1 files changed, 13 insertions, 4 deletions
diff --git a/ssh-keysign.0 b/ssh-keysign.0
index d6a59c068..b5ad6627a 100644
--- a/ssh-keysign.0
+++ b/ssh-keysign.0
@@ -9,11 +9,20 @@ SYNOPSIS
 DESCRIPTION
     ssh-keysign is used by ssh(1) to access the local host keys and generate
     the digital signature required during hostbased authentication with SSH
-     protocol version 2.  ssh-keysign is not intended to be invoked by the
+     protocol version 2.
-     user, but from ssh(1).  See ssh(1) and sshd(8) for more information about
-     hostbased authentication.
+     ssh-keysign is disabled by default and can only be enabled in the the
+     global client configuration file /etc/ssh/ssh_config by setting
+     HostbasedAuthentication to ``yes''.
+     ssh-keysign is not intended to be invoked by the user, but from ssh(1).
+     See ssh(1) and sshd(8) for more information about hostbased authenticaM--
+     tion.
 FILES
+     /etc/ssh/ssh_config
+             Controls whether ssh-keysign is enabled.
     /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key
             These files contain the private parts of the host keys used to
             generate the digital signature.  They should be owned by root,
@@ -22,7 +31,7 @@ FILES
             hostbased authentication is used.
 SEE ALSO
-     ssh(1), ssh-keygen(1), sshd(8)
+     ssh(1), ssh-keygen(1), ssh_config(5), sshd(8)
 AUTHORS
     Markus Friedl <markus@openbsd.org>

diff --git a/ssh-keysign.0 b/ssh-keysign.0 index d6a59c068..b5ad6627a 100644 --- a/ssh-keysign.0 +++ b/ssh-keysign.0
@@ -9,11 +9,20 @@ SYNOPSIS
9	DESCRIPTION	9	DESCRIPTION
10	ssh-keysign is used by ssh(1) to access the local host keys and generate	10	ssh-keysign is used by ssh(1) to access the local host keys and generate
11	the digital signature required during hostbased authentication with SSH	11	the digital signature required during hostbased authentication with SSH
12	protocol version 2. ssh-keysign is not intended to be invoked by the	12	protocol version 2.
13	user, but from ssh(1). See ssh(1) and sshd(8) for more information about	13
14	hostbased authentication.	14	ssh-keysign is disabled by default and can only be enabled in the the
		15	global client configuration file /etc/ssh/ssh_config by setting
		16	HostbasedAuthentication to ``yes''.
		17
		18	ssh-keysign is not intended to be invoked by the user, but from ssh(1).
		19	See ssh(1) and sshd(8) for more information about hostbased authenticaM--
		20	tion.
15		21
16	FILES	22	FILES
		23	/etc/ssh/ssh_config
		24	Controls whether ssh-keysign is enabled.
		25
17	/etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key	26	/etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key
18	These files contain the private parts of the host keys used to	27	These files contain the private parts of the host keys used to
19	generate the digital signature. They should be owned by root,	28	generate the digital signature. They should be owned by root,
@@ -22,7 +31,7 @@ FILES
22	hostbased authentication is used.	31	hostbased authentication is used.
23		32
24	SEE ALSO	33	SEE ALSO
25	ssh(1), ssh-keygen(1), sshd(8)	34	ssh(1), ssh-keygen(1), ssh_config(5), sshd(8)
26		35
27	AUTHORS	36	AUTHORS
28	Markus Friedl <markus@openbsd.org>	37	Markus Friedl <markus@openbsd.org>