more doc on: DSA, id_dsa, known_hosts2, authorized_keys2

3 files changed, 50 insertions, 20 deletions

diff --git a/usr.bin/ssh/ssh-add.1 b/usr.bin/ssh/ssh-add.1
index 93a8f986311..10363956f8b 100644
--- a/usr.bin/ssh/ssh-add.1
+++ b/usr.bin/ssh/ssh-add.1
@@ -9,21 +9,21 @@
 .\"
 .\" Created: Sat Apr 22 23:55:14 1995 ylo
 .\"
-.\" $Id: ssh-add.1,v 1.12 2000/04/12 21:47:50 aaron Exp $
+.\" $Id: ssh-add.1,v 1.13 2000/05/03 18:04:38 markus Exp $
 .\"
 .Dd September 25, 1999
 .Dt SSH-ADD 1
 .Os
 .Sh NAME
 .Nm ssh-add
-.Nd adds identities for the authentication agent
+.Nd adds RSA identities for the authentication agent
 .Sh SYNOPSIS
 .Nm ssh-add
 .Op Fl lLdD
 .Op Ar
 .Sh DESCRIPTION
 .Nm
-adds identities to the authentication agent,
+adds RSA identities to the authentication agent,
 .Xr ssh-agent 1 .
 When run without arguments, it adds the file
 .Pa $HOME/.ssh/identity .
diff --git a/usr.bin/ssh/ssh-agent.1 b/usr.bin/ssh/ssh-agent.1
index b49d62b5a6e..9f7299d3719 100644
--- a/usr.bin/ssh/ssh-agent.1
+++ b/usr.bin/ssh/ssh-agent.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-agent.1,v 1.11 2000/04/12 21:47:50 aaron Exp $
+.\" $OpenBSD: ssh-agent.1,v 1.12 2000/05/03 18:04:39 markus Exp $
 .\"
 .\"  -*- nroff -*-
 .\"
@@ -27,7 +27,7 @@
 .Oc
 .Sh DESCRIPTION
 .Nm
-is a program to hold authentication private keys.
+is a program to hold private keys used for RSA authentication.
 The idea is that
 .Nm
 is started in the beginning of an X-session or a login session, and
diff --git a/usr.bin/ssh/ssh.1 b/usr.bin/ssh/ssh.1
index d9c533626c6..883aa23d4ab 100644
--- a/usr.bin/ssh/ssh.1
+++ b/usr.bin/ssh/ssh.1
@@ -9,7 +9,7 @@
 .\"
 .\" Created: Sat Apr 22 21:55:14 1995 ylo
 .\"
-.\" $Id: ssh.1,v 1.47 2000/05/02 22:01:55 markus Exp $
+.\" $Id: ssh.1,v 1.48 2000/05/03 18:04:39 markus Exp $
 .\"
 .Dd September 25, 1999
 .Dt SSH 1
@@ -649,6 +649,16 @@ syntax to refer to a user's home directory.
 It is possible to have
 multiple identity files specified in configuration files; all these
 identities will be tried in sequence.
+.It Cm IdentityFile2
+Specifies the file from which the user's DSA authentication identity
+is read (default
+.Pa .ssh/id_dsa
+in the user's home directory).
+The file name may use the tilde
+syntax to refer to a user's home directory.
+It is possible to have
+multiple identity files specified in configuration files; all these
+identities will be tried in sequence.
 .It Cm KeepAlive
 Specifies whether the system should send keepalive messages to the
 other side.
@@ -798,10 +808,14 @@ If this flag is set to
 .Nm
 ssh will never automatically add host keys to the
 .Pa $HOME/.ssh/known_hosts
-file, and refuses to connect hosts whose host key has changed.
+and
+.Pa $HOME/.ssh/known_hosts2
+files, and refuses to connect hosts whose host key has changed.
 This provides maximum protection against trojan horse attacks.
 However, it can be somewhat annoying if you don't have good
 .Pa /etc/ssh_known_hosts
+and
+.Pa /etc/ssh_known_hosts2
 files installed and frequently
 connect new hosts.
 Basically this option forces the user to manually
@@ -921,28 +935,36 @@ in
 .Pa /etc/ssh_known_hosts ) .
 See
 .Xr sshd 8 .
-.It Pa $HOME/.ssh/identity
-Contains the RSA authentication identity of the user.
-This file
-contains sensitive data and should be readable by the user but not
+.It Pa $HOME/.ssh/identity, $HOME/.ssh/id_dsa
+Contains the RSA and the DSA authentication identity of the user.
+These files
+contain sensitive data and should be readable by the user but not
 accessible by others (read/write/execute).
 Note that
 .Nm
-ignores this file if it is accessible by others.
+ignores a private key file if it is accessible by others.
 It is possible to specify a passphrase when
 generating the key; the passphrase will be used to encrypt the
 sensitive part of this file using 3DES.
-.It Pa $HOME/.ssh/identity.pub
+.It Pa $HOME/.ssh/identity.pub, $HOME/.ssh/id_dsa.pub
 Contains the public key for authentication (public part of the
 identity file in human-readable form).
-The contents of this file should be added to
+The contents of the
+.Pa $HOME/.ssh/identity.pub
+file should be added to
 .Pa $HOME/.ssh/authorized_keys
 on all machines
 where you wish to log in using RSA authentication.
-This file is not
+The contents of the
+.Pa $HOME/.ssh/id_dsa.pub
+file should be added to
+.Pa $HOME/.ssh/authorized_keys2
+on all machines
+where you wish to log in using DSA authentication.
+These files are not
 sensitive and can (but need not) be readable by anyone.
-This file is
-never used automatically and is not necessary; it is only provided for
+These files are
+never used automatically and are not necessary; they is only provided for
 the convenience of the user.
 .It Pa $HOME/.ssh/config
 This is the per-user configuration file.
@@ -964,9 +986,17 @@ modulus, public exponent, modulus, and comment fields, separated by
 spaces).
 This file is not highly sensitive, but the recommended
 permissions are read/write for the user, and not accessible by others.
-.It Pa /etc/ssh_known_hosts
+.It Pa $HOME/.ssh/authorized_keys2
+Lists the DSA keys that can be used for logging in as this user.
+This file is not highly sensitive, but the recommended
+permissions are read/write for the user, and not accessible by others.
+.It Pa /etc/ssh_known_hosts, /etc/ssh_known_hosts2
 Systemwide list of known host keys.
-This file should be prepared by the
+.Pa /etc/ssh_known_hosts
+contains RSA and
+.Pa /etc/ssh_known_hosts2
+contains DSA keys.
+These files should be prepared by the
 system administrator to contain the public host keys of all machines in the
 organization.
 This file should be world-readable.
@@ -1025,7 +1055,7 @@ you can store it in
 .Pa $HOME/.ssh/known_hosts .
 The easiest way to do this is to
 connect back to the client from the server machine using ssh; this
-will automatically add the host key inxi
+will automatically add the host key to
 .Pa $HOME/.ssh/known_hosts .
 .It Pa $HOME/.shosts
 This file is used exactly the same way as