From a07a59188a5a236c0fb8ef3fb8188ca3d6227458 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 2 Jan 2006 23:41:37 +1100 Subject: [PATCH] - jmc@cvs.openbsd.org 2006/01/02 12:31:06 [ssh.1] start to cut some duplicate info from FILES; help/ok djm --- ChangeLog | 6 +++++- ssh.1 | 31 +++++++------------------------ 2 files changed, 12 insertions(+), 25 deletions(-) diff --git a/ChangeLog b/ChangeLog index 577123925..99b7aedcd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -28,6 +28,10 @@ clarify tun(4) opening - set the mode and bring the interface up. also (re)sets the tun(4) layer 2 LINK0 flag for existing tunnel interfaces. suggested and ok by djm@ + - jmc@cvs.openbsd.org 2006/01/02 12:31:06 + [ssh.1] + start to cut some duplicate info from FILES; + help/ok djm 20060101 - (djm) [Makefile.in configure.ac includes.h misc.c] @@ -3618,4 +3622,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4070 2006/01/02 12:41:21 djm Exp $ +$Id: ChangeLog,v 1.4071 2006/01/02 12:41:37 djm Exp $ diff --git a/ssh.1 b/ssh.1 index 2a8386dc4..de9d9312f 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.234 2005/12/31 13:45:19 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.235 2006/01/02 12:31:06 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -1061,38 +1061,21 @@ in See .Xr sshd 8 . .It Pa ~/.ssh/identity, ~/.ssh/id_dsa, ~/.ssh/id_rsa -Contains the authentication identity of the user. -They are for protocol 1 RSA, protocol 2 DSA, and protocol 2 RSA, respectively. +Contains the private key for authentication. These files contain sensitive data and should be readable by the user but not accessible by others (read/write/execute). -Note that .Nm -ignores a private key file if it is accessible by others. +will simply ignore a private key file if it is accessible by others. It is possible to specify a passphrase when -generating the key; the passphrase will be used to encrypt the +generating the key which will be used to encrypt the sensitive part of this file using 3DES. .It Pa ~/.ssh/identity.pub, ~/.ssh/id_dsa.pub, ~/.ssh/id_rsa.pub -Contains the public key for authentication (public part of the -identity file in human-readable form). -The contents of the -.Pa ~/.ssh/identity.pub -file should be added to the file -.Pa ~/.ssh/authorized_keys -on all machines -where the user wishes to log in using protocol version 1 RSA authentication. -The contents of the -.Pa ~/.ssh/id_dsa.pub -and -.Pa ~/.ssh/id_rsa.pub -file should be added to -.Pa ~/.ssh/authorized_keys -on all machines -where the user wishes to log in using protocol version 2 DSA/RSA authentication. +Contains the public key for authentication. These files are not sensitive and can (but need not) be readable by anyone. -These files are -never used automatically and are not necessary; they are only provided for +They are +never used automatically and are not necessary: they are only provided for the convenience of the user. .It Pa ~/.ssh/config This is the per-user configuration file.