From aa4c640dc362816d63584a16e786d5e314e24390 Mon Sep 17 00:00:00 2001 From: "naddy@openbsd.org" Date: Thu, 7 Nov 2019 08:38:38 +0000 Subject: upstream: Fill in missing man page bits for U2F security key support: Mention the new key types, the ~/.ssh/id_ecdsa_sk file, ssh's SecurityKeyProvider keyword, the SSH_SK_PROVIDER environment variable, and ssh-keygen's new -w and -x options. Copy the ssh-sk-helper man page from ssh-pkcs11-helper with minimal substitutions. ok djm@ OpenBSD-Commit-ID: ef2e8f83d0c0ce11ad9b8c28945747e5ca337ac4 --- ssh.1 | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) (limited to 'ssh.1') diff --git a/ssh.1 b/ssh.1 index 424d6c3e8..e2666fa56 100644 --- a/ssh.1 +++ b/ssh.1 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.403 2019/06/12 11:31:50 jmc Exp $ -.Dd $Mdocdate: June 12 2019 $ +.\" $OpenBSD: ssh.1,v 1.404 2019/11/07 08:38:38 naddy Exp $ +.Dd $Mdocdate: November 7 2019 $ .Dt SSH 1 .Os .Sh NAME @@ -279,6 +279,7 @@ public key authentication is read. The default is .Pa ~/.ssh/id_dsa , .Pa ~/.ssh/id_ecdsa , +.Pa ~/.ssh/id_ecdsa_sk , .Pa ~/.ssh/id_ed25519 and .Pa ~/.ssh/id_rsa . @@ -896,6 +897,8 @@ This stores the private key in (DSA), .Pa ~/.ssh/id_ecdsa (ECDSA), +.Pa ~/.ssh/id_ecdsa_sk +(security key-hosted ECDSA), .Pa ~/.ssh/id_ed25519 (Ed25519), or @@ -906,6 +909,8 @@ and stores the public key in (DSA), .Pa ~/.ssh/id_ecdsa.pub (ECDSA), +.Pa ~/.ssh/id_ecdsa_sk.pub +(security key-hosted ECDSA), .Pa ~/.ssh/id_ed25519.pub (Ed25519), or @@ -1324,6 +1329,12 @@ More permanent VPNs are better provided by tools such as and .Xr isakmpd 8 . .Sh ENVIRONMENT +.Bl -tag -width "SSH_ORIGINAL_COMMAND" +.It Ev SSH_SK_PROVIDER +Specifies the path to a security key provider library used to interact with +hardware security keys. +.Pp +.El .Nm will normally set the following environment variables: .Bl -tag -width "SSH_ORIGINAL_COMMAND" @@ -1484,6 +1495,7 @@ above. .Pp .It Pa ~/.ssh/id_dsa .It Pa ~/.ssh/id_ecdsa +.It Pa ~/.ssh/id_ecdsa_sk .It Pa ~/.ssh/id_ed25519 .It Pa ~/.ssh/id_rsa Contains the private key for authentication. @@ -1498,6 +1510,7 @@ sensitive part of this file using AES-128. .Pp .It Pa ~/.ssh/id_dsa.pub .It Pa ~/.ssh/id_ecdsa.pub +.It Pa ~/.ssh/id_ecdsa_sk.pub .It Pa ~/.ssh/id_ed25519.pub .It Pa ~/.ssh/id_rsa.pub Contains the public key for authentication. -- cgit v1.2.3