1 files changed, 1 insertions, 34 deletions
diff --git a/ssh.1 b/ssh.1
index 8c53d4b07..b201d87de 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.298 2010/03/04 12:51:25 jmc Exp $
+.\" $OpenBSD: ssh.1,v 1.299 2010/03/04 23:19:29 djm Exp $
 .Dd $Mdocdate: March 4 2010 $
 .Dt SSH 1
 .Os
@@ -1104,39 +1104,6 @@ option in
 .Xr ssh_config 5
 for more information.
 .Pp
-Host keys may also be presented as certificates signed by a trusted
-certification authority (CA).
-In this case, trust of the CA key alone is sufficient for the host key
-to be accepted.
-To specify a public key as a trusted CA key in a known hosts file,
-it should be added after a
-.Dq @cert-authority
-tag and a set of one or more domain-name wildcards separated by commas.
-For example:
-.Pp
-.Dl @cert-authority *.mydomain.org,*.mydomain.com ssh-rsa AAAAB5W...
-.Pp
-See the
-.Sx CERTIFICATES
-section of
-.Xr ssh-keygen 1
-for more details.
-.Pp
-Keys may also be marked as revoked using the
-.Dq @revoked
-marker.
-Revoked keys will always trigger a warning when encountered and the host
-that presented them will be treated as untrusted.
-For example:
-.Pp
-.Dl @revoked * ssh-rsa AAAAB5W...
-.Pp
-Revoking a key revokes it for direct use and as a certification authority.
-Do not use both the
-.Dq @cert-authority
-and
-.Dq @revoked
-markers on the same line.
 .Sh SSH-BASED VIRTUAL PRIVATE NETWORKS
 .Nm
 contains support for Virtual Private Network (VPN) tunnelling

diff --git a/ssh.1 b/ssh.1 index 8c53d4b07..b201d87de 100644 --- a/ssh.1 +++ b/ssh.1
@@ -34,7 +34,7 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: ssh.1,v 1.298 2010/03/04 12:51:25 jmc Exp $	37	.\" $OpenBSD: ssh.1,v 1.299 2010/03/04 23:19:29 djm Exp $
38	.Dd $Mdocdate: March 4 2010 $	38	.Dd $Mdocdate: March 4 2010 $
39	.Dt SSH 1	39	.Dt SSH 1
40	.Os	40	.Os
@@ -1104,39 +1104,6 @@ option in
1104	.Xr ssh_config 5	1104	.Xr ssh_config 5
1105	for more information.	1105	for more information.
1106	.Pp	1106	.Pp
1107	Host keys may also be presented as certificates signed by a trusted
1108	certification authority (CA).
1109	In this case, trust of the CA key alone is sufficient for the host key
1110	to be accepted.
1111	To specify a public key as a trusted CA key in a known hosts file,
1112	it should be added after a
1113	.Dq @cert-authority
1114	tag and a set of one or more domain-name wildcards separated by commas.
1115	For example:
1116	.Pp
1117	.Dl @cert-authority .mydomain.org,.mydomain.com ssh-rsa AAAAB5W...
1118	.Pp
1119	See the
1120	.Sx CERTIFICATES
1121	section of
1122	.Xr ssh-keygen 1
1123	for more details.
1124	.Pp
1125	Keys may also be marked as revoked using the
1126	.Dq @revoked
1127	marker.
1128	Revoked keys will always trigger a warning when encountered and the host
1129	that presented them will be treated as untrusted.
1130	For example:
1131	.Pp
1132	.Dl @revoked * ssh-rsa AAAAB5W...
1133	.Pp
1134	Revoking a key revokes it for direct use and as a certification authority.
1135	Do not use both the
1136	.Dq @cert-authority
1137	and
1138	.Dq @revoked
1139	markers on the same line.
1140	.Sh SSH-BASED VIRTUAL PRIVATE NETWORKS	1107	.Sh SSH-BASED VIRTUAL PRIVATE NETWORKS
1141	.Nm	1108	.Nm
1142	contains support for Virtual Private Network (VPN) tunnelling	1109	contains support for Virtual Private Network (VPN) tunnelling