1 files changed, 21 insertions, 2 deletions
diff --git a/ssh.1 b/ssh.1
index 6964cd09c..7d8f92aba 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,8 +34,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.294 2010/02/11 13:23:29 jmc Exp $
+.\" $OpenBSD: ssh.1,v 1.295 2010/02/26 20:29:54 djm Exp $
-.Dd $Mdocdate: February 11 2010 $
+.Dd $Mdocdate: February 26 2010 $
 .Dt SSH 1
 .Os
 .Sh NAME
@@ -1103,6 +1103,25 @@ See the
 option in
 .Xr ssh_config 5
 for more information.
+.Pp
+Host keys may also be presented as certificates signed by a trusted
+certification authority (CA).
+In this case, trust of the CA key alone is sufficient for the host key
+to be accepted.
+To specify a public key as a trusted CA key in a known hosts file,
+it should be added after a
+.Dq @cert-authority
+tag and a set of one or more domain-name wildcards separated by commas.
+For example:
+.Pp
+.Dl @cert-authority *.mydomain.org,*.mydomain.com ssh-rsa AAAAB5W...
+.Pp
+See the
+.Sx CERTIFICATES
+section of
+.Xr ssh-keygen 1
+for more details.
+.Pp
 .Sh SSH-BASED VIRTUAL PRIVATE NETWORKS
 .Nm
 contains support for Virtual Private Network (VPN) tunnelling

diff --git a/ssh.1 b/ssh.1 index 6964cd09c..7d8f92aba 100644 --- a/ssh.1 +++ b/ssh.1
@@ -34,8 +34,8 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: ssh.1,v 1.294 2010/02/11 13:23:29 jmc Exp $	37	.\" $OpenBSD: ssh.1,v 1.295 2010/02/26 20:29:54 djm Exp $
38	.Dd $Mdocdate: February 11 2010 $	38	.Dd $Mdocdate: February 26 2010 $
39	.Dt SSH 1	39	.Dt SSH 1
40	.Os	40	.Os
41	.Sh NAME	41	.Sh NAME
@@ -1103,6 +1103,25 @@ See the
1103	option in	1103	option in
1104	.Xr ssh_config 5	1104	.Xr ssh_config 5
1105	for more information.	1105	for more information.
		1106	.Pp
		1107	Host keys may also be presented as certificates signed by a trusted
		1108	certification authority (CA).
		1109	In this case, trust of the CA key alone is sufficient for the host key
		1110	to be accepted.
		1111	To specify a public key as a trusted CA key in a known hosts file,
		1112	it should be added after a
		1113	.Dq @cert-authority
		1114	tag and a set of one or more domain-name wildcards separated by commas.
		1115	For example:
		1116	.Pp
		1117	.Dl @cert-authority .mydomain.org,.mydomain.com ssh-rsa AAAAB5W...
		1118	.Pp
		1119	See the
		1120	.Sx CERTIFICATES
		1121	section of
		1122	.Xr ssh-keygen 1
		1123	for more details.
		1124	.Pp
1106	.Sh SSH-BASED VIRTUAL PRIVATE NETWORKS	1125	.Sh SSH-BASED VIRTUAL PRIVATE NETWORKS
1107	.Nm	1126	.Nm
1108	contains support for Virtual Private Network (VPN) tunnelling	1127	contains support for Virtual Private Network (VPN) tunnelling