upstream: disable the DSA signature algorithm by default; ok
markus@ (yes, I know this expands to "the Digitial Signature Algorithm signature algorithm) OpenBSD-Commit-ID: 961ef594e46dd2dcade8dd5721fa565cee79ffed
This commit is contained in:
parent
5603befe11
commit
00eb95957d
31
configure.ac
31
configure.ac
|
@ -2078,8 +2078,12 @@ AC_ARG_WITH([security-key-builtin],
|
||||||
|
|
||||||
enable_dsa=
|
enable_dsa=
|
||||||
AC_ARG_ENABLE([dsa-keys],
|
AC_ARG_ENABLE([dsa-keys],
|
||||||
[ --disable-dsa-keys disable DSA key support [no]],
|
[ --enable-dsa-keys enable DSA key support [no]],
|
||||||
[ enable_dsa="$enableval" ]
|
[
|
||||||
|
if test "x$enableval" != "xno" ; then
|
||||||
|
enable_dsa=1
|
||||||
|
fi
|
||||||
|
]
|
||||||
)
|
)
|
||||||
|
|
||||||
AC_SEARCH_LIBS([dlopen], [dl])
|
AC_SEARCH_LIBS([dlopen], [dl])
|
||||||
|
@ -3188,8 +3192,9 @@ if test "x$openssl" = "xyes" ; then
|
||||||
AC_MSG_RESULT([no])
|
AC_MSG_RESULT([no])
|
||||||
]
|
]
|
||||||
)
|
)
|
||||||
|
|
||||||
openssl_dsa=no
|
openssl_dsa=no
|
||||||
if test -z "$enable_dsa" || test "x$enable_dsa" = "xyes"; then
|
if test ! -z "$enable_dsa" ; then
|
||||||
AC_CHECK_DECLS([OPENSSL_NO_DSA], [], [
|
AC_CHECK_DECLS([OPENSSL_NO_DSA], [], [
|
||||||
AC_CHECK_DECLS([OPENSSL_IS_BORINGSSL], [],
|
AC_CHECK_DECLS([OPENSSL_IS_BORINGSSL], [],
|
||||||
[ openssl_dsa=yes ],
|
[ openssl_dsa=yes ],
|
||||||
|
@ -3199,22 +3204,12 @@ if test "x$openssl" = "xyes" ; then
|
||||||
[ #include <openssl/opensslconf.h> ]
|
[ #include <openssl/opensslconf.h> ]
|
||||||
)
|
)
|
||||||
AC_MSG_CHECKING([whether to enable DSA key support])
|
AC_MSG_CHECKING([whether to enable DSA key support])
|
||||||
if test -z "$enable_dsa"; then
|
if test "x$openssl_dsa" = "xno"; then
|
||||||
if test "x$openssl_dsa" = "xno"; then
|
AC_MSG_ERROR([DSA requested but not supported by OpenSSL])
|
||||||
AC_MSG_RESULT([not supported by OpenSSL])
|
|
||||||
else
|
|
||||||
AC_MSG_RESULT([yes])
|
|
||||||
AC_DEFINE([WITH_DSA], [1],
|
|
||||||
[DSA keys enabled by default])
|
|
||||||
fi
|
|
||||||
else
|
else
|
||||||
if test "x$openssl_dsa" = "xno"; then
|
AC_MSG_RESULT([yes])
|
||||||
AC_MSG_ERROR([DSA requested but not supported by OpenSSL])
|
AC_DEFINE([WITH_DSA], [1],
|
||||||
else
|
[DSA keys explicitly enabled])
|
||||||
AC_MSG_RESULT([yes])
|
|
||||||
AC_DEFINE([WITH_DSA], [1],
|
|
||||||
[DSA keys explicitly enabled])
|
|
||||||
fi
|
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
12
ssh-add.1
12
ssh-add.1
|
@ -1,4 +1,4 @@
|
||||||
.\" $OpenBSD: ssh-add.1,v 1.86 2023/12/19 06:57:34 jmc Exp $
|
.\" $OpenBSD: ssh-add.1,v 1.87 2024/06/17 08:30:29 djm Exp $
|
||||||
.\"
|
.\"
|
||||||
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
|
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
@ -35,7 +35,7 @@
|
||||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.Dd $Mdocdate: December 19 2023 $
|
.Dd $Mdocdate: June 17 2024 $
|
||||||
.Dt SSH-ADD 1
|
.Dt SSH-ADD 1
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
|
@ -67,10 +67,9 @@ When run without arguments, it adds the files
|
||||||
.Pa ~/.ssh/id_rsa ,
|
.Pa ~/.ssh/id_rsa ,
|
||||||
.Pa ~/.ssh/id_ecdsa ,
|
.Pa ~/.ssh/id_ecdsa ,
|
||||||
.Pa ~/.ssh/id_ecdsa_sk ,
|
.Pa ~/.ssh/id_ecdsa_sk ,
|
||||||
.Pa ~/.ssh/id_ed25519 ,
|
.Pa ~/.ssh/id_ed25519
|
||||||
.Pa ~/.ssh/id_ed25519_sk ,
|
|
||||||
and
|
and
|
||||||
.Pa ~/.ssh/id_dsa .
|
.Pa ~/.ssh/id_ed25519_sk .
|
||||||
After loading a private key,
|
After loading a private key,
|
||||||
.Nm
|
.Nm
|
||||||
will try to load corresponding certificate information from the
|
will try to load corresponding certificate information from the
|
||||||
|
@ -314,13 +313,12 @@ the built-in USB HID support.
|
||||||
.El
|
.El
|
||||||
.Sh FILES
|
.Sh FILES
|
||||||
.Bl -tag -width Ds -compact
|
.Bl -tag -width Ds -compact
|
||||||
.It Pa ~/.ssh/id_dsa
|
|
||||||
.It Pa ~/.ssh/id_ecdsa
|
.It Pa ~/.ssh/id_ecdsa
|
||||||
.It Pa ~/.ssh/id_ecdsa_sk
|
.It Pa ~/.ssh/id_ecdsa_sk
|
||||||
.It Pa ~/.ssh/id_ed25519
|
.It Pa ~/.ssh/id_ed25519
|
||||||
.It Pa ~/.ssh/id_ed25519_sk
|
.It Pa ~/.ssh/id_ed25519_sk
|
||||||
.It Pa ~/.ssh/id_rsa
|
.It Pa ~/.ssh/id_rsa
|
||||||
Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519,
|
Contains the ECDSA, authenticator-hosted ECDSA, Ed25519,
|
||||||
authenticator-hosted Ed25519 or RSA authentication identity of the user.
|
authenticator-hosted Ed25519 or RSA authentication identity of the user.
|
||||||
.El
|
.El
|
||||||
.Pp
|
.Pp
|
||||||
|
|
19
ssh-keygen.1
19
ssh-keygen.1
|
@ -1,4 +1,4 @@
|
||||||
.\" $OpenBSD: ssh-keygen.1,v 1.230 2023/09/04 10:29:58 job Exp $
|
.\" $OpenBSD: ssh-keygen.1,v 1.231 2024/06/17 08:30:29 djm Exp $
|
||||||
.\"
|
.\"
|
||||||
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
|
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||||
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||||
|
@ -35,7 +35,7 @@
|
||||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.Dd $Mdocdate: September 4 2023 $
|
.Dd $Mdocdate: June 17 2024 $
|
||||||
.Dt SSH-KEYGEN 1
|
.Dt SSH-KEYGEN 1
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
|
@ -51,7 +51,7 @@
|
||||||
.Op Fl m Ar format
|
.Op Fl m Ar format
|
||||||
.Op Fl N Ar new_passphrase
|
.Op Fl N Ar new_passphrase
|
||||||
.Op Fl O Ar option
|
.Op Fl O Ar option
|
||||||
.Op Fl t Cm dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa
|
.Op Fl t Cm ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa
|
||||||
.Op Fl w Ar provider
|
.Op Fl w Ar provider
|
||||||
.Op Fl Z Ar cipher
|
.Op Fl Z Ar cipher
|
||||||
.Nm ssh-keygen
|
.Nm ssh-keygen
|
||||||
|
@ -205,7 +205,6 @@ section for details.
|
||||||
Normally each user wishing to use SSH
|
Normally each user wishing to use SSH
|
||||||
with public key authentication runs this once to create the authentication
|
with public key authentication runs this once to create the authentication
|
||||||
key in
|
key in
|
||||||
.Pa ~/.ssh/id_dsa ,
|
|
||||||
.Pa ~/.ssh/id_ecdsa ,
|
.Pa ~/.ssh/id_ecdsa ,
|
||||||
.Pa ~/.ssh/id_ecdsa_sk ,
|
.Pa ~/.ssh/id_ecdsa_sk ,
|
||||||
.Pa ~/.ssh/id_ed25519 ,
|
.Pa ~/.ssh/id_ed25519 ,
|
||||||
|
@ -414,9 +413,8 @@ section.
|
||||||
Prints the contents of one or more certificates.
|
Prints the contents of one or more certificates.
|
||||||
.It Fl l
|
.It Fl l
|
||||||
Show fingerprint of specified public key file.
|
Show fingerprint of specified public key file.
|
||||||
For RSA and DSA keys
|
|
||||||
.Nm
|
.Nm
|
||||||
tries to find the matching public key file and prints its fingerprint.
|
will try to find the matching public key file and prints its fingerprint.
|
||||||
If combined with
|
If combined with
|
||||||
.Fl v ,
|
.Fl v ,
|
||||||
a visual ASCII art representation of the key is supplied with the
|
a visual ASCII art representation of the key is supplied with the
|
||||||
|
@ -579,10 +577,9 @@ by key ID or serial number.
|
||||||
See the
|
See the
|
||||||
.Sx KEY REVOCATION LISTS
|
.Sx KEY REVOCATION LISTS
|
||||||
section for details.
|
section for details.
|
||||||
.It Fl t Cm dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa
|
.It Fl t Cm ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa
|
||||||
Specifies the type of key to create.
|
Specifies the type of key to create.
|
||||||
The possible values are
|
The possible values are
|
||||||
.Dq dsa ,
|
|
||||||
.Dq ecdsa ,
|
.Dq ecdsa ,
|
||||||
.Dq ecdsa-sk ,
|
.Dq ecdsa-sk ,
|
||||||
.Dq ed25519 ,
|
.Dq ed25519 ,
|
||||||
|
@ -1290,13 +1287,12 @@ the built-in USB HID support.
|
||||||
.El
|
.El
|
||||||
.Sh FILES
|
.Sh FILES
|
||||||
.Bl -tag -width Ds -compact
|
.Bl -tag -width Ds -compact
|
||||||
.It Pa ~/.ssh/id_dsa
|
|
||||||
.It Pa ~/.ssh/id_ecdsa
|
.It Pa ~/.ssh/id_ecdsa
|
||||||
.It Pa ~/.ssh/id_ecdsa_sk
|
.It Pa ~/.ssh/id_ecdsa_sk
|
||||||
.It Pa ~/.ssh/id_ed25519
|
.It Pa ~/.ssh/id_ed25519
|
||||||
.It Pa ~/.ssh/id_ed25519_sk
|
.It Pa ~/.ssh/id_ed25519_sk
|
||||||
.It Pa ~/.ssh/id_rsa
|
.It Pa ~/.ssh/id_rsa
|
||||||
Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519,
|
Contains the ECDSA, authenticator-hosted ECDSA, Ed25519,
|
||||||
authenticator-hosted Ed25519 or RSA authentication identity of the user.
|
authenticator-hosted Ed25519 or RSA authentication identity of the user.
|
||||||
This file should not be readable by anyone but the user.
|
This file should not be readable by anyone but the user.
|
||||||
It is possible to
|
It is possible to
|
||||||
|
@ -1308,13 +1304,12 @@ but it is offered as the default file for the private key.
|
||||||
.Xr ssh 1
|
.Xr ssh 1
|
||||||
will read this file when a login attempt is made.
|
will read this file when a login attempt is made.
|
||||||
.Pp
|
.Pp
|
||||||
.It Pa ~/.ssh/id_dsa.pub
|
|
||||||
.It Pa ~/.ssh/id_ecdsa.pub
|
.It Pa ~/.ssh/id_ecdsa.pub
|
||||||
.It Pa ~/.ssh/id_ecdsa_sk.pub
|
.It Pa ~/.ssh/id_ecdsa_sk.pub
|
||||||
.It Pa ~/.ssh/id_ed25519.pub
|
.It Pa ~/.ssh/id_ed25519.pub
|
||||||
.It Pa ~/.ssh/id_ed25519_sk.pub
|
.It Pa ~/.ssh/id_ed25519_sk.pub
|
||||||
.It Pa ~/.ssh/id_rsa.pub
|
.It Pa ~/.ssh/id_rsa.pub
|
||||||
Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519,
|
Contains the ECDSA, authenticator-hosted ECDSA, Ed25519,
|
||||||
authenticator-hosted Ed25519 or RSA public key for authentication.
|
authenticator-hosted Ed25519 or RSA public key for authentication.
|
||||||
The contents of this file should be added to
|
The contents of this file should be added to
|
||||||
.Pa ~/.ssh/authorized_keys
|
.Pa ~/.ssh/authorized_keys
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
.\" $OpenBSD: ssh-keyscan.1,v 1.51 2024/06/14 05:20:34 jmc Exp $
|
.\" $OpenBSD: ssh-keyscan.1,v 1.52 2024/06/17 08:30:29 djm Exp $
|
||||||
.\"
|
.\"
|
||||||
.\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
|
.\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
|
||||||
.\"
|
.\"
|
||||||
|
@ -6,7 +6,7 @@
|
||||||
.\" permitted provided that due credit is given to the author and the
|
.\" permitted provided that due credit is given to the author and the
|
||||||
.\" OpenBSD project by leaving this copyright notice intact.
|
.\" OpenBSD project by leaving this copyright notice intact.
|
||||||
.\"
|
.\"
|
||||||
.Dd $Mdocdate: June 14 2024 $
|
.Dd $Mdocdate: June 17 2024 $
|
||||||
.Dt SSH-KEYSCAN 1
|
.Dt SSH-KEYSCAN 1
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
|
@ -130,7 +130,6 @@ The default is 5 seconds.
|
||||||
.It Fl t Ar type
|
.It Fl t Ar type
|
||||||
Specify the type of the key to fetch from the scanned hosts.
|
Specify the type of the key to fetch from the scanned hosts.
|
||||||
The possible values are
|
The possible values are
|
||||||
.Dq dsa ,
|
|
||||||
.Dq ecdsa ,
|
.Dq ecdsa ,
|
||||||
.Dq ed25519 ,
|
.Dq ed25519 ,
|
||||||
.Dq ecdsa-sk ,
|
.Dq ecdsa-sk ,
|
||||||
|
@ -138,14 +137,7 @@ The possible values are
|
||||||
or
|
or
|
||||||
.Dq rsa .
|
.Dq rsa .
|
||||||
Multiple values may be specified by separating them with commas.
|
Multiple values may be specified by separating them with commas.
|
||||||
The default is to fetch
|
The default is to fetch all the above key types.
|
||||||
.Dq rsa ,
|
|
||||||
.Dq ecdsa ,
|
|
||||||
.Dq ed25519 ,
|
|
||||||
.Dq ecdsa-sk ,
|
|
||||||
and
|
|
||||||
.Dq ed25519-sk
|
|
||||||
keys.
|
|
||||||
.It Fl v
|
.It Fl v
|
||||||
Verbose mode:
|
Verbose mode:
|
||||||
print debugging messages about progress.
|
print debugging messages about progress.
|
||||||
|
@ -177,7 +169,7 @@ Find all hosts from the file
|
||||||
which have new or different keys from those in the sorted file
|
which have new or different keys from those in the sorted file
|
||||||
.Pa ssh_known_hosts :
|
.Pa ssh_known_hosts :
|
||||||
.Bd -literal -offset indent
|
.Bd -literal -offset indent
|
||||||
$ ssh-keyscan -t rsa,dsa,ecdsa,ed25519 -f ssh_hosts | \e
|
$ ssh-keyscan -t rsa,ecdsa,ed25519 -f ssh_hosts | \e
|
||||||
sort -u - ssh_known_hosts | diff ssh_known_hosts -
|
sort -u - ssh_known_hosts | diff ssh_known_hosts -
|
||||||
.Ed
|
.Ed
|
||||||
.Sh SEE ALSO
|
.Sh SEE ALSO
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
.\" $OpenBSD: ssh-keysign.8,v 1.17 2022/03/31 17:27:27 naddy Exp $
|
.\" $OpenBSD: ssh-keysign.8,v 1.18 2024/06/17 08:30:29 djm Exp $
|
||||||
.\"
|
.\"
|
||||||
.\" Copyright (c) 2002 Markus Friedl. All rights reserved.
|
.\" Copyright (c) 2002 Markus Friedl. All rights reserved.
|
||||||
.\"
|
.\"
|
||||||
|
@ -22,7 +22,7 @@
|
||||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.Dd $Mdocdate: March 31 2022 $
|
.Dd $Mdocdate: June 17 2024 $
|
||||||
.Dt SSH-KEYSIGN 8
|
.Dt SSH-KEYSIGN 8
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
|
@ -61,7 +61,6 @@ Controls whether
|
||||||
.Nm
|
.Nm
|
||||||
is enabled.
|
is enabled.
|
||||||
.Pp
|
.Pp
|
||||||
.It Pa /etc/ssh/ssh_host_dsa_key
|
|
||||||
.It Pa /etc/ssh/ssh_host_ecdsa_key
|
.It Pa /etc/ssh/ssh_host_ecdsa_key
|
||||||
.It Pa /etc/ssh/ssh_host_ed25519_key
|
.It Pa /etc/ssh/ssh_host_ed25519_key
|
||||||
.It Pa /etc/ssh/ssh_host_rsa_key
|
.It Pa /etc/ssh/ssh_host_rsa_key
|
||||||
|
@ -73,7 +72,6 @@ Since they are readable only by root,
|
||||||
.Nm
|
.Nm
|
||||||
must be set-uid root if host-based authentication is used.
|
must be set-uid root if host-based authentication is used.
|
||||||
.Pp
|
.Pp
|
||||||
.It Pa /etc/ssh/ssh_host_dsa_key-cert.pub
|
|
||||||
.It Pa /etc/ssh/ssh_host_ecdsa_key-cert.pub
|
.It Pa /etc/ssh/ssh_host_ecdsa_key-cert.pub
|
||||||
.It Pa /etc/ssh/ssh_host_ed25519_key-cert.pub
|
.It Pa /etc/ssh/ssh_host_ed25519_key-cert.pub
|
||||||
.It Pa /etc/ssh/ssh_host_rsa_key-cert.pub
|
.It Pa /etc/ssh/ssh_host_rsa_key-cert.pub
|
||||||
|
|
21
ssh.1
21
ssh.1
|
@ -33,8 +33,8 @@
|
||||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.\" $OpenBSD: ssh.1,v 1.440 2024/05/26 20:35:12 naddy Exp $
|
.\" $OpenBSD: ssh.1,v 1.441 2024/06/17 08:30:29 djm Exp $
|
||||||
.Dd $Mdocdate: May 26 2024 $
|
.Dd $Mdocdate: June 17 2024 $
|
||||||
.Dt SSH 1
|
.Dt SSH 1
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
|
@ -304,10 +304,9 @@ The default is
|
||||||
.Pa ~/.ssh/id_rsa ,
|
.Pa ~/.ssh/id_rsa ,
|
||||||
.Pa ~/.ssh/id_ecdsa ,
|
.Pa ~/.ssh/id_ecdsa ,
|
||||||
.Pa ~/.ssh/id_ecdsa_sk ,
|
.Pa ~/.ssh/id_ecdsa_sk ,
|
||||||
.Pa ~/.ssh/id_ed25519 ,
|
.Pa ~/.ssh/id_ed25519
|
||||||
.Pa ~/.ssh/id_ed25519_sk
|
|
||||||
and
|
and
|
||||||
.Pa ~/.ssh/id_dsa .
|
.Pa ~/.ssh/id_ed25519_sk .
|
||||||
Identity files may also be specified on
|
Identity files may also be specified on
|
||||||
a per-host basis in the configuration file.
|
a per-host basis in the configuration file.
|
||||||
It is possible to have multiple
|
It is possible to have multiple
|
||||||
|
@ -929,10 +928,10 @@ key pair for authentication purposes.
|
||||||
The server knows the public key, and only the user knows the private key.
|
The server knows the public key, and only the user knows the private key.
|
||||||
.Nm
|
.Nm
|
||||||
implements public key authentication protocol automatically,
|
implements public key authentication protocol automatically,
|
||||||
using one of the DSA, ECDSA, Ed25519 or RSA algorithms.
|
using one of the ECDSA, Ed25519 or RSA algorithms.
|
||||||
The HISTORY section of
|
The HISTORY section of
|
||||||
.Xr ssl 8
|
.Xr ssl 8
|
||||||
contains a brief discussion of the DSA and RSA algorithms.
|
contains a brief discussion of the RSA and ECDSA algorithms.
|
||||||
.Pp
|
.Pp
|
||||||
The file
|
The file
|
||||||
.Pa ~/.ssh/authorized_keys
|
.Pa ~/.ssh/authorized_keys
|
||||||
|
@ -959,8 +958,6 @@ flag).
|
||||||
The user creates their key pair by running
|
The user creates their key pair by running
|
||||||
.Xr ssh-keygen 1 .
|
.Xr ssh-keygen 1 .
|
||||||
This stores the private key in
|
This stores the private key in
|
||||||
.Pa ~/.ssh/id_dsa
|
|
||||||
(DSA),
|
|
||||||
.Pa ~/.ssh/id_ecdsa
|
.Pa ~/.ssh/id_ecdsa
|
||||||
(ECDSA),
|
(ECDSA),
|
||||||
.Pa ~/.ssh/id_ecdsa_sk
|
.Pa ~/.ssh/id_ecdsa_sk
|
||||||
|
@ -973,8 +970,6 @@ or
|
||||||
.Pa ~/.ssh/id_rsa
|
.Pa ~/.ssh/id_rsa
|
||||||
(RSA)
|
(RSA)
|
||||||
and stores the public key in
|
and stores the public key in
|
||||||
.Pa ~/.ssh/id_dsa.pub
|
|
||||||
(DSA),
|
|
||||||
.Pa ~/.ssh/id_ecdsa.pub
|
.Pa ~/.ssh/id_ecdsa.pub
|
||||||
(ECDSA),
|
(ECDSA),
|
||||||
.Pa ~/.ssh/id_ecdsa_sk.pub
|
.Pa ~/.ssh/id_ecdsa_sk.pub
|
||||||
|
@ -1556,7 +1551,7 @@ secret, but the recommended permissions are read/write/execute for the user,
|
||||||
and not accessible by others.
|
and not accessible by others.
|
||||||
.Pp
|
.Pp
|
||||||
.It Pa ~/.ssh/authorized_keys
|
.It Pa ~/.ssh/authorized_keys
|
||||||
Lists the public keys (DSA, ECDSA, Ed25519, RSA)
|
Lists the public keys (ECDSA, Ed25519, RSA)
|
||||||
that can be used for logging in as this user.
|
that can be used for logging in as this user.
|
||||||
The format of this file is described in the
|
The format of this file is described in the
|
||||||
.Xr sshd 8
|
.Xr sshd 8
|
||||||
|
@ -1576,7 +1571,6 @@ Contains additional definitions for environment variables; see
|
||||||
.Sx ENVIRONMENT ,
|
.Sx ENVIRONMENT ,
|
||||||
above.
|
above.
|
||||||
.Pp
|
.Pp
|
||||||
.It Pa ~/.ssh/id_dsa
|
|
||||||
.It Pa ~/.ssh/id_ecdsa
|
.It Pa ~/.ssh/id_ecdsa
|
||||||
.It Pa ~/.ssh/id_ecdsa_sk
|
.It Pa ~/.ssh/id_ecdsa_sk
|
||||||
.It Pa ~/.ssh/id_ed25519
|
.It Pa ~/.ssh/id_ed25519
|
||||||
|
@ -1592,7 +1586,6 @@ It is possible to specify a passphrase when
|
||||||
generating the key which will be used to encrypt the
|
generating the key which will be used to encrypt the
|
||||||
sensitive part of this file using AES-128.
|
sensitive part of this file using AES-128.
|
||||||
.Pp
|
.Pp
|
||||||
.It Pa ~/.ssh/id_dsa.pub
|
|
||||||
.It Pa ~/.ssh/id_ecdsa.pub
|
.It Pa ~/.ssh/id_ecdsa.pub
|
||||||
.It Pa ~/.ssh/id_ecdsa_sk.pub
|
.It Pa ~/.ssh/id_ecdsa_sk.pub
|
||||||
.It Pa ~/.ssh/id_ed25519.pub
|
.It Pa ~/.ssh/id_ed25519.pub
|
||||||
|
|
11
ssh_config.5
11
ssh_config.5
|
@ -33,8 +33,8 @@
|
||||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.\" $OpenBSD: ssh_config.5,v 1.395 2024/06/14 05:01:22 djm Exp $
|
.\" $OpenBSD: ssh_config.5,v 1.396 2024/06/17 08:30:29 djm Exp $
|
||||||
.Dd $Mdocdate: June 14 2024 $
|
.Dd $Mdocdate: June 17 2024 $
|
||||||
.Dt SSH_CONFIG 5
|
.Dt SSH_CONFIG 5
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
|
@ -1114,7 +1114,7 @@ section and environment variables as described in the
|
||||||
.Sx ENVIRONMENT VARIABLES
|
.Sx ENVIRONMENT VARIABLES
|
||||||
section.
|
section.
|
||||||
.It Cm IdentityFile
|
.It Cm IdentityFile
|
||||||
Specifies a file from which the user's DSA, ECDSA, authenticator-hosted ECDSA,
|
Specifies a file from which the user's ECDSA, authenticator-hosted ECDSA,
|
||||||
Ed25519, authenticator-hosted Ed25519 or RSA authentication identity is read.
|
Ed25519, authenticator-hosted Ed25519 or RSA authentication identity is read.
|
||||||
You can also specify a public key file to use the corresponding
|
You can also specify a public key file to use the corresponding
|
||||||
private key that is loaded in
|
private key that is loaded in
|
||||||
|
@ -1124,10 +1124,9 @@ The default is
|
||||||
.Pa ~/.ssh/id_rsa ,
|
.Pa ~/.ssh/id_rsa ,
|
||||||
.Pa ~/.ssh/id_ecdsa ,
|
.Pa ~/.ssh/id_ecdsa ,
|
||||||
.Pa ~/.ssh/id_ecdsa_sk ,
|
.Pa ~/.ssh/id_ecdsa_sk ,
|
||||||
.Pa ~/.ssh/id_ed25519 ,
|
.Pa ~/.ssh/id_ed25519
|
||||||
.Pa ~/.ssh/id_ed25519_sk
|
|
||||||
and
|
and
|
||||||
.Pa ~/.ssh/id_dsa .
|
.Pa ~/.ssh/id_ed25519_sk .
|
||||||
Additionally, any identities represented by the authentication agent
|
Additionally, any identities represented by the authentication agent
|
||||||
will be used for authentication unless
|
will be used for authentication unless
|
||||||
.Cm IdentitiesOnly
|
.Cm IdentitiesOnly
|
||||||
|
|
9
sshd.8
9
sshd.8
|
@ -33,8 +33,8 @@
|
||||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.\" $OpenBSD: sshd.8,v 1.325 2023/09/19 20:37:07 deraadt Exp $
|
.\" $OpenBSD: sshd.8,v 1.326 2024/06/17 08:30:29 djm Exp $
|
||||||
.Dd $Mdocdate: September 19 2023 $
|
.Dd $Mdocdate: June 17 2024 $
|
||||||
.Dt SSHD 8
|
.Dt SSHD 8
|
||||||
.Os
|
.Os
|
||||||
.Sh NAME
|
.Sh NAME
|
||||||
|
@ -465,8 +465,6 @@ sk-ssh-ed25519@openssh.com
|
||||||
.It
|
.It
|
||||||
ssh-ed25519
|
ssh-ed25519
|
||||||
.It
|
.It
|
||||||
ssh-dss
|
|
||||||
.It
|
|
||||||
ssh-rsa
|
ssh-rsa
|
||||||
.El
|
.El
|
||||||
.Pp
|
.Pp
|
||||||
|
@ -477,7 +475,6 @@ Note that lines in this file can be several hundred bytes long
|
||||||
(because of the size of the public key encoding) up to a limit of
|
(because of the size of the public key encoding) up to a limit of
|
||||||
8 kilobytes, which permits RSA keys up to 16 kilobits.
|
8 kilobytes, which permits RSA keys up to 16 kilobits.
|
||||||
You don't want to type them in; instead, copy the
|
You don't want to type them in; instead, copy the
|
||||||
.Pa id_dsa.pub ,
|
|
||||||
.Pa id_ecdsa.pub ,
|
.Pa id_ecdsa.pub ,
|
||||||
.Pa id_ecdsa_sk.pub ,
|
.Pa id_ecdsa_sk.pub ,
|
||||||
.Pa id_ed25519.pub ,
|
.Pa id_ed25519.pub ,
|
||||||
|
@ -881,7 +878,7 @@ secret, but the recommended permissions are read/write/execute for the user,
|
||||||
and not accessible by others.
|
and not accessible by others.
|
||||||
.Pp
|
.Pp
|
||||||
.It Pa ~/.ssh/authorized_keys
|
.It Pa ~/.ssh/authorized_keys
|
||||||
Lists the public keys (DSA, ECDSA, Ed25519, RSA)
|
Lists the public keys (ECDSA, Ed25519, RSA)
|
||||||
that can be used for logging in as this user.
|
that can be used for logging in as this user.
|
||||||
The format of this file is described above.
|
The format of this file is described above.
|
||||||
The content of the file is not highly sensitive, but the recommended
|
The content of the file is not highly sensitive, but the recommended
|
||||||
|
|
Loading…
Reference in New Issue