-.\" $OpenBSD: ssh-keysign.8,v 1.2 2002/06/10 16:56:30 stevesk Exp $
+.\" $OpenBSD: ssh-keysign.8,v 1.8 2006/02/24 20:22:16 jmc Exp $
.\"
.\" Copyright (c) 2002 Markus Friedl. All rights reserved.
.\"
.Os
.Sh NAME
.Nm ssh-keysign
-.Nd ssh helper program for hostbased authentication
+.Nd ssh helper program for host-based authentication
.Sh SYNOPSIS
.Nm
.Sh DESCRIPTION
is used by
.Xr ssh 1
to access the local host keys and generate the digital signature
-required during hostbased authentication with SSH protocol version 2.
+required during host-based authentication with SSH protocol version 2.
+.Pp
+.Nm
+is disabled by default and can only be enabled in the
+global client configuration file
+.Pa /etc/ssh/ssh_config
+by setting
+.Cm EnableSSHKeysign
+to
+.Dq yes .
+.Pp
.Nm
is not intended to be invoked by the user, but from
.Xr ssh 1 .
.Xr ssh 1
and
.Xr sshd 8
-for more information about hostbased authentication.
+for more information about host-based authentication.
.Sh FILES
.Bl -tag -width Ds
+.It Pa /etc/ssh/ssh_config
+Controls whether
+.Nm
+is enabled.
.It Pa /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key
These files contain the private parts of the host keys used to
-generate the digital signature. They
-should be owned by root, readable only by root, and not
+generate the digital signature.
+They should be owned by root, readable only by root, and not
accessible to others.
Since they are readable only by root,
.Nm
-must be set-uid root if hostbased authentication is used.
+must be set-uid root if host-based authentication is used.
.El
.Sh SEE ALSO
.Xr ssh 1 ,
.Xr ssh-keygen 1 ,
+.Xr ssh_config 5 ,
.Xr sshd 8
-.Sh AUTHORS
-Markus Friedl <markus@openbsd.org>
.Sh HISTORY
.Nm
first appeared in
.Ox 3.2 .
+.Sh AUTHORS
+.An Markus Friedl Aq markus@openbsd.org