1 files changed, 11 insertions, 7 deletions
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index c560179c8..24bed5f61 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: ssh-keygen.1,v 1.127 2015/08/20 19:20:06 naddy Exp $
+.\"     $OpenBSD: ssh-keygen.1,v 1.130 2016/02/17 07:38:19 jmc Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: August 20 2015 $
+.Dd $Mdocdate: February 17 2016 $
 .Dt SSH-KEYGEN 1
 .Os
 .Sh NAME
@@ -141,8 +141,12 @@
 generates, manages and converts authentication keys for
 .Xr ssh 1 .
 .Nm
-can create RSA keys for use by SSH protocol version 1 and
+can create keys for use by SSH protocol versions 1 and 2.
-DSA, ECDSA, Ed25519 or RSA keys for use by SSH protocol version 2.
+Protocol 1 should not be used
+and is only offered to support legacy devices.
+It suffers from a number of cryptographic weaknesses
+and doesn't support many of the advanced features available for protocol 2.
+.Pp
 The type of key to be generated is specified with the
 .Fl t
 option.
@@ -372,7 +376,7 @@ using the format described in the
 .Sx KEY REVOCATION LISTS
 section.
 .It Fl L
-Prints the contents of a certificate.
+Prints the contents of one or more certificates.
 .It Fl l
 Show fingerprint of specified public key file.
 Private RSA1 keys are also supported.
@@ -470,7 +474,7 @@ At present, no options are valid for host keys.
 .It Fl o
 Causes
 .Nm
-to save SSH protocol 2 private keys using the new OpenSSH format rather than
+to save private keys using the new OpenSSH format rather than
 the more compatible PEM format.
 The new format has increased resistance to brute-force password cracking
 but is not supported by versions of OpenSSH prior to 6.5.
@@ -777,7 +781,7 @@ It is also possible, given a KRL, to test whether it revokes a particular key
 (or keys).
 The
 .Fl Q
-flag will query an existing KRL, testing each key specified on the commandline.
+flag will query an existing KRL, testing each key specified on the command line.
 If any key listed on the command line has been revoked (or an error encountered)
 then
 .Nm

diff --git a/ssh-keygen.1 b/ssh-keygen.1 index c560179c8..24bed5f61 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: ssh-keygen.1,v 1.127 2015/08/20 19:20:06 naddy Exp $	1	.\" $OpenBSD: ssh-keygen.1,v 1.130 2016/02/17 07:38:19 jmc Exp $
2	.\"	2	.\"
3	.\" Author: Tatu Ylonen <ylo@cs.hut.fi>	3	.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
4	.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland	4	.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
35	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	35	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
36	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	36	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
37	.\"	37	.\"
38	.Dd $Mdocdate: August 20 2015 $	38	.Dd $Mdocdate: February 17 2016 $
39	.Dt SSH-KEYGEN 1	39	.Dt SSH-KEYGEN 1
40	.Os	40	.Os
41	.Sh NAME	41	.Sh NAME
@@ -141,8 +141,12 @@
141	generates, manages and converts authentication keys for	141	generates, manages and converts authentication keys for
142	.Xr ssh 1 .	142	.Xr ssh 1 .
143	.Nm	143	.Nm
144	can create RSA keys for use by SSH protocol version 1 and	144	can create keys for use by SSH protocol versions 1 and 2.
145	DSA, ECDSA, Ed25519 or RSA keys for use by SSH protocol version 2.	145	Protocol 1 should not be used
		146	and is only offered to support legacy devices.
		147	It suffers from a number of cryptographic weaknesses
		148	and doesn't support many of the advanced features available for protocol 2.
		149	.Pp
146	The type of key to be generated is specified with the	150	The type of key to be generated is specified with the
147	.Fl t	151	.Fl t
148	option.	152	option.
@@ -372,7 +376,7 @@ using the format described in the
372	.Sx KEY REVOCATION LISTS	376	.Sx KEY REVOCATION LISTS
373	section.	377	section.
374	.It Fl L	378	.It Fl L
375	Prints the contents of a certificate.	379	Prints the contents of one or more certificates.
376	.It Fl l	380	.It Fl l
377	Show fingerprint of specified public key file.	381	Show fingerprint of specified public key file.
378	Private RSA1 keys are also supported.	382	Private RSA1 keys are also supported.
@@ -470,7 +474,7 @@ At present, no options are valid for host keys.
470	.It Fl o	474	.It Fl o
471	Causes	475	Causes
472	.Nm	476	.Nm
473	to save SSH protocol 2 private keys using the new OpenSSH format rather than	477	to save private keys using the new OpenSSH format rather than
474	the more compatible PEM format.	478	the more compatible PEM format.
475	The new format has increased resistance to brute-force password cracking	479	The new format has increased resistance to brute-force password cracking
476	but is not supported by versions of OpenSSH prior to 6.5.	480	but is not supported by versions of OpenSSH prior to 6.5.
@@ -777,7 +781,7 @@ It is also possible, given a KRL, to test whether it revokes a particular key
777	(or keys).	781	(or keys).
778	The	782	The
779	.Fl Q	783	.Fl Q
780	flag will query an existing KRL, testing each key specified on the commandline.	784	flag will query an existing KRL, testing each key specified on the command line.
781	If any key listed on the command line has been revoked (or an error encountered)	785	If any key listed on the command line has been revoked (or an error encountered)
782	then	786	then
783	.Nm	787	.Nm