diff options
| -rw-r--r-- | usr.bin/ssh/ssh-keygen.1 | 21 | ||||
| -rw-r--r-- | usr.bin/ssh/ssh.1 | 3 | ||||
| -rw-r--r-- | usr.bin/ssh/sshd.8 | 20 |
3 files changed, 23 insertions, 21 deletions
diff --git a/usr.bin/ssh/ssh-keygen.1 b/usr.bin/ssh/ssh-keygen.1 index 772caf7ad86..d704f06608d 100644 --- a/usr.bin/ssh/ssh-keygen.1 +++ b/usr.bin/ssh/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.84 2010/02/26 20:29:54 djm Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.85 2010/02/26 22:09:28 jmc Exp $ .\" .\" -*- nroff -*- .\" @@ -107,6 +107,7 @@ .Op Fl a Ar num_trials .Op Fl W Ar generator .Nm ssh-keygen +.Bk -words .Fl s Ar ca_key .Fl I Ar certificate_identity .Op Fl h @@ -114,6 +115,7 @@ .Op Fl O Ar constraint .Op Fl V Ar validity_interval .Ar +.Ek .Sh DESCRIPTION .Nm generates, manages and converts authentication keys for @@ -259,7 +261,7 @@ certificate. Please see the .Sx CERTIFICATES section for details. -.It Fl I +.It Fl I Ar certificate_identity Specify the key identity when signing a public key. Please see the .Sx CERTIFICATES @@ -303,21 +305,21 @@ section for details. The constraints that are valid for user certificates are: .Bl -tag -width Ds .It Ic no-x11-forwarding -Disable X11 forwarding. (permitted by default) +Disable X11 forwarding (permitted by default). .It Ic no-agent-forwarding Disable .Xr ssh-agent 1 -forwarding. (permitted by default) +forwarding (permitted by default). .It Ic no-port-forwarding -Disable port forwarding. (permitted by default) +Disable port forwarding (permitted by default). .It Ic no-pty -Disable PTY allocation. (permitted by default) +Disable PTY allocation (permitted by default). .It Ic no-user-rc Disable execution of .Pa ~/.ssh/rc by -.Xr sshd 8 . -(permitted by default) +.Xr sshd 8 +(permitted by default). .It Ic clear Clear all enabled permissions. This is useful for clearing the default set of permissions so permissions may @@ -504,7 +506,8 @@ the X.509 certificates used in .Nm supports two types of certificates: user and host. User certificates authenticate users to servers, whereas host certificates -authenticate server hosts to users. To generate a user certificate: +authenticate server hosts to users. +To generate a user certificate: .Pp .Dl $ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub .Pp diff --git a/usr.bin/ssh/ssh.1 b/usr.bin/ssh/ssh.1 index 7d8f92aba9d..183dc277fc5 100644 --- a/usr.bin/ssh/ssh.1 +++ b/usr.bin/ssh/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.295 2010/02/26 20:29:54 djm Exp $ +.\" $OpenBSD: ssh.1,v 1.296 2010/02/26 22:09:28 jmc Exp $ .Dd $Mdocdate: February 26 2010 $ .Dt SSH 1 .Os @@ -1121,7 +1121,6 @@ See the section of .Xr ssh-keygen 1 for more details. -.Pp .Sh SSH-BASED VIRTUAL PRIVATE NETWORKS .Nm contains support for Virtual Private Network (VPN) tunnelling diff --git a/usr.bin/ssh/sshd.8 b/usr.bin/ssh/sshd.8 index bb3f15abef7..8aff85b1eb5 100644 --- a/usr.bin/ssh/sshd.8 +++ b/usr.bin/ssh/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.251 2010/02/26 20:29:54 djm Exp $ +.\" $OpenBSD: sshd.8,v 1.252 2010/02/26 22:09:28 jmc Exp $ .Dd $Mdocdate: February 26 2010 $ .Dt SSHD 8 .Os @@ -102,15 +102,6 @@ to use IPv6 addresses only. .It Fl b Ar bits Specifies the number of bits in the ephemeral protocol version 1 server key (default 1024). -.It Fl c Ar host_certificate_file -Specifies a path to a certificate file to identify -.Nm -during key exchange. -The certificate file must match a host key file specified using the -.Fl -h -option or the -.Cm HostKey -configuration directive. .It Fl C Ar connection_spec Specify the connection parameters to use for the .Fl T @@ -129,6 +120,15 @@ and All are required and may be supplied in any order, either with multiple .Fl C options or as a comma-separated list. +.It Fl c Ar host_certificate_file +Specifies a path to a certificate file to identify +.Nm +during key exchange. +The certificate file must match a host key file specified using the +.Fl h +option or the +.Cm HostKey +configuration directive. .It Fl D When this option is specified, .Nm |