From 2b6f799e9b230cf13a7eefc05ecead7d8569d6b5 Mon Sep 17 00:00:00 2001 From: "jmc@openbsd.org" Date: Wed, 3 May 2017 06:32:02 +0000 Subject: upstream commit more protocol 1 stuff to go; ok djm Upstream-ID: 307a30441d2edda480fd1661d998d36665671e47 --- ssh-keygen.1 | 37 +++++-------------------------------- 1 file changed, 5 insertions(+), 32 deletions(-) (limited to 'ssh-keygen.1') diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 624995617..d8ae3fada 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.139 2017/05/02 17:04:09 jmc Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.140 2017/05/03 06:32:02 jmc Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -35,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: May 2 2017 $ +.Dd $Mdocdate: May 3 2017 $ .Dt SSH-KEYGEN 1 .Os .Sh NAME @@ -141,11 +141,7 @@ generates, manages and converts authentication keys for .Xr ssh 1 . .Nm -can create keys for use by SSH protocol versions 1 and 2. -Protocol 1 should not be used -and is only offered to support legacy devices. -It suffers from a number of cryptographic weaknesses -and doesn't support many of the advanced features available for protocol 2. +can create keys for use by SSH protocol version 2. .Pp The type of key to be generated is specified with the .Fl t @@ -172,7 +168,6 @@ section for details. Normally each user wishing to use SSH with public key authentication runs this once to create the authentication key in -.Pa ~/.ssh/identity , .Pa ~/.ssh/id_dsa , .Pa ~/.ssh/id_ecdsa , .Pa ~/.ssh/id_ed25519 @@ -231,16 +226,14 @@ This is used by .Pa /etc/rc to generate new host keys. .It Fl a Ar rounds -When saving a new-format private key (i.e. an ed25519 key or any SSH protocol -2 key when the +When saving a new-format private key (i.e. an ed25519 key or when the .Fl o flag is set), this option specifies the number of KDF (key derivation function) rounds used. Higher numbers result in slower passphrase verification and increased resistance to brute-force password cracking (should the keys be stolen). .Pp -When screening DH-GEX candidates ( -using the +When screening DH-GEX candidates (using the .Fl T command). This option specifies the number of primality tests to perform. @@ -819,26 +812,6 @@ will exit with a non-zero exit status. A zero exit status will only be returned if no key was revoked. .Sh FILES .Bl -tag -width Ds -compact -.It Pa ~/.ssh/identity -Contains the protocol version 1 RSA authentication identity of the user. -This file should not be readable by anyone but the user. -It is possible to -specify a passphrase when generating the key; that passphrase will be -used to encrypt the private part of this file using 3DES. -This file is not automatically accessed by -.Nm -but it is offered as the default file for the private key. -.Xr ssh 1 -will read this file when a login attempt is made. -.Pp -.It Pa ~/.ssh/identity.pub -Contains the protocol version 1 RSA public key for authentication. -The contents of this file should be added to -.Pa ~/.ssh/authorized_keys -on all machines -where the user wishes to log in using RSA authentication. -There is no need to keep the contents of this file secret. -.Pp .It Pa ~/.ssh/id_dsa .It Pa ~/.ssh/id_ecdsa .It Pa ~/.ssh/id_ed25519 -- cgit v1.2.3