diff options
-rw-r--r-- | ssh-add.1 | 9 | ||||
-rw-r--r-- | ssh-keygen.1 | 17 | ||||
-rw-r--r-- | ssh-keygen.c | 4 | ||||
-rw-r--r-- | ssh.1 | 13 | ||||
-rw-r--r-- | ssh_config.5 | 6 |
5 files changed, 31 insertions, 18 deletions
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: ssh-add.1,v 1.74 2019/11/15 11:16:28 jmc Exp $ | 1 | .\" $OpenBSD: ssh-add.1,v 1.75 2019/11/18 23:16:49 naddy Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -35,7 +35,7 @@ | |||
35 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 35 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
36 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 36 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
37 | .\" | 37 | .\" |
38 | .Dd $Mdocdate: November 15 2019 $ | 38 | .Dd $Mdocdate: November 18 2019 $ |
39 | .Dt SSH-ADD 1 | 39 | .Dt SSH-ADD 1 |
40 | .Os | 40 | .Os |
41 | .Sh NAME | 41 | .Sh NAME |
@@ -64,8 +64,9 @@ When run without arguments, it adds the files | |||
64 | .Pa ~/.ssh/id_dsa , | 64 | .Pa ~/.ssh/id_dsa , |
65 | .Pa ~/.ssh/id_ecdsa , | 65 | .Pa ~/.ssh/id_ecdsa , |
66 | .Pa ~/.ssh/id_ecdsa_sk , | 66 | .Pa ~/.ssh/id_ecdsa_sk , |
67 | .Pa ~/.ssh/id_ed25519 , | ||
67 | and | 68 | and |
68 | .Pa ~/.ssh/id_ed25519 . | 69 | .Pa ~/.ssh/id_ed25519_sk . |
69 | After loading a private key, | 70 | After loading a private key, |
70 | .Nm | 71 | .Nm |
71 | will try to load corresponding certificate information from the | 72 | will try to load corresponding certificate information from the |
@@ -209,6 +210,8 @@ Contains the ECDSA authentication identity of the user. | |||
209 | Contains the security key-hosted ECDSA authentication identity of the user. | 210 | Contains the security key-hosted ECDSA authentication identity of the user. |
210 | .It Pa ~/.ssh/id_ed25519 | 211 | .It Pa ~/.ssh/id_ed25519 |
211 | Contains the Ed25519 authentication identity of the user. | 212 | Contains the Ed25519 authentication identity of the user. |
213 | .It Pa ~/.ssh/id_ed25519_sk | ||
214 | Contains the security key-hosted Ed25519 authentication identity of the user. | ||
212 | .It Pa ~/.ssh/id_rsa | 215 | .It Pa ~/.ssh/id_rsa |
213 | Contains the RSA authentication identity of the user. | 216 | Contains the RSA authentication identity of the user. |
214 | .El | 217 | .El |
diff --git a/ssh-keygen.1 b/ssh-keygen.1 index e4b5e9d69..feaa69efe 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: ssh-keygen.1,v 1.175 2019/11/18 04:50:45 djm Exp $ | 1 | .\" $OpenBSD: ssh-keygen.1,v 1.176 2019/11/18 23:16:49 naddy Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | .\" Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -191,7 +191,8 @@ key in | |||
191 | .Pa ~/.ssh/id_dsa , | 191 | .Pa ~/.ssh/id_dsa , |
192 | .Pa ~/.ssh/id_ecdsa , | 192 | .Pa ~/.ssh/id_ecdsa , |
193 | .Pa ~/.ssh/id_ecdsa_sk , | 193 | .Pa ~/.ssh/id_ecdsa_sk , |
194 | .Pa ~/.ssh/id_ed25519 | 194 | .Pa ~/.ssh/id_ed25519 , |
195 | .Pa ~/.ssh/id_ed25519_sk | ||
195 | or | 196 | or |
196 | .Pa ~/.ssh/id_rsa . | 197 | .Pa ~/.ssh/id_rsa . |
197 | Additionally, the system administrator may use this to generate host keys, | 198 | Additionally, the system administrator may use this to generate host keys, |
@@ -285,7 +286,7 @@ flag determines the key length by selecting from one of three elliptic | |||
285 | curve sizes: 256, 384 or 521 bits. | 286 | curve sizes: 256, 384 or 521 bits. |
286 | Attempting to use bit lengths other than these three values for ECDSA keys | 287 | Attempting to use bit lengths other than these three values for ECDSA keys |
287 | will fail. | 288 | will fail. |
288 | ECDSA-SK and Ed25519 keys have a fixed length and the | 289 | ECDSA-SK, Ed25519 and Ed25519-SK keys have a fixed length and the |
289 | .Fl b | 290 | .Fl b |
290 | flag will be ignored. | 291 | flag will be ignored. |
291 | .It Fl C Ar comment | 292 | .It Fl C Ar comment |
@@ -1044,9 +1045,10 @@ hardware security keys. | |||
1044 | .It Pa ~/.ssh/id_ecdsa | 1045 | .It Pa ~/.ssh/id_ecdsa |
1045 | .It Pa ~/.ssh/id_ecdsa_sk | 1046 | .It Pa ~/.ssh/id_ecdsa_sk |
1046 | .It Pa ~/.ssh/id_ed25519 | 1047 | .It Pa ~/.ssh/id_ed25519 |
1048 | .It Pa ~/.ssh/id_ed25519_sk | ||
1047 | .It Pa ~/.ssh/id_rsa | 1049 | .It Pa ~/.ssh/id_rsa |
1048 | Contains the DSA, ECDSA, security key-hosted ECDSA, Ed25519 or RSA | 1050 | Contains the DSA, ECDSA, security key-hosted ECDSA, Ed25519, |
1049 | authentication identity of the user. | 1051 | security key-hosted Ed25519 or RSA authentication identity of the user. |
1050 | This file should not be readable by anyone but the user. | 1052 | This file should not be readable by anyone but the user. |
1051 | It is possible to | 1053 | It is possible to |
1052 | specify a passphrase when generating the key; that passphrase will be | 1054 | specify a passphrase when generating the key; that passphrase will be |
@@ -1061,9 +1063,10 @@ will read this file when a login attempt is made. | |||
1061 | .It Pa ~/.ssh/id_ecdsa.pub | 1063 | .It Pa ~/.ssh/id_ecdsa.pub |
1062 | .It Pa ~/.ssh/id_ecdsa_sk.pub | 1064 | .It Pa ~/.ssh/id_ecdsa_sk.pub |
1063 | .It Pa ~/.ssh/id_ed25519.pub | 1065 | .It Pa ~/.ssh/id_ed25519.pub |
1066 | .It Pa ~/.ssh/id_ed25519_sk.pub | ||
1064 | .It Pa ~/.ssh/id_rsa.pub | 1067 | .It Pa ~/.ssh/id_rsa.pub |
1065 | Contains the DSA, ECDSA, security key-hosted ECDSA, Ed25519 or RSA | 1068 | Contains the DSA, ECDSA, security key-hosted ECDSA, Ed25519, |
1066 | public key for authentication. | 1069 | security key-hosted Ed25519 or RSA public key for authentication. |
1067 | The contents of this file should be added to | 1070 | The contents of this file should be added to |
1068 | .Pa ~/.ssh/authorized_keys | 1071 | .Pa ~/.ssh/authorized_keys |
1069 | on all machines | 1072 | on all machines |
diff --git a/ssh-keygen.c b/ssh-keygen.c index c4ce18d94..e869989d7 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: ssh-keygen.c,v 1.368 2019/11/18 16:10:05 naddy Exp $ */ | 1 | /* $OpenBSD: ssh-keygen.c,v 1.369 2019/11/18 23:16:49 naddy Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -2735,7 +2735,7 @@ usage(void) | |||
2735 | { | 2735 | { |
2736 | fprintf(stderr, | 2736 | fprintf(stderr, |
2737 | "usage: ssh-keygen [-q] [-b bits] [-C comment] [-f output_keyfile] [-m format]\n" | 2737 | "usage: ssh-keygen [-q] [-b bits] [-C comment] [-f output_keyfile] [-m format]\n" |
2738 | " [-t dsa | ecdsa | ecdsa-sk | ed25519 | rsa]\n" | 2738 | " [-t dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa]\n" |
2739 | " [-N new_passphrase] [-w provider] [-x flags]\n" | 2739 | " [-N new_passphrase] [-w provider] [-x flags]\n" |
2740 | " ssh-keygen -p [-f keyfile] [-m format] [-N new_passphrase]\n" | 2740 | " ssh-keygen -p [-f keyfile] [-m format] [-N new_passphrase]\n" |
2741 | " [-P old_passphrase]\n" | 2741 | " [-P old_passphrase]\n" |
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: ssh.1,v 1.405 2019/11/14 21:27:30 djm Exp $ | 36 | .\" $OpenBSD: ssh.1,v 1.406 2019/11/18 23:16:49 naddy Exp $ |
37 | .Dd $Mdocdate: November 14 2019 $ | 37 | .Dd $Mdocdate: November 18 2019 $ |
38 | .Dt SSH 1 | 38 | .Dt SSH 1 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -280,7 +280,8 @@ The default is | |||
280 | .Pa ~/.ssh/id_dsa , | 280 | .Pa ~/.ssh/id_dsa , |
281 | .Pa ~/.ssh/id_ecdsa , | 281 | .Pa ~/.ssh/id_ecdsa , |
282 | .Pa ~/.ssh/id_ecdsa_sk , | 282 | .Pa ~/.ssh/id_ecdsa_sk , |
283 | .Pa ~/.ssh/id_ed25519 | 283 | .Pa ~/.ssh/id_ed25519 , |
284 | .Pa ~/.ssh/id_ed25519_sk | ||
284 | and | 285 | and |
285 | .Pa ~/.ssh/id_rsa . | 286 | .Pa ~/.ssh/id_rsa . |
286 | Identity files may also be specified on | 287 | Identity files may also be specified on |
@@ -901,6 +902,8 @@ This stores the private key in | |||
901 | (security key-hosted ECDSA), | 902 | (security key-hosted ECDSA), |
902 | .Pa ~/.ssh/id_ed25519 | 903 | .Pa ~/.ssh/id_ed25519 |
903 | (Ed25519), | 904 | (Ed25519), |
905 | .Pa ~/.ssh/id_ed25519_sk | ||
906 | (security key-hosted Ed25519), | ||
904 | or | 907 | or |
905 | .Pa ~/.ssh/id_rsa | 908 | .Pa ~/.ssh/id_rsa |
906 | (RSA) | 909 | (RSA) |
@@ -913,6 +916,8 @@ and stores the public key in | |||
913 | (security key-hosted ECDSA), | 916 | (security key-hosted ECDSA), |
914 | .Pa ~/.ssh/id_ed25519.pub | 917 | .Pa ~/.ssh/id_ed25519.pub |
915 | (Ed25519), | 918 | (Ed25519), |
919 | .Pa ~/.ssh/id_ed25519_sk.pub | ||
920 | (security key-hosted Ed25519), | ||
916 | or | 921 | or |
917 | .Pa ~/.ssh/id_rsa.pub | 922 | .Pa ~/.ssh/id_rsa.pub |
918 | (RSA) | 923 | (RSA) |
@@ -1491,6 +1496,7 @@ above. | |||
1491 | .It Pa ~/.ssh/id_ecdsa | 1496 | .It Pa ~/.ssh/id_ecdsa |
1492 | .It Pa ~/.ssh/id_ecdsa_sk | 1497 | .It Pa ~/.ssh/id_ecdsa_sk |
1493 | .It Pa ~/.ssh/id_ed25519 | 1498 | .It Pa ~/.ssh/id_ed25519 |
1499 | .It Pa ~/.ssh/id_ed25519_sk | ||
1494 | .It Pa ~/.ssh/id_rsa | 1500 | .It Pa ~/.ssh/id_rsa |
1495 | Contains the private key for authentication. | 1501 | Contains the private key for authentication. |
1496 | These files | 1502 | These files |
@@ -1506,6 +1512,7 @@ sensitive part of this file using AES-128. | |||
1506 | .It Pa ~/.ssh/id_ecdsa.pub | 1512 | .It Pa ~/.ssh/id_ecdsa.pub |
1507 | .It Pa ~/.ssh/id_ecdsa_sk.pub | 1513 | .It Pa ~/.ssh/id_ecdsa_sk.pub |
1508 | .It Pa ~/.ssh/id_ed25519.pub | 1514 | .It Pa ~/.ssh/id_ed25519.pub |
1515 | .It Pa ~/.ssh/id_ed25519_sk.pub | ||
1509 | .It Pa ~/.ssh/id_rsa.pub | 1516 | .It Pa ~/.ssh/id_rsa.pub |
1510 | Contains the public key for authentication. | 1517 | Contains the public key for authentication. |
1511 | These files are not | 1518 | These files are not |
diff --git a/ssh_config.5 b/ssh_config.5 index 1f3c3413f..1c0663d81 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
@@ -33,7 +33,7 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: ssh_config.5,v 1.307 2019/11/18 04:55:02 djm Exp $ | 36 | .\" $OpenBSD: ssh_config.5,v 1.308 2019/11/18 23:16:49 naddy Exp $ |
37 | .Dd $Mdocdate: November 18 2019 $ | 37 | .Dd $Mdocdate: November 18 2019 $ |
38 | .Dt SSH_CONFIG 5 | 38 | .Dt SSH_CONFIG 5 |
39 | .Os | 39 | .Os |
@@ -931,8 +931,8 @@ The default is | |||
931 | .Pa ~/.ssh/id_dsa , | 931 | .Pa ~/.ssh/id_dsa , |
932 | .Pa ~/.ssh/id_ecdsa , | 932 | .Pa ~/.ssh/id_ecdsa , |
933 | .Pa ~/.ssh/id_ecdsa_sk , | 933 | .Pa ~/.ssh/id_ecdsa_sk , |
934 | .Pa ~/.ssh/id_ed25519_sk , | 934 | .Pa ~/.ssh/id_ed25519 , |
935 | .Pa ~/.ssh/id_ed25519 | 935 | .Pa ~/.ssh/id_ed25519_sk |
936 | and | 936 | and |
937 | .Pa ~/.ssh/id_rsa . | 937 | .Pa ~/.ssh/id_rsa . |
938 | Additionally, any identities represented by the authentication agent | 938 | Additionally, any identities represented by the authentication agent |