1 files changed, 11 insertions, 7 deletions
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index ed17a08fa..37a4fc2b2 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: ssh-keygen.1,v 1.127 2015/08/20 19:20:06 naddy Exp $
+.\"     $OpenBSD: ssh-keygen.1,v 1.130 2016/02/17 07:38:19 jmc Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: August 20 2015 $
+.Dd $Mdocdate: February 17 2016 $
 .Dt SSH-KEYGEN 1
 .Os
 .Sh NAME
@@ -141,8 +141,12 @@
 generates, manages and converts authentication keys for
 .Xr ssh 1 .
 .Nm
-can create RSA keys for use by SSH protocol version 1 and
+can create keys for use by SSH protocol versions 1 and 2.
-DSA, ECDSA, Ed25519 or RSA keys for use by SSH protocol version 2.
+Protocol 1 should not be used
+and is only offered to support legacy devices.
+It suffers from a number of cryptographic weaknesses
+and doesn't support many of the advanced features available for protocol 2.
+.Pp
 The type of key to be generated is specified with the
 .Fl t
 option.
@@ -376,7 +380,7 @@ using the format described in the
 .Sx KEY REVOCATION LISTS
 section.
 .It Fl L
-Prints the contents of a certificate.
+Prints the contents of one or more certificates.
 .It Fl l
 Show fingerprint of specified public key file.
 Private RSA1 keys are also supported.
@@ -474,7 +478,7 @@ At present, no options are valid for host keys.
 .It Fl o
 Causes
 .Nm
-to save SSH protocol 2 private keys using the new OpenSSH format rather than
+to save private keys using the new OpenSSH format rather than
 the more compatible PEM format.
 The new format has increased resistance to brute-force password cracking
 but is not supported by versions of OpenSSH prior to 6.5.
@@ -781,7 +785,7 @@ It is also possible, given a KRL, to test whether it revokes a particular key
 (or keys).
 The
 .Fl Q
-flag will query an existing KRL, testing each key specified on the commandline.
+flag will query an existing KRL, testing each key specified on the command line.
 If any key listed on the command line has been revoked (or an error encountered)
 then
 .Nm

diff --git a/ssh-keygen.1 b/ssh-keygen.1 index ed17a08fa..37a4fc2b2 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: ssh-keygen.1,v 1.127 2015/08/20 19:20:06 naddy Exp $	1	.\" $OpenBSD: ssh-keygen.1,v 1.130 2016/02/17 07:38:19 jmc Exp $
2	.\"	2	.\"
3	.\" Author: Tatu Ylonen <ylo@cs.hut.fi>	3	.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4	.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
35	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	35	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
36	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	36	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
37	.\"	37	.\"
38	.Dd $Mdocdate: August 20 2015 $	38	.Dd $Mdocdate: February 17 2016 $
39	.Dt SSH-KEYGEN 1	39	.Dt SSH-KEYGEN 1
40	.Os	40	.Os
41	.Sh NAME	41	.Sh NAME
@@ -141,8 +141,12 @@
141	generates, manages and converts authentication keys for	141	generates, manages and converts authentication keys for
142	.Xr ssh 1 .	142	.Xr ssh 1 .
143	.Nm	143	.Nm
144	can create RSA keys for use by SSH protocol version 1 and	144	can create keys for use by SSH protocol versions 1 and 2.
145	DSA, ECDSA, Ed25519 or RSA keys for use by SSH protocol version 2.	145	Protocol 1 should not be used
		146	and is only offered to support legacy devices.
		147	It suffers from a number of cryptographic weaknesses
		148	and doesn't support many of the advanced features available for protocol 2.
		149	.Pp
146	The type of key to be generated is specified with the	150	The type of key to be generated is specified with the
147	.Fl t	151	.Fl t
148	option.	152	option.
@@ -376,7 +380,7 @@ using the format described in the
376	.Sx KEY REVOCATION LISTS	380	.Sx KEY REVOCATION LISTS
377	section.	381	section.
378	.It Fl L	382	.It Fl L
379	Prints the contents of a certificate.	383	Prints the contents of one or more certificates.
380	.It Fl l	384	.It Fl l
381	Show fingerprint of specified public key file.	385	Show fingerprint of specified public key file.
382	Private RSA1 keys are also supported.	386	Private RSA1 keys are also supported.
@@ -474,7 +478,7 @@ At present, no options are valid for host keys.
474	.It Fl o	478	.It Fl o
475	Causes	479	Causes
476	.Nm	480	.Nm
477	to save SSH protocol 2 private keys using the new OpenSSH format rather than	481	to save private keys using the new OpenSSH format rather than
478	the more compatible PEM format.	482	the more compatible PEM format.
479	The new format has increased resistance to brute-force password cracking	483	The new format has increased resistance to brute-force password cracking
480	but is not supported by versions of OpenSSH prior to 6.5.	484	but is not supported by versions of OpenSSH prior to 6.5.
@@ -781,7 +785,7 @@ It is also possible, given a KRL, to test whether it revokes a particular key
781	(or keys).	785	(or keys).
782	The	786	The
783	.Fl Q	787	.Fl Q
784	flag will query an existing KRL, testing each key specified on the commandline.	788	flag will query an existing KRL, testing each key specified on the command line.
785	If any key listed on the command line has been revoked (or an error encountered)	789	If any key listed on the command line has been revoked (or an error encountered)
786	then	790	then
787	.Nm	791	.Nm