- jmc@cvs.openbsd.org 2010/02/26 22:09:28
[ssh-keygen.1 ssh.1 sshd.8]
tweak previous;
This commit is contained in:
Damien Miller
parent
25b97dd454
commit
15f5b560b1
|
|
@ -1,5 +1,9 @@
|
||||||
20100303
|
20100303
|
||||||
- (djm) [PROTOCOL.certkeys] Add RCS Ident
|
- (djm) [PROTOCOL.certkeys] Add RCS Ident
|
||||||
|
- OpenBSD CVS Sync
|
||||||
|
- jmc@cvs.openbsd.org 2010/02/26 22:09:28
|
||||||
|
[ssh-keygen.1 ssh.1 sshd.8]
|
||||||
|
tweak previous;
|
||||||
|
|
||||||
20100302
|
20100302
|
||||||
- (tim) [config.guess config.sub] Bug 1722: Update to latest versions from
|
- (tim) [config.guess config.sub] Bug 1722: Update to latest versions from
|
||||||
|
|
|
||||||
21
ssh-keygen.1
21
ssh-keygen.1
|
|
@ -1,4 +1,4 @@
|
||||||
.\" $OpenBSD: ssh-keygen.1,v 1.84 2010/02/26 20:29:54 djm Exp $
|
.\" $OpenBSD: ssh-keygen.1,v 1.85 2010/02/26 22:09:28 jmc Exp $
|
||||||
.\"
|
.\"
|
||||||
.\" -*- nroff -*-
|
.\" -*- nroff -*-
|
||||||
.\"
|
.\"
|
||||||
|
|
@ -107,6 +107,7 @@
|
||||||
.Op Fl a Ar num_trials
|
.Op Fl a Ar num_trials
|
||||||
.Op Fl W Ar generator
|
.Op Fl W Ar generator
|
||||||
.Nm ssh-keygen
|
.Nm ssh-keygen
|
||||||
|
.Bk -words
|
||||||
.Fl s Ar ca_key
|
.Fl s Ar ca_key
|
||||||
.Fl I Ar certificate_identity
|
.Fl I Ar certificate_identity
|
||||||
.Op Fl h
|
.Op Fl h
|
||||||
|
|
@ -114,6 +115,7 @@
|
||||||
.Op Fl O Ar constraint
|
.Op Fl O Ar constraint
|
||||||
.Op Fl V Ar validity_interval
|
.Op Fl V Ar validity_interval
|
||||||
.Ar
|
.Ar
|
||||||
|
.Ek
|
||||||
.Sh DESCRIPTION
|
.Sh DESCRIPTION
|
||||||
.Nm
|
.Nm
|
||||||
generates, manages and converts authentication keys for
|
generates, manages and converts authentication keys for
|
||||||
|
|
@ -259,7 +261,7 @@ certificate.
|
||||||
Please see the
|
Please see the
|
||||||
.Sx CERTIFICATES
|
.Sx CERTIFICATES
|
||||||
section for details.
|
section for details.
|
||||||
.It Fl I
|
.It Fl I Ar certificate_identity
|
||||||
Specify the key identity when signing a public key.
|
Specify the key identity when signing a public key.
|
||||||
Please see the
|
Please see the
|
||||||
.Sx CERTIFICATES
|
.Sx CERTIFICATES
|
||||||
|
|
@ -303,21 +305,21 @@ section for details.
|
||||||
The constraints that are valid for user certificates are:
|
The constraints that are valid for user certificates are:
|
||||||
.Bl -tag -width Ds
|
.Bl -tag -width Ds
|
||||||
.It Ic no-x11-forwarding
|
.It Ic no-x11-forwarding
|
||||||
Disable X11 forwarding. (permitted by default)
|
Disable X11 forwarding (permitted by default).
|
||||||
.It Ic no-agent-forwarding
|
.It Ic no-agent-forwarding
|
||||||
Disable
|
Disable
|
||||||
.Xr ssh-agent 1
|
.Xr ssh-agent 1
|
||||||
forwarding. (permitted by default)
|
forwarding (permitted by default).
|
||||||
.It Ic no-port-forwarding
|
.It Ic no-port-forwarding
|
||||||
Disable port forwarding. (permitted by default)
|
Disable port forwarding (permitted by default).
|
||||||
.It Ic no-pty
|
.It Ic no-pty
|
||||||
Disable PTY allocation. (permitted by default)
|
Disable PTY allocation (permitted by default).
|
||||||
.It Ic no-user-rc
|
.It Ic no-user-rc
|
||||||
Disable execution of
|
Disable execution of
|
||||||
.Pa ~/.ssh/rc
|
.Pa ~/.ssh/rc
|
||||||
by
|
by
|
||||||
.Xr sshd 8 .
|
.Xr sshd 8
|
||||||
(permitted by default)
|
(permitted by default).
|
||||||
.It Ic clear
|
.It Ic clear
|
||||||
Clear all enabled permissions.
|
Clear all enabled permissions.
|
||||||
This is useful for clearing the default set of permissions so permissions may
|
This is useful for clearing the default set of permissions so permissions may
|
||||||
|
|
@ -504,7 +506,8 @@ the X.509 certificates used in
|
||||||
.Nm
|
.Nm
|
||||||
supports two types of certificates: user and host.
|
supports two types of certificates: user and host.
|
||||||
User certificates authenticate users to servers, whereas host certificates
|
User certificates authenticate users to servers, whereas host certificates
|
||||||
authenticate server hosts to users. To generate a user certificate:
|
authenticate server hosts to users.
|
||||||
|
To generate a user certificate:
|
||||||
.Pp
|
.Pp
|
||||||
.Dl $ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub
|
.Dl $ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub
|
||||||
.Pp
|
.Pp
|
||||||
|
|
|
||||||
3
ssh.1
3
ssh.1
|
|
@ -34,7 +34,7 @@
|
||||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.\" $OpenBSD: ssh.1,v 1.295 2010/02/26 20:29:54 djm Exp $
|
.\" $OpenBSD: ssh.1,v 1.296 2010/02/26 22:09:28 jmc Exp $
|
||||||
.Dd $Mdocdate: February 26 2010 $
|
.Dd $Mdocdate: February 26 2010 $
|
||||||
.Dt SSH 1
|
.Dt SSH 1
|
||||||
.Os
|
.Os
|
||||||
|
|
@ -1121,7 +1121,6 @@ See the
|
||||||
section of
|
section of
|
||||||
.Xr ssh-keygen 1
|
.Xr ssh-keygen 1
|
||||||
for more details.
|
for more details.
|
||||||
.Pp
|
|
||||||
.Sh SSH-BASED VIRTUAL PRIVATE NETWORKS
|
.Sh SSH-BASED VIRTUAL PRIVATE NETWORKS
|
||||||
.Nm
|
.Nm
|
||||||
contains support for Virtual Private Network (VPN) tunnelling
|
contains support for Virtual Private Network (VPN) tunnelling
|
||||||
|
|
|
||||||
20
sshd.8
20
sshd.8
|
|
@ -34,7 +34,7 @@
|
||||||
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
||||||
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
.\"
|
.\"
|
||||||
.\" $OpenBSD: sshd.8,v 1.251 2010/02/26 20:29:54 djm Exp $
|
.\" $OpenBSD: sshd.8,v 1.252 2010/02/26 22:09:28 jmc Exp $
|
||||||
.Dd $Mdocdate: February 26 2010 $
|
.Dd $Mdocdate: February 26 2010 $
|
||||||
.Dt SSHD 8
|
.Dt SSHD 8
|
||||||
.Os
|
.Os
|
||||||
|
|
@ -102,15 +102,6 @@ to use IPv6 addresses only.
|
||||||
.It Fl b Ar bits
|
.It Fl b Ar bits
|
||||||
Specifies the number of bits in the ephemeral protocol version 1
|
Specifies the number of bits in the ephemeral protocol version 1
|
||||||
server key (default 1024).
|
server key (default 1024).
|
||||||
.It Fl c Ar host_certificate_file
|
|
||||||
Specifies a path to a certificate file to identify
|
|
||||||
.Nm
|
|
||||||
during key exchange.
|
|
||||||
The certificate file must match a host key file specified using the
|
|
||||||
.Fl -h
|
|
||||||
option or the
|
|
||||||
.Cm HostKey
|
|
||||||
configuration directive.
|
|
||||||
.It Fl C Ar connection_spec
|
.It Fl C Ar connection_spec
|
||||||
Specify the connection parameters to use for the
|
Specify the connection parameters to use for the
|
||||||
.Fl T
|
.Fl T
|
||||||
|
|
@ -129,6 +120,15 @@ and
|
||||||
All are required and may be supplied in any order, either with multiple
|
All are required and may be supplied in any order, either with multiple
|
||||||
.Fl C
|
.Fl C
|
||||||
options or as a comma-separated list.
|
options or as a comma-separated list.
|
||||||
|
.It Fl c Ar host_certificate_file
|
||||||
|
Specifies a path to a certificate file to identify
|
||||||
|
.Nm
|
||||||
|
during key exchange.
|
||||||
|
The certificate file must match a host key file specified using the
|
||||||
|
.Fl h
|
||||||
|
option or the
|
||||||
|
.Cm HostKey
|
||||||
|
configuration directive.
|
||||||
.It Fl D
|
.It Fl D
|
||||||
When this option is specified,
|
When this option is specified,
|
||||||
.Nm
|
.Nm
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue