1 files changed, 19 insertions, 29 deletions
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 0845b4066..d0c00ebb0 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,6 +1,4 @@
-.\"     $OpenBSD: ssh-keygen.1,v 1.98 2010/08/04 06:07:11 djm Exp $
+.\"     $OpenBSD: ssh-keygen.1,v 1.101 2010/10/28 18:33:28 jmc Exp $
-.\"
-.\"  -*- nroff -*-
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -37,7 +35,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: August 4 2010 $
+.Dd $Mdocdate: October 28 2010 $
 .Dt SSH-KEYGEN 1
 .Os
 .Sh NAME
@@ -125,7 +123,7 @@
 generates, manages and converts authentication keys for
 .Xr ssh 1 .
 .Nm
-can create RSA keys for use by SSH protocol version 1 and RSA or DSA
+can create RSA keys for use by SSH protocol version 1 and DSA, ECDSA or RSA
 keys for use by SSH protocol version 2.
 The type of key to be generated is specified with the
 .Fl t
@@ -142,9 +140,10 @@ See the
 section for details.
 .Pp
 Normally each user wishing to use SSH
-with RSA or DSA authentication runs this once to create the authentication
+with public key authentication runs this once to create the authentication
 key in
 .Pa ~/.ssh/identity ,
+.Pa ~/.ssh/id_ecdsa ,
 .Pa ~/.ssh/id_dsa
 or
 .Pa ~/.ssh/id_rsa .
@@ -422,9 +421,10 @@ Specifies the type of key to create.
 The possible values are
 .Dq rsa1
 for protocol version 1 and
-.Dq rsa
+.Dq dsa ,
+.Dq ecdsa
 or
-.Dq dsa
+.Dq rsa
 for protocol version 2.
 .It Fl V Ar validity_interval
 Specify a validity interval when signing a certificate.
@@ -601,18 +601,19 @@ or
 .Xr ssh 1 .
 Please refer to those manual pages for details.
 .Sh FILES
-.Bl -tag -width Ds
+.Bl -tag -width Ds -compact
 .It Pa ~/.ssh/identity
 Contains the protocol version 1 RSA authentication identity of the user.
 This file should not be readable by anyone but the user.
 It is possible to
 specify a passphrase when generating the key; that passphrase will be
-used to encrypt the private part of this file using 128-bit AES.
+used to encrypt the private part of this file using 3DES.
 This file is not automatically accessed by
 .Nm
 but it is offered as the default file for the private key.
 .Xr ssh 1
 will read this file when a login attempt is made.
+.Pp
 .It Pa ~/.ssh/identity.pub
 Contains the protocol version 1 RSA public key for authentication.
 The contents of this file should be added to
@@ -620,26 +621,11 @@ The contents of this file should be added to
 on all machines
 where the user wishes to log in using RSA authentication.
 There is no need to keep the contents of this file secret.
+.Pp
 .It Pa ~/.ssh/id_dsa
-Contains the protocol version 2 DSA authentication identity of the user.
+.It Pa ~/.ssh/id_ecdsa
-This file should not be readable by anyone but the user.
-It is possible to
-specify a passphrase when generating the key; that passphrase will be
-used to encrypt the private part of this file using 128-bit AES.
-This file is not automatically accessed by
-.Nm
-but it is offered as the default file for the private key.
-.Xr ssh 1
-will read this file when a login attempt is made.
-.It Pa ~/.ssh/id_dsa.pub
-Contains the protocol version 2 DSA public key for authentication.
-The contents of this file should be added to
-.Pa ~/.ssh/authorized_keys
-on all machines
-where the user wishes to log in using public key authentication.
-There is no need to keep the contents of this file secret.
 .It Pa ~/.ssh/id_rsa
-Contains the protocol version 2 RSA authentication identity of the user.
+Contains the protocol version 2 DSA, ECDSA or RSA authentication identity of the user.
 This file should not be readable by anyone but the user.
 It is possible to
 specify a passphrase when generating the key; that passphrase will be
@@ -649,13 +635,17 @@ This file is not automatically accessed by
 but it is offered as the default file for the private key.
 .Xr ssh 1
 will read this file when a login attempt is made.
+.Pp
+.It Pa ~/.ssh/id_dsa.pub
+.It Pa ~/.ssh/id_ecdsa.pub
 .It Pa ~/.ssh/id_rsa.pub
-Contains the protocol version 2 RSA public key for authentication.
+Contains the protocol version 2 DSA, ECDSA or RSA public key for authentication.
 The contents of this file should be added to
 .Pa ~/.ssh/authorized_keys
 on all machines
 where the user wishes to log in using public key authentication.
 There is no need to keep the contents of this file secret.
+.Pp
 .It Pa /etc/moduli
 Contains Diffie-Hellman groups used for DH-GEX.
 The file format is described in

diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 0845b4066..d0c00ebb0 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1
@@ -1,6 +1,4 @@
1	.\" $OpenBSD: ssh-keygen.1,v 1.98 2010/08/04 06:07:11 djm Exp $	1	.\" $OpenBSD: ssh-keygen.1,v 1.101 2010/10/28 18:33:28 jmc Exp $
2	.\"
3	.\" -- nroff --
4	.\"	2	.\"
5	.\" Author: Tatu Ylonen <ylo@cs.hut.fi>	3	.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
6	.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -37,7 +35,7 @@
37	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	35	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
38	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	36	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
39	.\"	37	.\"
40	.Dd $Mdocdate: August 4 2010 $	38	.Dd $Mdocdate: October 28 2010 $
41	.Dt SSH-KEYGEN 1	39	.Dt SSH-KEYGEN 1
42	.Os	40	.Os
43	.Sh NAME	41	.Sh NAME
@@ -125,7 +123,7 @@
125	generates, manages and converts authentication keys for	123	generates, manages and converts authentication keys for
126	.Xr ssh 1 .	124	.Xr ssh 1 .
127	.Nm	125	.Nm
128	can create RSA keys for use by SSH protocol version 1 and RSA or DSA	126	can create RSA keys for use by SSH protocol version 1 and DSA, ECDSA or RSA
129	keys for use by SSH protocol version 2.	127	keys for use by SSH protocol version 2.
130	The type of key to be generated is specified with the	128	The type of key to be generated is specified with the
131	.Fl t	129	.Fl t
@@ -142,9 +140,10 @@ See the
142	section for details.	140	section for details.
143	.Pp	141	.Pp
144	Normally each user wishing to use SSH	142	Normally each user wishing to use SSH
145	with RSA or DSA authentication runs this once to create the authentication	143	with public key authentication runs this once to create the authentication
146	key in	144	key in
147	.Pa ~/.ssh/identity ,	145	.Pa ~/.ssh/identity ,
		146	.Pa ~/.ssh/id_ecdsa ,
148	.Pa ~/.ssh/id_dsa	147	.Pa ~/.ssh/id_dsa
149	or	148	or
150	.Pa ~/.ssh/id_rsa .	149	.Pa ~/.ssh/id_rsa .
@@ -422,9 +421,10 @@ Specifies the type of key to create.
422	The possible values are	421	The possible values are
423	.Dq rsa1	422	.Dq rsa1
424	for protocol version 1 and	423	for protocol version 1 and
425	.Dq rsa	424	.Dq dsa ,
		425	.Dq ecdsa
426	or	426	or
427	.Dq dsa	427	.Dq rsa
428	for protocol version 2.	428	for protocol version 2.
429	.It Fl V Ar validity_interval	429	.It Fl V Ar validity_interval
430	Specify a validity interval when signing a certificate.	430	Specify a validity interval when signing a certificate.
@@ -601,18 +601,19 @@ or
601	.Xr ssh 1 .	601	.Xr ssh 1 .
602	Please refer to those manual pages for details.	602	Please refer to those manual pages for details.
603	.Sh FILES	603	.Sh FILES
604	.Bl -tag -width Ds	604	.Bl -tag -width Ds -compact
605	.It Pa ~/.ssh/identity	605	.It Pa ~/.ssh/identity
606	Contains the protocol version 1 RSA authentication identity of the user.	606	Contains the protocol version 1 RSA authentication identity of the user.
607	This file should not be readable by anyone but the user.	607	This file should not be readable by anyone but the user.
608	It is possible to	608	It is possible to
609	specify a passphrase when generating the key; that passphrase will be	609	specify a passphrase when generating the key; that passphrase will be
610	used to encrypt the private part of this file using 128-bit AES.	610	used to encrypt the private part of this file using 3DES.
611	This file is not automatically accessed by	611	This file is not automatically accessed by
612	.Nm	612	.Nm
613	but it is offered as the default file for the private key.	613	but it is offered as the default file for the private key.
614	.Xr ssh 1	614	.Xr ssh 1
615	will read this file when a login attempt is made.	615	will read this file when a login attempt is made.
		616	.Pp
616	.It Pa ~/.ssh/identity.pub	617	.It Pa ~/.ssh/identity.pub
617	Contains the protocol version 1 RSA public key for authentication.	618	Contains the protocol version 1 RSA public key for authentication.
618	The contents of this file should be added to	619	The contents of this file should be added to
@@ -620,26 +621,11 @@ The contents of this file should be added to
620	on all machines	621	on all machines
621	where the user wishes to log in using RSA authentication.	622	where the user wishes to log in using RSA authentication.
622	There is no need to keep the contents of this file secret.	623	There is no need to keep the contents of this file secret.
		624	.Pp
623	.It Pa ~/.ssh/id_dsa	625	.It Pa ~/.ssh/id_dsa
624	Contains the protocol version 2 DSA authentication identity of the user.	626	.It Pa ~/.ssh/id_ecdsa
625	This file should not be readable by anyone but the user.
626	It is possible to
627	specify a passphrase when generating the key; that passphrase will be
628	used to encrypt the private part of this file using 128-bit AES.
629	This file is not automatically accessed by
630	.Nm
631	but it is offered as the default file for the private key.
632	.Xr ssh 1
633	will read this file when a login attempt is made.
634	.It Pa ~/.ssh/id_dsa.pub
635	Contains the protocol version 2 DSA public key for authentication.
636	The contents of this file should be added to
637	.Pa ~/.ssh/authorized_keys
638	on all machines
639	where the user wishes to log in using public key authentication.
640	There is no need to keep the contents of this file secret.
641	.It Pa ~/.ssh/id_rsa	627	.It Pa ~/.ssh/id_rsa
642	Contains the protocol version 2 RSA authentication identity of the user.	628	Contains the protocol version 2 DSA, ECDSA or RSA authentication identity of the user.
643	This file should not be readable by anyone but the user.	629	This file should not be readable by anyone but the user.
644	It is possible to	630	It is possible to
645	specify a passphrase when generating the key; that passphrase will be	631	specify a passphrase when generating the key; that passphrase will be
@@ -649,13 +635,17 @@ This file is not automatically accessed by
649	but it is offered as the default file for the private key.	635	but it is offered as the default file for the private key.
650	.Xr ssh 1	636	.Xr ssh 1
651	will read this file when a login attempt is made.	637	will read this file when a login attempt is made.
		638	.Pp
		639	.It Pa ~/.ssh/id_dsa.pub
		640	.It Pa ~/.ssh/id_ecdsa.pub
652	.It Pa ~/.ssh/id_rsa.pub	641	.It Pa ~/.ssh/id_rsa.pub
653	Contains the protocol version 2 RSA public key for authentication.	642	Contains the protocol version 2 DSA, ECDSA or RSA public key for authentication.
654	The contents of this file should be added to	643	The contents of this file should be added to
655	.Pa ~/.ssh/authorized_keys	644	.Pa ~/.ssh/authorized_keys
656	on all machines	645	on all machines
657	where the user wishes to log in using public key authentication.	646	where the user wishes to log in using public key authentication.
658	There is no need to keep the contents of this file secret.	647	There is no need to keep the contents of this file secret.
		648	.Pp
659	.It Pa /etc/moduli	649	.It Pa /etc/moduli
660	Contains Diffie-Hellman groups used for DH-GEX.	650	Contains Diffie-Hellman groups used for DH-GEX.
661	The file format is described in	651	The file format is described in