_ed25519.pub	1460	.It Pa ~/.ssh/id_ed25519.pub