- markus@cvs.openbsd.org 2001/04/10 07:46:58
[channels.c]
cleanup socks4 handling
+ - itojun@cvs.openbsd.org 2001/04/10 09:13:22
+ [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8]
+ document id_rsa{.pub,}. markus ok
20010410
- OpenBSD CVS Sync
-.\" $OpenBSD: ssh-add.1,v 1.23 2001/04/09 15:19:49 markus Exp $
+.\" $OpenBSD: ssh-add.1,v 1.24 2001/04/10 09:13:21 itojun Exp $
.\"
.\" -*- nroff -*-
.\"
.Sh FILES
.Bl -tag -width Ds
.It Pa $HOME/.ssh/identity
-Contains the RSA authentication identity of the user.
+Contains the protocol version 1 RSA authentication identity of the user.
This file should not be readable by anyone but the user.
Note that
.Nm
.Nm
when no other files have been specified.
.It Pa $HOME/.ssh/id_dsa
-Contains the DSA authentication identity of the user.
+Contains the protocol version 2 DSA authentication identity of the user.
+.It Pa $HOME/.ssh/id_rsa
+Contains the protocol version 2 RSA authentication identity of the user.
.El
.Sh ENVIRONMENT
.Bl -tag -width Ds
-.\" $OpenBSD: ssh-agent.1,v 1.23 2001/04/02 17:32:23 deraadt Exp $
+.\" $OpenBSD: ssh-agent.1,v 1.24 2001/04/10 09:13:21 itojun Exp $
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
.Sh FILES
.Bl -tag -width Ds
.It Pa $HOME/.ssh/identity
-Contains the RSA authentication identity of the user.
+Contains the protocol version 1 RSA authentication identity of the user.
This file should not be readable by anyone but the user.
It is possible to
specify a passphrase when generating the key; that passphrase will be
.Xr ssh-add 1
at login time.
.It Pa $HOME/.ssh/id_dsa
-Contains the DSA authentication identity of the user.
+Contains the protocol version 2 DSA authentication identity of the user.
+.It Pa $HOME/.ssh/id_rsa
+Contains the protocol version 2 RSA authentication identity of the user.
.It Pa /tmp/ssh-XXXXXXXX/agent.<pid>
Unix-domain sockets used to contain the connection to the
authentication agent.
-.\" $OpenBSD: ssh-keygen.1,v 1.35 2001/03/11 22:33:23 markus Exp $
+.\" $OpenBSD: ssh-keygen.1,v 1.36 2001/04/10 09:13:21 itojun Exp $
.\"
.\" -*- nroff -*-
.\"
Normally each user wishing to use SSH
with RSA or DSA authentication runs this once to create the authentication
key in
-.Pa $HOME/.ssh/identity
+.Pa $HOME/.ssh/identity ,
+.Pa $HOME/.ssh/id_dsa
or
-.Pa $HOME/.ssh/id_dsa .
+.Pa $HOME/.ssh/id_rsa .
Additionally, the system administrator may use this to generate host keys,
as seen in
.Pa /etc/rc .
.Sh FILES
.Bl -tag -width Ds
.It Pa $HOME/.ssh/identity
-Contains the RSA authentication identity of the user.
+Contains the protocol version 1 RSA authentication identity of the user.
This file should not be readable by anyone but the user.
It is possible to
specify a passphrase when generating the key; that passphrase will be
.Xr sshd 8
will read this file when a login attempt is made.
.It Pa $HOME/.ssh/identity.pub
-Contains the public key for authentication.
+Contains the protocol version 1 RSA public key for authentication.
The contents of this file should be added to
.Pa $HOME/.ssh/authorized_keys
on all machines
where you wish to log in using RSA authentication.
There is no need to keep the contents of this file secret.
.It Pa $HOME/.ssh/id_dsa
-Contains the DSA authentication identity of the user.
+Contains the protocol version 2 DSA authentication identity of the user.
This file should not be readable by anyone but the user.
It is possible to
specify a passphrase when generating the key; that passphrase will be
.Xr sshd 8
will read this file when a login attempt is made.
.It Pa $HOME/.ssh/id_dsa.pub
-Contains the public key for authentication.
+Contains the protocol version 2 DSA public key for authentication.
+The contents of this file should be added to
+.Pa $HOME/.ssh/authorized_keys2
+on all machines
+where you wish to log in using public key authentication.
+There is no need to keep the contents of this file secret.
+.It Pa $HOME/.ssh/id_rsa
+Contains the protocol version 2 RSA authentication identity of the user.
+This file should not be readable by anyone but the user.
+It is possible to
+specify a passphrase when generating the key; that passphrase will be
+used to encrypt the private part of this file using 3DES.
+This file is not automatically accessed by
+.Nm
+but it is offered as the default file for the private key.
+.Xr sshd 8
+will read this file when a login attempt is made.
+.It Pa $HOME/.ssh/id_rsa.pub
+Contains the protocol version 2 RSA public key for authentication.
The contents of this file should be added to
.Pa $HOME/.ssh/authorized_keys2
on all machines
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.101 2001/04/05 15:45:43 markus Exp $
+.\" $OpenBSD: ssh.1,v 1.102 2001/04/10 09:13:22 itojun Exp $
.Dd September 25, 1999
.Dt SSH 1
.Os
The public key method is similar to RSA authentication described
in the previous section except that the DSA or RSA algorithm is used
instead.
-The client uses his private key
+The client uses his private key,
.Pa $HOME/.ssh/id_dsa
+or
+.Pa $HOME/.ssh/id_rsa ,
to sign the session identifier and sends the result to the server.
The server checks whether the matching public key is listed in
.Pa $HOME/.ssh/authorized_keys2
for protocol version 2).
See
.Xr sshd 8 .
-.It Pa $HOME/.ssh/identity, $HOME/.ssh/id_dsa
-Contains the RSA and the DSA authentication identity of the user.
+.It Pa $HOME/.ssh/identity, $HOME/.ssh/id_dsa, $HOME/.ssh/id_rsa
+Contains the authentication identity of the user.
+They are for protocol 1 RSA, protocol 2 DSA, and protocol 2 RSA, respectively.
These files
contain sensitive data and should be readable by the user but not
accessible by others (read/write/execute).
It is possible to specify a passphrase when
generating the key; the passphrase will be used to encrypt the
sensitive part of this file using 3DES.
-.It Pa $HOME/.ssh/identity.pub, $HOME/.ssh/id_dsa.pub
+.It Pa $HOME/.ssh/identity.pub, $HOME/.ssh/id_dsa.pub, $HOME/.ssh/id_rsa.pub
Contains the public key for authentication (public part of the
identity file in human-readable form).
The contents of the
file should be added to
.Pa $HOME/.ssh/authorized_keys
on all machines
-where you wish to log in using RSA authentication.
+where you wish to log in using protocol version 1 RSA authentication.
The contents of the
.Pa $HOME/.ssh/id_dsa.pub
+and
+.Pa $HOME/.ssh/id_rsa.pub
file should be added to
.Pa $HOME/.ssh/authorized_keys2
on all machines
-where you wish to log in using DSA authentication.
+where you wish to log in using protocol version 2 DSA/RSA authentication.
These files are not
sensitive and can (but need not) be readable by anyone.
These files are
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd.8,v 1.112 2001/04/09 18:00:15 stevesk Exp $
+.\" $OpenBSD: sshd.8,v 1.113 2001/04/10 09:13:22 itojun Exp $
.Dd September 25, 1999
.Dt SSHD 8
.Os
Note that lines in this file are usually several hundred bytes long
(because of the size of the RSA key modulus).
You don't want to type them in; instead, copy the
-.Pa identity.pub
-or the
+.Pa identity.pub ,
.Pa id_dsa.pub
+or the
+.Pa id_rsa.pub
file and edit it.
.Pp
The options (if present) consist of comma-separated option
The format of this file is described above.
Users will place the contents of their
.Pa id_dsa.pub
+and/or
+.Pa id_rsa.pub
files into this file, as described in
.Xr ssh-keygen 1 .
.It Pa "/etc/ssh_known_hosts" and "$HOME/.ssh/known_hosts"