1 files changed, 19 insertions, 29 deletions
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 9acd8f8c9..205f741b8 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,6 +1,4 @@
-.\"     $OpenBSD: ssh-keygen.1,v 1.98 2010/08/04 06:07:11 djm Exp $
+.\"     $OpenBSD: ssh-keygen.1,v 1.101 2010/10/28 18:33:28 jmc Exp $
-.\"
-.\"  -*- nroff -*-
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -37,7 +35,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: August 4 2010 $
+.Dd $Mdocdate: October 28 2010 $
 .Dt SSH-KEYGEN 1
 .Os
 .Sh NAME
@@ -125,7 +123,7 @@
 generates, manages and converts authentication keys for
 .Xr ssh 1 .
 .Nm
-can create RSA keys for use by SSH protocol version 1 and RSA or DSA
+can create RSA keys for use by SSH protocol version 1 and DSA, ECDSA or RSA
 keys for use by SSH protocol version 2.
 The type of key to be generated is specified with the
 .Fl t
@@ -142,9 +140,10 @@ See the
 section for details.
 .Pp
 Normally each user wishing to use SSH
-with RSA or DSA authentication runs this once to create the authentication
+with public key authentication runs this once to create the authentication
 key in
 .Pa ~/.ssh/identity ,
+.Pa ~/.ssh/id_ecdsa ,
 .Pa ~/.ssh/id_dsa
 or
 .Pa ~/.ssh/id_rsa .
@@ -426,9 +425,10 @@ Specifies the type of key to create.
 The possible values are
 .Dq rsa1
 for protocol version 1 and
-.Dq rsa
+.Dq dsa ,
+.Dq ecdsa
 or
-.Dq dsa
+.Dq rsa
 for protocol version 2.
 .It Fl V Ar validity_interval
 Specify a validity interval when signing a certificate.
@@ -605,18 +605,19 @@ or
 .Xr ssh 1 .
 Please refer to those manual pages for details.
 .Sh FILES
-.Bl -tag -width Ds
+.Bl -tag -width Ds -compact
 .It Pa ~/.ssh/identity
 Contains the protocol version 1 RSA authentication identity of the user.
 This file should not be readable by anyone but the user.
 It is possible to
 specify a passphrase when generating the key; that passphrase will be
-used to encrypt the private part of this file using 128-bit AES.
+used to encrypt the private part of this file using 3DES.
 This file is not automatically accessed by
 .Nm
 but it is offered as the default file for the private key.
 .Xr ssh 1
 will read this file when a login attempt is made.
+.Pp
 .It Pa ~/.ssh/identity.pub
 Contains the protocol version 1 RSA public key for authentication.
 The contents of this file should be added to
@@ -624,26 +625,11 @@ The contents of this file should be added to
 on all machines
 where the user wishes to log in using RSA authentication.
 There is no need to keep the contents of this file secret.
+.Pp
 .It Pa ~/.ssh/id_dsa
-Contains the protocol version 2 DSA authentication identity of the user.
+.It Pa ~/.ssh/id_ecdsa
-This file should not be readable by anyone but the user.
-It is possible to
-specify a passphrase when generating the key; that passphrase will be
-used to encrypt the private part of this file using 128-bit AES.
-This file is not automatically accessed by
-.Nm
-but it is offered as the default file for the private key.
-.Xr ssh 1
-will read this file when a login attempt is made.
-.It Pa ~/.ssh/id_dsa.pub
-Contains the protocol version 2 DSA public key for authentication.
-The contents of this file should be added to
-.Pa ~/.ssh/authorized_keys
-on all machines
-where the user wishes to log in using public key authentication.
-There is no need to keep the contents of this file secret.
 .It Pa ~/.ssh/id_rsa
-Contains the protocol version 2 RSA authentication identity of the user.
+Contains the protocol version 2 DSA, ECDSA or RSA authentication identity of the user.
 This file should not be readable by anyone but the user.
 It is possible to
 specify a passphrase when generating the key; that passphrase will be
@@ -653,13 +639,17 @@ This file is not automatically accessed by
 but it is offered as the default file for the private key.
 .Xr ssh 1
 will read this file when a login attempt is made.
+.Pp
+.It Pa ~/.ssh/id_dsa.pub
+.It Pa ~/.ssh/id_ecdsa.pub
 .It Pa ~/.ssh/id_rsa.pub
-Contains the protocol version 2 RSA public key for authentication.
+Contains the protocol version 2 DSA, ECDSA or RSA public key for authentication.
 The contents of this file should be added to
 .Pa ~/.ssh/authorized_keys
 on all machines
 where the user wishes to log in using public key authentication.
 There is no need to keep the contents of this file secret.
+.Pp
 .It Pa /etc/moduli
 Contains Diffie-Hellman groups used for DH-GEX.
 The file format is described in

diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 9acd8f8c9..205f741b8 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1
@@ -1,6 +1,4 @@
1	.\" $OpenBSD: ssh-keygen.1,v 1.98 2010/08/04 06:07:11 djm Exp $	1	.\" $OpenBSD: ssh-keygen.1,v 1.101 2010/10/28 18:33:28 jmc Exp $
2	.\"
3	.\" -- nroff --
4	.\"	2	.\"
5	.\" Author: Tatu Ylonen <ylo@cs.hut.fi>	3	.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
6	.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -37,7 +35,7 @@
37	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	35	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
38	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	36	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
39	.\"	37	.\"
40	.Dd $Mdocdate: August 4 2010 $	38	.Dd $Mdocdate: October 28 2010 $
41	.Dt SSH-KEYGEN 1	39	.Dt SSH-KEYGEN 1
42	.Os	40	.Os
43	.Sh NAME	41	.Sh NAME
@@ -125,7 +123,7 @@
125	generates, manages and converts authentication keys for	123	generates, manages and converts authentication keys for
126	.Xr ssh 1 .	124	.Xr ssh 1 .
127	.Nm	125	.Nm
128	can create RSA keys for use by SSH protocol version 1 and RSA or DSA	126	can create RSA keys for use by SSH protocol version 1 and DSA, ECDSA or RSA
129	keys for use by SSH protocol version 2.	127	keys for use by SSH protocol version 2.
130	The type of key to be generated is specified with the	128	The type of key to be generated is specified with the
131	.Fl t	129	.Fl t
@@ -142,9 +140,10 @@ See the
142	section for details.	140	section for details.
143	.Pp	141	.Pp
144	Normally each user wishing to use SSH	142	Normally each user wishing to use SSH
145	with RSA or DSA authentication runs this once to create the authentication	143	with public key authentication runs this once to create the authentication
146	key in	144	key in
147	.Pa ~/.ssh/identity ,	145	.Pa ~/.ssh/identity ,
		146	.Pa ~/.ssh/id_ecdsa ,
148	.Pa ~/.ssh/id_dsa	147	.Pa ~/.ssh/id_dsa
149	or	148	or
150	.Pa ~/.ssh/id_rsa .	149	.Pa ~/.ssh/id_rsa .
@@ -426,9 +425,10 @@ Specifies the type of key to create.
426	The possible values are	425	The possible values are
427	.Dq rsa1	426	.Dq rsa1
428	for protocol version 1 and	427	for protocol version 1 and
429	.Dq rsa	428	.Dq dsa ,
		429	.Dq ecdsa
430	or	430	or
431	.Dq dsa	431	.Dq rsa
432	for protocol version 2.	432	for protocol version 2.
433	.It Fl V Ar validity_interval	433	.It Fl V Ar validity_interval
434	Specify a validity interval when signing a certificate.	434	Specify a validity interval when signing a certificate.
@@ -605,18 +605,19 @@ or
605	.Xr ssh 1 .	605	.Xr ssh 1 .
606	Please refer to those manual pages for details.	606	Please refer to those manual pages for details.
607	.Sh FILES	607	.Sh FILES
608	.Bl -tag -width Ds	608	.Bl -tag -width Ds -compact
609	.It Pa ~/.ssh/identity	609	.It Pa ~/.ssh/identity
610	Contains the protocol version 1 RSA authentication identity of the user.	610	Contains the protocol version 1 RSA authentication identity of the user.
611	This file should not be readable by anyone but the user.	611	This file should not be readable by anyone but the user.
612	It is possible to	612	It is possible to
613	specify a passphrase when generating the key; that passphrase will be	613	specify a passphrase when generating the key; that passphrase will be
614	used to encrypt the private part of this file using 128-bit AES.	614	used to encrypt the private part of this file using 3DES.
615	This file is not automatically accessed by	615	This file is not automatically accessed by
616	.Nm	616	.Nm
617	but it is offered as the default file for the private key.	617	but it is offered as the default file for the private key.
618	.Xr ssh 1	618	.Xr ssh 1
619	will read this file when a login attempt is made.	619	will read this file when a login attempt is made.
		620	.Pp
620	.It Pa ~/.ssh/identity.pub	621	.It Pa ~/.ssh/identity.pub
621	Contains the protocol version 1 RSA public key for authentication.	622	Contains the protocol version 1 RSA public key for authentication.
622	The contents of this file should be added to	623	The contents of this file should be added to
@@ -624,26 +625,11 @@ The contents of this file should be added to
624	on all machines	625	on all machines
625	where the user wishes to log in using RSA authentication.	626	where the user wishes to log in using RSA authentication.
626	There is no need to keep the contents of this file secret.	627	There is no need to keep the contents of this file secret.
		628	.Pp
627	.It Pa ~/.ssh/id_dsa	629	.It Pa ~/.ssh/id_dsa
628	Contains the protocol version 2 DSA authentication identity of the user.	630	.It Pa ~/.ssh/id_ecdsa
629	This file should not be readable by anyone but the user.
630	It is possible to
631	specify a passphrase when generating the key; that passphrase will be
632	used to encrypt the private part of this file using 128-bit AES.
633	This file is not automatically accessed by
634	.Nm
635	but it is offered as the default file for the private key.
636	.Xr ssh 1
637	will read this file when a login attempt is made.
638	.It Pa ~/.ssh/id_dsa.pub
639	Contains the protocol version 2 DSA public key for authentication.
640	The contents of this file should be added to
641	.Pa ~/.ssh/authorized_keys
642	on all machines
643	where the user wishes to log in using public key authentication.
644	There is no need to keep the contents of this file secret.
645	.It Pa ~/.ssh/id_rsa	631	.It Pa ~/.ssh/id_rsa
646	Contains the protocol version 2 RSA authentication identity of the user.	632	Contains the protocol version 2 DSA, ECDSA or RSA authentication identity of the user.
647	This file should not be readable by anyone but the user.	633	This file should not be readable by anyone but the user.
648	It is possible to	634	It is possible to
649	specify a passphrase when generating the key; that passphrase will be	635	specify a passphrase when generating the key; that passphrase will be
@@ -653,13 +639,17 @@ This file is not automatically accessed by
653	but it is offered as the default file for the private key.	639	but it is offered as the default file for the private key.
654	.Xr ssh 1	640	.Xr ssh 1
655	will read this file when a login attempt is made.	641	will read this file when a login attempt is made.
		642	.Pp
		643	.It Pa ~/.ssh/id_dsa.pub
		644	.It Pa ~/.ssh/id_ecdsa.pub
656	.It Pa ~/.ssh/id_rsa.pub	645	.It Pa ~/.ssh/id_rsa.pub
657	Contains the protocol version 2 RSA public key for authentication.	646	Contains the protocol version 2 DSA, ECDSA or RSA public key for authentication.
658	The contents of this file should be added to	647	The contents of this file should be added to
659	.Pa ~/.ssh/authorized_keys	648	.Pa ~/.ssh/authorized_keys
660	on all machines	649	on all machines
661	where the user wishes to log in using public key authentication.	650	where the user wishes to log in using public key authentication.
662	There is no need to keep the contents of this file secret.	651	There is no need to keep the contents of this file secret.
		652	.Pp
663	.It Pa /etc/moduli	653	.It Pa /etc/moduli
664	Contains Diffie-Hellman groups used for DH-GEX.	654	Contains Diffie-Hellman groups used for DH-GEX.
665	The file format is described in	655	The file format is described in