X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/blobdiff_plain/39c00dc26c240ef20023128a0d5f2332a9b3bbc2..420c55a191b06378fb33977410797c0afe91fb2c:/ssh-keysign.8?ds=sidebyside

diff --git a/ssh-keysign.8 b/ssh-keysign.8
index fccbd7c2..63cbd891 100644
--- a/ssh-keysign.8
+++ b/ssh-keysign.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-keysign.8,v 1.1 2002/05/25 08:16:59 markus Exp $
+.\" $OpenBSD: ssh-keysign.8,v 1.9 2007/05/31 19:20:16 jmc Exp $
 .\"
 .\" Copyright (c) 2002 Markus Friedl.  All rights reserved.
 .\"
@@ -22,23 +22,30 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd May 24, 2002
+.Dd $Mdocdate$
 .Dt SSH-KEYSIGN 8
 .Os
 .Sh NAME
 .Nm ssh-keysign
-.Nd ssh helper program for hostbased authentication
+.Nd ssh helper program for host-based authentication
 .Sh SYNOPSIS
-.Nm ssh-keysign
+.Nm
 .Sh DESCRIPTION
 .Nm
 is used by
 .Xr ssh 1
-to access the local host keys during hostbased authentication with
-SSH protocol version 2.
-Since the host keys are readable only by root
+to access the local host keys and generate the digital signature
+required during host-based authentication with SSH protocol version 2.
+.Pp
 .Nm
-must be setuid root.
+is disabled by default and can only be enabled in the
+global client configuration file
+.Pa /etc/ssh/ssh_config
+by setting
+.Cm EnableSSHKeysign
+to
+.Dq yes .
+.Pp
 .Nm
 is not intended to be invoked by the user, but from
 .Xr ssh 1 .
@@ -46,13 +53,30 @@ See
 .Xr ssh 1
 and
 .Xr sshd 8
-for more information about hostbased authentication.
+for more information about host-based authentication.
+.Sh FILES
+.Bl -tag -width Ds
+.It Pa /etc/ssh/ssh_config
+Controls whether
+.Nm
+is enabled.
+.It Pa /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key
+These files contain the private parts of the host keys used to
+generate the digital signature.
+They should be owned by root, readable only by root, and not
+accessible to others.
+Since they are readable only by root,
+.Nm
+must be set-uid root if host-based authentication is used.
+.El
 .Sh SEE ALSO
 .Xr ssh 1 ,
+.Xr ssh-keygen 1 ,
+.Xr ssh_config 5 ,
 .Xr sshd 8
-.Sh AUTHORS
-Markus Friedl <markus@openbsd.org>
 .Sh HISTORY
 .Nm
 first appeared in
 .Ox 3.2 .
+.Sh AUTHORS
+.An Markus Friedl Aq markus@openbsd.org