[ssh-keygen.1 ssh.1]
     improve SSHFP documentation; ok deraadt@
This commit is contained in:
Darren Tucker 2004-08-13 21:22:40 +10:00
parent bcf279783a
commit 0b42e6d95b
3 changed files with 21 additions and 6 deletions

View File

@ -12,6 +12,9 @@
- djm@cvs.openbsd.org 2004/08/12 09:18:24 - djm@cvs.openbsd.org 2004/08/12 09:18:24
[sshlogin.c] [sshlogin.c]
typo in error message, spotted by moritz AT jodeit.org (Id sync only) typo in error message, spotted by moritz AT jodeit.org (Id sync only)
- jakob@cvs.openbsd.org 2004/08/12 21:41:13
[ssh-keygen.1 ssh.1]
improve SSHFP documentation; ok deraadt@
20040812 20040812
- (dtucker) [sshd.c] Remove duplicate variable imported during sync. - (dtucker) [sshd.c] Remove duplicate variable imported during sync.
@ -1609,4 +1612,4 @@
- (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Trim deprecated options from INSTALL. Mention UsePAM
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
$Id: ChangeLog,v 1.3501 2004/08/13 11:21:47 dtucker Exp $ $Id: ChangeLog,v 1.3502 2004/08/13 11:22:40 dtucker Exp $

View File

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-keygen.1,v 1.61 2003/12/22 09:16:58 djm Exp $ .\" $OpenBSD: ssh-keygen.1,v 1.62 2004/08/12 21:41:13 jakob Exp $
.\" .\"
.\" -*- nroff -*- .\" -*- nroff -*-
.\" .\"
@ -192,7 +192,9 @@ to stdout.
This option allows exporting keys for use by several commercial This option allows exporting keys for use by several commercial
SSH implementations. SSH implementations.
.It Fl g .It Fl g
Use generic DNS resource record format. Use generic DNS format when printing fingerprint resource records using the
.Fl r
command.
.It Fl f Ar filename .It Fl f Ar filename
Specifies the filename of the key file. Specifies the filename of the key file.
.It Fl i .It Fl i
@ -276,8 +278,9 @@ Multiple
options increase the verbosity. options increase the verbosity.
The maximum is 3. The maximum is 3.
.It Fl r Ar hostname .It Fl r Ar hostname
Print DNS resource record with the specified Print the SSHFP fingerprint resource record named
.Ar hostname . .Ar hostname
for the specified public key file.
.El .El
.Sh MODULI GENERATION .Sh MODULI GENERATION
.Nm .Nm

11
ssh.1
View File

@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" .\"
.\" $OpenBSD: ssh.1,v 1.193 2004/06/26 09:03:21 jmc Exp $ .\" $OpenBSD: ssh.1,v 1.194 2004/08/12 21:41:13 jakob Exp $
.Dd September 25, 1999 .Dd September 25, 1999
.Dt SSH 1 .Dt SSH 1
.Os .Os
@ -400,6 +400,15 @@ The
option can be used to prevent logins to machines whose option can be used to prevent logins to machines whose
host key is not known or has changed. host key is not known or has changed.
.Pp .Pp
.Nm
can be configured to verify host identification using fingerprint resource
records (SSHFP) published in DNS.
The
.Cm VerifyHostKeyDNS
option can be used to control how DNS lookups are performed.
SSHFP resource records can be generated using
.Xr ssh-keygen 1 .
.Pp
The options are as follows: The options are as follows:
.Bl -tag -width Ds .Bl -tag -width Ds
.It Fl 1 .It Fl 1