diff options
Diffstat (limited to 'usr.bin/ssh/ssh.1')
| -rw-r--r-- | usr.bin/ssh/ssh.1 | 35 |
1 files changed, 1 insertions, 34 deletions
diff --git a/usr.bin/ssh/ssh.1 b/usr.bin/ssh/ssh.1 index 8c53d4b0735..b201d87de80 100644 --- a/usr.bin/ssh/ssh.1 +++ b/usr.bin/ssh/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.298 2010/03/04 12:51:25 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.299 2010/03/04 23:19:29 djm Exp $ .Dd $Mdocdate: March 4 2010 $ .Dt SSH 1 .Os @@ -1104,39 +1104,6 @@ option in .Xr ssh_config 5 for more information. .Pp -Host keys may also be presented as certificates signed by a trusted -certification authority (CA). -In this case, trust of the CA key alone is sufficient for the host key -to be accepted. -To specify a public key as a trusted CA key in a known hosts file, -it should be added after a -.Dq @cert-authority -tag and a set of one or more domain-name wildcards separated by commas. -For example: -.Pp -.Dl @cert-authority *.mydomain.org,*.mydomain.com ssh-rsa AAAAB5W... -.Pp -See the -.Sx CERTIFICATES -section of -.Xr ssh-keygen 1 -for more details. -.Pp -Keys may also be marked as revoked using the -.Dq @revoked -marker. -Revoked keys will always trigger a warning when encountered and the host -that presented them will be treated as untrusted. -For example: -.Pp -.Dl @revoked * ssh-rsa AAAAB5W... -.Pp -Revoking a key revokes it for direct use and as a certification authority. -Do not use both the -.Dq @cert-authority -and -.Dq @revoked -markers on the same line. .Sh SSH-BASED VIRTUAL PRIVATE NETWORKS .Nm contains support for Virtual Private Network (VPN) tunnelling |