From e87eb4ce3ce4711b94a72d729352c240047f17c1 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sat, 14 Jan 2006 10:08:36 +1100 Subject: - (djm) OpenBSD CVS Sync - jmc@cvs.openbsd.org 2006/01/06 13:27:32 [ssh.1] weed out some duplicate info in the known_hosts FILES entries; ok djm --- ChangeLog | 9 ++++++++- ssh.1 | 30 ++++++++---------------------- 2 files changed, 16 insertions(+), 23 deletions(-) diff --git a/ChangeLog b/ChangeLog index 612612b4a..462328c18 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +20060114 + - (djm) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2006/01/06 13:27:32 + [ssh.1] + weed out some duplicate info in the known_hosts FILES entries; + ok djm + 20060109 - (dtucker) [contrib/cygwin/ssh-host-config] Make sshd service depend on tcpip service so it's always started after IP is up. Patch from @@ -3674,4 +3681,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4083 2006/01/09 13:02:44 dtucker Exp $ +$Id: ChangeLog,v 1.4084 2006/01/13 23:08:36 djm Exp $ diff --git a/ssh.1 b/ssh.1 index 789e94733..cfe1655e6 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.243 2006/01/04 19:50:09 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.244 2006/01/06 13:27:32 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -1120,11 +1120,11 @@ never used automatically and are not necessary: they are only provided for the convenience of the user. .Pp .It ~/.ssh/known_hosts -Records host keys for all hosts the user has logged into that are not -in -.Pa /etc/ssh/ssh_known_hosts . +Contains a list of host keys for all hosts the user has logged into +that are not already in the systemwide list of known host keys. See -.Xr sshd 8 . +.Xr sshd 8 +for further details of the format of this file. .Pp .It ~/.ssh/rc Commands in this file are executed by @@ -1181,24 +1181,10 @@ Systemwide list of known host keys. This file should be prepared by the system administrator to contain the public host keys of all machines in the organization. -This file should be world-readable. -This file contains -public keys, one per line, in the following format (fields separated -by spaces): system name, public key and optional comment field. -When different names are used -for the same machine, all such names should be listed, separated by -commas. -The format is described in the -.Xr sshd 8 -manual page. -.Pp -The canonical system name (as returned by name servers) is used by +It should be world-readable. +See .Xr sshd 8 -to verify the client host when logging in; other names are needed because -.Nm -does not convert the user-supplied name to a canonical name before -checking the key, because someone with access to the name servers -would then be able to fool host authentication. +for further details of the format of this file. .Pp .It /etc/ssh/sshrc Commands in this file are executed by -- cgit v1.2.3