From f0edda81c5ebccffcce52b182c3033531a1aab71 Mon Sep 17 00:00:00 2001
From: "naddy@openbsd.org" <naddy@openbsd.org>
Date: Mon, 18 Nov 2019 23:16:49 +0000
Subject: [PATCH] upstream: more missing mentions of ed25519-sk; ok djm@

OpenBSD-Commit-ID: f242e53366f61697dffd53af881bc5daf78230ff
---
 ssh-add.1    |  9 ++++++---
 ssh-keygen.1 | 17 ++++++++++-------
 ssh-keygen.c |  4 ++--
 ssh.1        | 13 ++++++++++---
 ssh_config.5 |  6 +++---
 5 files changed, 31 insertions(+), 18 deletions(-)

diff --git a/ssh-add.1 b/ssh-add.1
index 2ecbc9532..432c4c78b 100644
--- a/ssh-add.1
+++ b/ssh-add.1
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ssh-add.1,v 1.74 2019/11/15 11:16:28 jmc Exp $
+.\"	$OpenBSD: ssh-add.1,v 1.75 2019/11/18 23:16:49 naddy Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: November 15 2019 $
+.Dd $Mdocdate: November 18 2019 $
 .Dt SSH-ADD 1
 .Os
 .Sh NAME
@@ -64,8 +64,9 @@ When run without arguments, it adds the files
 .Pa ~/.ssh/id_dsa ,
 .Pa ~/.ssh/id_ecdsa ,
 .Pa ~/.ssh/id_ecdsa_sk ,
+.Pa ~/.ssh/id_ed25519 ,
 and
-.Pa ~/.ssh/id_ed25519 .
+.Pa ~/.ssh/id_ed25519_sk .
 After loading a private key,
 .Nm
 will try to load corresponding certificate information from the
@@ -209,6 +210,8 @@ Contains the ECDSA authentication identity of the user.
 Contains the security key-hosted ECDSA authentication identity of the user.
 .It Pa ~/.ssh/id_ed25519
 Contains the Ed25519 authentication identity of the user.
+.It Pa ~/.ssh/id_ed25519_sk
+Contains the security key-hosted Ed25519 authentication identity of the user.
 .It Pa ~/.ssh/id_rsa
 Contains the RSA authentication identity of the user.
 .El
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index e4b5e9d69..feaa69efe 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ssh-keygen.1,v 1.175 2019/11/18 04:50:45 djm Exp $
+.\"	$OpenBSD: ssh-keygen.1,v 1.176 2019/11/18 23:16:49 naddy Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -191,7 +191,8 @@ key in
 .Pa ~/.ssh/id_dsa ,
 .Pa ~/.ssh/id_ecdsa ,
 .Pa ~/.ssh/id_ecdsa_sk ,
-.Pa ~/.ssh/id_ed25519
+.Pa ~/.ssh/id_ed25519 ,
+.Pa ~/.ssh/id_ed25519_sk
 or
 .Pa ~/.ssh/id_rsa .
 Additionally, the system administrator may use this to generate host keys,
@@ -285,7 +286,7 @@ flag determines the key length by selecting from one of three elliptic
 curve sizes: 256, 384 or 521 bits.
 Attempting to use bit lengths other than these three values for ECDSA keys
 will fail.
-ECDSA-SK and Ed25519 keys have a fixed length and the
+ECDSA-SK, Ed25519 and Ed25519-SK keys have a fixed length and the
 .Fl b
 flag will be ignored.
 .It Fl C Ar comment
@@ -1044,9 +1045,10 @@ hardware security keys.
 .It Pa ~/.ssh/id_ecdsa
 .It Pa ~/.ssh/id_ecdsa_sk
 .It Pa ~/.ssh/id_ed25519
+.It Pa ~/.ssh/id_ed25519_sk
 .It Pa ~/.ssh/id_rsa
-Contains the DSA, ECDSA, security key-hosted ECDSA, Ed25519 or RSA
-authentication identity of the user.
+Contains the DSA, ECDSA, security key-hosted ECDSA, Ed25519,
+security key-hosted Ed25519 or RSA authentication identity of the user.
 This file should not be readable by anyone but the user.
 It is possible to
 specify a passphrase when generating the key; that passphrase will be
@@ -1061,9 +1063,10 @@ will read this file when a login attempt is made.
 .It Pa ~/.ssh/id_ecdsa.pub
 .It Pa ~/.ssh/id_ecdsa_sk.pub
 .It Pa ~/.ssh/id_ed25519.pub
+.It Pa ~/.ssh/id_ed25519_sk.pub
 .It Pa ~/.ssh/id_rsa.pub
-Contains the DSA, ECDSA, security key-hosted ECDSA, Ed25519 or RSA
-public key for authentication.
+Contains the DSA, ECDSA, security key-hosted ECDSA, Ed25519,
+security key-hosted Ed25519 or RSA public key for authentication.
 The contents of this file should be added to
 .Pa ~/.ssh/authorized_keys
 on all machines
diff --git a/ssh-keygen.c b/ssh-keygen.c
index c4ce18d94..e869989d7 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.368 2019/11/18 16:10:05 naddy Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.369 2019/11/18 23:16:49 naddy Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2735,7 +2735,7 @@ usage(void)
 {
 	fprintf(stderr,
 	    "usage: ssh-keygen [-q] [-b bits] [-C comment] [-f output_keyfile] [-m format]\n"
-	    "                  [-t dsa | ecdsa | ecdsa-sk | ed25519 | rsa]\n"
+	    "                  [-t dsa | ecdsa | ecdsa-sk | ed25519 | ed25519-sk | rsa]\n"
 	    "                  [-N new_passphrase] [-w provider] [-x flags]\n"
 	    "       ssh-keygen -p [-f keyfile] [-m format] [-N new_passphrase]\n"
 	    "                   [-P old_passphrase]\n"
diff --git a/ssh.1 b/ssh.1
index 2268c197f..1ce0864c7 100644
--- a/ssh.1
+++ b/ssh.1
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.405 2019/11/14 21:27:30 djm Exp $
-.Dd $Mdocdate: November 14 2019 $
+.\" $OpenBSD: ssh.1,v 1.406 2019/11/18 23:16:49 naddy Exp $
+.Dd $Mdocdate: November 18 2019 $
 .Dt SSH 1
 .Os
 .Sh NAME
@@ -280,7 +280,8 @@ The default is
 .Pa ~/.ssh/id_dsa ,
 .Pa ~/.ssh/id_ecdsa ,
 .Pa ~/.ssh/id_ecdsa_sk ,
-.Pa ~/.ssh/id_ed25519
+.Pa ~/.ssh/id_ed25519 ,
+.Pa ~/.ssh/id_ed25519_sk
 and
 .Pa ~/.ssh/id_rsa .
 Identity files may also be specified on
@@ -901,6 +902,8 @@ This stores the private key in
 (security key-hosted ECDSA),
 .Pa ~/.ssh/id_ed25519
 (Ed25519),
+.Pa ~/.ssh/id_ed25519_sk
+(security key-hosted Ed25519),
 or
 .Pa ~/.ssh/id_rsa
 (RSA)
@@ -913,6 +916,8 @@ and stores the public key in
 (security key-hosted ECDSA),
 .Pa ~/.ssh/id_ed25519.pub
 (Ed25519),
+.Pa ~/.ssh/id_ed25519_sk.pub
+(security key-hosted Ed25519),
 or
 .Pa ~/.ssh/id_rsa.pub
 (RSA)
@@ -1491,6 +1496,7 @@ above.
 .It Pa ~/.ssh/id_ecdsa
 .It Pa ~/.ssh/id_ecdsa_sk
 .It Pa ~/.ssh/id_ed25519
+.It Pa ~/.ssh/id_ed25519_sk
 .It Pa ~/.ssh/id_rsa
 Contains the private key for authentication.
 These files
@@ -1506,6 +1512,7 @@ sensitive part of this file using AES-128.
 .It Pa ~/.ssh/id_ecdsa.pub
 .It Pa ~/.ssh/id_ecdsa_sk.pub
 .It Pa ~/.ssh/id_ed25519.pub
+.It Pa ~/.ssh/id_ed25519_sk.pub
 .It Pa ~/.ssh/id_rsa.pub
 Contains the public key for authentication.
 These files are not
diff --git a/ssh_config.5 b/ssh_config.5
index 1f3c3413f..1c0663d81 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,7 +33,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.307 2019/11/18 04:55:02 djm Exp $
+.\" $OpenBSD: ssh_config.5,v 1.308 2019/11/18 23:16:49 naddy Exp $
 .Dd $Mdocdate: November 18 2019 $
 .Dt SSH_CONFIG 5
 .Os
@@ -931,8 +931,8 @@ The default is
 .Pa ~/.ssh/id_dsa ,
 .Pa ~/.ssh/id_ecdsa ,
 .Pa ~/.ssh/id_ecdsa_sk ,
-.Pa ~/.ssh/id_ed25519_sk ,
-.Pa ~/.ssh/id_ed25519
+.Pa ~/.ssh/id_ed25519 ,
+.Pa ~/.ssh/id_ed25519_sk
 and
 .Pa ~/.ssh/id_rsa .
 Additionally, any identities represented by the authentication agent