- (djm) OpenBSD CVS Sync

   - jmc@cvs.openbsd.org 2006/01/06 13:27:32
     [ssh.1]
     weed out some duplicate info in the known_hosts FILES entries;
     ok djm

diff --git a/ChangeLog b/ChangeLog
index 72be7e93020a1ca3ab3437ab6d69cdb44bd94b34..81e3756f639b0fcd71c73366fb5ff572c200bdb9 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+20060114
+ - (djm) OpenBSD CVS Sync
+   - jmc@cvs.openbsd.org 2006/01/06 13:27:32
+     [ssh.1]
+     weed out some duplicate info in the known_hosts FILES entries;
+     ok djm
+
 20060109
  - (dtucker) [contrib/cygwin/ssh-host-config] Make sshd service depend on
    tcpip service so it's always started after IP is up.  Patch from

diff --git a/ssh.1 b/ssh.1
index 789e947339f93c6adc957d29c5049042bfafadc1..cfe1655e6b8c9b62d89cdaa4ca34e3a5b91fc4b0 100644 (file)
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.243 2006/01/04 19:50:09 jmc Exp $
+.\" $OpenBSD: ssh.1,v 1.244 2006/01/06 13:27:32 jmc Exp $
 .Dd September 25, 1999
 .Dt SSH 1
 .Os
@@ -1120,11 +1120,11 @@ never used automatically and are not necessary: they are only provided for
 the convenience of the user.
 .Pp
 .It ~/.ssh/known_hosts
-Records host keys for all hosts the user has logged into that are not
-in
-.Pa /etc/ssh/ssh_known_hosts .
+Contains a list of host keys for all hosts the user has logged into
+that are not already in the systemwide list of known host keys.
 See
-.Xr sshd 8 .
+.Xr sshd 8
+for further details of the format of this file.
 .Pp
 .It ~/.ssh/rc
 Commands in this file are executed by
@@ -1181,24 +1181,10 @@ Systemwide list of known host keys.
 This file should be prepared by the
 system administrator to contain the public host keys of all machines in the
 organization.
-This file should be world-readable.
-This file contains
-public keys, one per line, in the following format (fields separated
-by spaces): system name, public key and optional comment field.
-When different names are used
-for the same machine, all such names should be listed, separated by
-commas.
-The format is described in the
-.Xr sshd 8
-manual page.
-.Pp
-The canonical system name (as returned by name servers) is used by
+It should be world-readable.
+See
 .Xr sshd 8
-to verify the client host when logging in; other names are needed because
-.Nm
-does not convert the user-supplied name to a canonical name before
-checking the key, because someone with access to the name servers
-would then be able to fool host authentication.
+for further details of the format of this file.
 .Pp
 .It /etc/ssh/sshrc
 Commands in this file are executed by