From 15f5b560b1542fa087d7462be416616104ab0be8 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 3 Mar 2010 10:25:21 +1100 Subject: - jmc@cvs.openbsd.org 2010/02/26 22:09:28 [ssh-keygen.1 ssh.1 sshd.8] tweak previous; --- ChangeLog | 4 ++++ ssh-keygen.1 | 21 ++++++++++++--------- ssh.1 | 3 +-- sshd.8 | 20 ++++++++++---------- 4 files changed, 27 insertions(+), 21 deletions(-) diff --git a/ChangeLog b/ChangeLog index c8b36eb15..aad1cd29b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,9 @@ 20100303 - (djm) [PROTOCOL.certkeys] Add RCS Ident + - OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2010/02/26 22:09:28 + [ssh-keygen.1 ssh.1 sshd.8] + tweak previous; 20100302 - (tim) [config.guess config.sub] Bug 1722: Update to latest versions from diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 772caf7ad..d704f0660 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.84 2010/02/26 20:29:54 djm Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.85 2010/02/26 22:09:28 jmc Exp $ .\" .\" -*- nroff -*- .\" @@ -107,6 +107,7 @@ .Op Fl a Ar num_trials .Op Fl W Ar generator .Nm ssh-keygen +.Bk -words .Fl s Ar ca_key .Fl I Ar certificate_identity .Op Fl h @@ -114,6 +115,7 @@ .Op Fl O Ar constraint .Op Fl V Ar validity_interval .Ar +.Ek .Sh DESCRIPTION .Nm generates, manages and converts authentication keys for @@ -259,7 +261,7 @@ certificate. Please see the .Sx CERTIFICATES section for details. -.It Fl I +.It Fl I Ar certificate_identity Specify the key identity when signing a public key. Please see the .Sx CERTIFICATES @@ -303,21 +305,21 @@ section for details. The constraints that are valid for user certificates are: .Bl -tag -width Ds .It Ic no-x11-forwarding -Disable X11 forwarding. (permitted by default) +Disable X11 forwarding (permitted by default). .It Ic no-agent-forwarding Disable .Xr ssh-agent 1 -forwarding. (permitted by default) +forwarding (permitted by default). .It Ic no-port-forwarding -Disable port forwarding. (permitted by default) +Disable port forwarding (permitted by default). .It Ic no-pty -Disable PTY allocation. (permitted by default) +Disable PTY allocation (permitted by default). .It Ic no-user-rc Disable execution of .Pa ~/.ssh/rc by -.Xr sshd 8 . -(permitted by default) +.Xr sshd 8 +(permitted by default). .It Ic clear Clear all enabled permissions. This is useful for clearing the default set of permissions so permissions may @@ -504,7 +506,8 @@ the X.509 certificates used in .Nm supports two types of certificates: user and host. User certificates authenticate users to servers, whereas host certificates -authenticate server hosts to users. To generate a user certificate: +authenticate server hosts to users. +To generate a user certificate: .Pp .Dl $ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub .Pp diff --git a/ssh.1 b/ssh.1 index 7d8f92aba..183dc277f 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.295 2010/02/26 20:29:54 djm Exp $ +.\" $OpenBSD: ssh.1,v 1.296 2010/02/26 22:09:28 jmc Exp $ .Dd $Mdocdate: February 26 2010 $ .Dt SSH 1 .Os @@ -1121,7 +1121,6 @@ See the section of .Xr ssh-keygen 1 for more details. -.Pp .Sh SSH-BASED VIRTUAL PRIVATE NETWORKS .Nm contains support for Virtual Private Network (VPN) tunnelling diff --git a/sshd.8 b/sshd.8 index fcd5195db..88a86f958 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.251 2010/02/26 20:29:54 djm Exp $ +.\" $OpenBSD: sshd.8,v 1.252 2010/02/26 22:09:28 jmc Exp $ .Dd $Mdocdate: February 26 2010 $ .Dt SSHD 8 .Os @@ -102,15 +102,6 @@ to use IPv6 addresses only. .It Fl b Ar bits Specifies the number of bits in the ephemeral protocol version 1 server key (default 1024). -.It Fl c Ar host_certificate_file -Specifies a path to a certificate file to identify -.Nm -during key exchange. -The certificate file must match a host key file specified using the -.Fl -h -option or the -.Cm HostKey -configuration directive. .It Fl C Ar connection_spec Specify the connection parameters to use for the .Fl T @@ -129,6 +120,15 @@ and All are required and may be supplied in any order, either with multiple .Fl C options or as a comma-separated list. +.It Fl c Ar host_certificate_file +Specifies a path to a certificate file to identify +.Nm +during key exchange. +The certificate file must match a host key file specified using the +.Fl h +option or the +.Cm HostKey +configuration directive. .It Fl D When this option is specified, .Nm -- cgit v1.2.3