document reality (no askpass, ignore group-world-accessible private keys)

3 files changed, 18 insertions, 11 deletions

diff --git a/usr.bin/ssh/ssh-add.1 b/usr.bin/ssh/ssh-add.1
index b4e18edc220..506852482bd 100644
--- a/usr.bin/ssh/ssh-add.1
+++ b/usr.bin/ssh/ssh-add.1
@@ -9,7 +9,7 @@
 .\"
 .\" Created: Sat Apr 22 23:55:14 1995 ylo
 .\"
-.\" $Id: ssh-add.1,v 1.3 1999/10/02 13:10:26 deraadt Exp $
+.\" $Id: ssh-add.1,v 1.4 1999/10/11 20:40:07 markus Exp $
 .\"
 .Dd September 25, 1999
 .Dt SSH-ADD 1
@@ -30,12 +30,8 @@ When run without arguments, it adds the file
 Alternative file names can be given on the
 command line.  If any file requires a passphrase,
 .Nm
-asks for the passphrase from the user.  If the user is using X11, the
-passphrase is requested using a small X11 program; otherwise it is
-read from the user's tty.  (Note: it may be necessary to redirect
-stdin from
-.Pa /dev/null
-to get the passphrase requested using X11.)
+asks for the passphrase from the user. 
+The Passphrase it is read from the user's tty.  
 .Pp
 The authentication agent must be running and must be an ancestor of
 the current process for
@@ -56,7 +52,11 @@ Deletes all identities from the agent.
 .Bl -tag -width Ds
 .Pa $HOME/.ssh/identity
 Contains the RSA authentication identity of the user.  This file
-should not be readable by anyone but the user.  It is possible to
+should not be readable by anyone but the user.
+Note that
+.Nm
+ignores this file if it is accessible by others.
+It is possible to
 specify a passphrase when generating the key; that passphrase will be
 used to encrypt the private part of this file.  This is the
 default file added by
diff --git a/usr.bin/ssh/ssh.1 b/usr.bin/ssh/ssh.1
index 67049e7ef12..9b00433a3c8 100644
--- a/usr.bin/ssh/ssh.1
+++ b/usr.bin/ssh/ssh.1
@@ -9,7 +9,7 @@
 .\"
 .\" Created: Sat Apr 22 21:55:14 1995 ylo
 .\"
-.\" $Id: ssh.1,v 1.14 1999/10/06 20:07:42 dugsong Exp $
+.\" $Id: ssh.1,v 1.15 1999/10/11 20:40:08 markus Exp $
 .\"
 .Dd September 25, 1999
 .Dt SSH 1
@@ -773,7 +773,11 @@ modify this file.
 .It Pa $HOME/.ssh/identity
 Contains the RSA authentication identity of the user.  This file
 contains sensitive data and should be readable by the user but not
-accessible by others.  It is possible to specify a passphrase when
+accessible by others (read/write/execute).
+Note that
+.Nm
+ignores this file if it is accessible by others.
+It is possible to specify a passphrase when
 generating the key; the passphrase will be used to encrypt the
 sensitive part of this file using 3DES.
 .It Pa $HOME/.ssh/identity.pub 
diff --git a/usr.bin/ssh/sshd.8 b/usr.bin/ssh/sshd.8
index 00eec33455a..47a7fd8ed64 100644
--- a/usr.bin/ssh/sshd.8
+++ b/usr.bin/ssh/sshd.8
@@ -9,7 +9,7 @@
 .\"
 .\" Created: Sat Apr 22 21:55:14 1995 ylo
 .\"
-.\" $Id: sshd.8,v 1.8 1999/10/07 22:46:33 markus Exp $
+.\" $Id: sshd.8,v 1.9 1999/10/11 20:40:08 markus Exp $
 .\"
 .Dd September 25, 1999
 .Dt SSHD 8
@@ -213,6 +213,9 @@ The default is
 .It Cm HostKey
 Specifies the file containing the private host key (default
 .Pa /etc/ssh_host_key ) .
+Note that
+.Nm
+does not start if the private host key file is group/world-accessible.
 .It Cm IgnoreRhosts
 Specifies that rhosts and shosts files will not be used in
 authentication.