- jmc@cvs.openbsd.org 2010/02/26 22:09:28

[ssh-keygen.1 ssh.1 sshd.8]
     tweak previous;

ChangeLog

@@ -1,5 +1,9 @@
 20100303
  - (djm) [PROTOCOL.certkeys] Add RCS Ident
+ - OpenBSD CVS Sync
+   - jmc@cvs.openbsd.org 2010/02/26 22:09:28
+     [ssh-keygen.1 ssh.1 sshd.8]
+     tweak previous;
 
 20100302
  - (tim) [config.guess config.sub] Bug 1722: Update to latest versions from

ssh-keygen.1

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ssh-keygen.1,v 1.84 2010/02/26 20:29:54 djm Exp $
+.\"	$OpenBSD: ssh-keygen.1,v 1.85 2010/02/26 22:09:28 jmc Exp $
 .\"
 .\"  -*- nroff -*-
 .\"
@@ -107,6 +107,7 @@
 .Op Fl a Ar num_trials
 .Op Fl W Ar generator
 .Nm ssh-keygen
+.Bk -words
 .Fl s Ar ca_key
 .Fl I Ar certificate_identity
 .Op Fl h
@@ -114,6 +115,7 @@
 .Op Fl O Ar constraint
 .Op Fl V Ar validity_interval
 .Ar
+.Ek
 .Sh DESCRIPTION
 .Nm
 generates, manages and converts authentication keys for
@@ -259,7 +261,7 @@ certificate.
 Please see the
 .Sx CERTIFICATES
 section for details.
-.It Fl I
+.It Fl I Ar certificate_identity
 Specify the key identity when signing a public key.
 Please see the
 .Sx CERTIFICATES
@@ -303,21 +305,21 @@ section for details.
 The constraints that are valid for user certificates are:
 .Bl -tag -width Ds
 .It Ic no-x11-forwarding
-Disable X11 forwarding. (permitted by default)
+Disable X11 forwarding (permitted by default).
 .It Ic no-agent-forwarding
 Disable
 .Xr ssh-agent 1
-forwarding. (permitted by default)
+forwarding (permitted by default).
 .It Ic no-port-forwarding
-Disable port forwarding. (permitted by default)
+Disable port forwarding (permitted by default).
 .It Ic no-pty
-Disable PTY allocation. (permitted by default)
+Disable PTY allocation (permitted by default).
 .It Ic no-user-rc
 Disable execution of
 .Pa ~/.ssh/rc
 by
-.Xr sshd 8 .
-(permitted by default)
+.Xr sshd 8
+(permitted by default).
 .It Ic clear
 Clear all enabled permissions.
 This is useful for clearing the default set of permissions so permissions may
@@ -504,7 +506,8 @@ the X.509 certificates used in
 .Nm
 supports two types of certificates: user and host.
 User certificates authenticate users to servers, whereas host certificates
-authenticate server hosts to users. To generate a user certificate:
+authenticate server hosts to users.
+To generate a user certificate:
 .Pp
 .Dl $ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub
 .Pp

ssh.1

@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.295 2010/02/26 20:29:54 djm Exp $
+.\" $OpenBSD: ssh.1,v 1.296 2010/02/26 22:09:28 jmc Exp $
 .Dd $Mdocdate: February 26 2010 $
 .Dt SSH 1
 .Os
@@ -1121,7 +1121,6 @@ See the
 section of
 .Xr ssh-keygen 1
 for more details.
-.Pp
 .Sh SSH-BASED VIRTUAL PRIVATE NETWORKS
 .Nm
 contains support for Virtual Private Network (VPN) tunnelling

sshd.8

@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.251 2010/02/26 20:29:54 djm Exp $
+.\" $OpenBSD: sshd.8,v 1.252 2010/02/26 22:09:28 jmc Exp $
 .Dd $Mdocdate: February 26 2010 $
 .Dt SSHD 8
 .Os
@@ -102,15 +102,6 @@ to use IPv6 addresses only.
 .It Fl b Ar bits
 Specifies the number of bits in the ephemeral protocol version 1
 server key (default 1024).
-.It Fl c Ar host_certificate_file
-Specifies a path to a certificate file to identify
-.Nm
-during key exchange.
-The certificate file must match a host key file specified using the
-.Fl -h
-option or the
-.Cm HostKey
-configuration directive.
 .It Fl C Ar connection_spec
 Specify the connection parameters to use for the
 .Fl T
@@ -129,6 +120,15 @@ and
 All are required and may be supplied in any order, either with multiple
 .Fl C
 options or as a comma-separated list.
+.It Fl c Ar host_certificate_file
+Specifies a path to a certificate file to identify
+.Nm
+during key exchange.
+The certificate file must match a host key file specified using the
+.Fl h
+option or the
+.Cm HostKey
+configuration directive.
 .It Fl D
 When this option is specified,
 .Nm