1 files changed, 15 insertions, 3 deletions
diff --git a/ssh.1 b/ssh.1
index fd713e3b4..c1a408348 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.300 2010/03/05 06:50:34 jmc Exp $
+.\" $OpenBSD: ssh.1,v 1.301 2010/03/05 08:31:20 jmc Exp $
 .Dd $Mdocdate: March 5 2010 $
 .Dt SSH 1
 .Os
@@ -798,8 +798,20 @@ file, and has one key
 per line, though the lines can be very long.
 After this, the user can log in without giving the password.
 .Pp
-The most convenient way to use public key authentication may be with an
+A variation on public key authentication
-authentication agent.
+is available in the form of certificate authentication:
+instead of a set of public/private keys,
+signed certificates are used.
+This has the advantage that a single trusted certification authority
+can be used in place of many public/private keys.
+See the
+.Sx CERTIFICATES
+section of
+.Xr ssh-keygen 1
+for more information.
+.Pp
+The most convenient way to use public key or certificate authentication
+may be with an authentication agent.
 See
 .Xr ssh-agent 1
 for more information.

diff --git a/ssh.1 b/ssh.1 index fd713e3b4..c1a408348 100644 --- a/ssh.1 +++ b/ssh.1
@@ -34,7 +34,7 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: ssh.1,v 1.300 2010/03/05 06:50:34 jmc Exp $	37	.\" $OpenBSD: ssh.1,v 1.301 2010/03/05 08:31:20 jmc Exp $
38	.Dd $Mdocdate: March 5 2010 $	38	.Dd $Mdocdate: March 5 2010 $
39	.Dt SSH 1	39	.Dt SSH 1
40	.Os	40	.Os
@@ -798,8 +798,20 @@ file, and has one key
798	per line, though the lines can be very long.	798	per line, though the lines can be very long.
799	After this, the user can log in without giving the password.	799	After this, the user can log in without giving the password.
800	.Pp	800	.Pp
801	The most convenient way to use public key authentication may be with an	801	A variation on public key authentication
802	authentication agent.	802	is available in the form of certificate authentication:
		803	instead of a set of public/private keys,
		804	signed certificates are used.
		805	This has the advantage that a single trusted certification authority
		806	can be used in place of many public/private keys.
		807	See the
		808	.Sx CERTIFICATES
		809	section of
		810	.Xr ssh-keygen 1
		811	for more information.
		812	.Pp
		813	The most convenient way to use public key or certificate authentication
		814	may be with an authentication agent.
803	See	815	See
804	.Xr ssh-agent 1	816	.Xr ssh-agent 1
805	for more information.	817	for more information.