From: mouring Date: Wed, 11 Apr 2001 15:59:35 +0000 (+0000) Subject: - itojun@cvs.openbsd.org 2001/04/10 09:13:22 X-Git-Tag: V_2_9_P2~107 X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/commitdiff_plain/c0ecc314957b6c282dedeb3fad85b241836d130b - itojun@cvs.openbsd.org 2001/04/10 09:13:22 [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8] document id_rsa{.pub,}. markus ok --- diff --git a/ChangeLog b/ChangeLog index d40165c0..edd0ddc2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,9 @@ - markus@cvs.openbsd.org 2001/04/10 07:46:58 [channels.c] cleanup socks4 handling + - itojun@cvs.openbsd.org 2001/04/10 09:13:22 + [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8] + document id_rsa{.pub,}. markus ok 20010410 - OpenBSD CVS Sync diff --git a/ssh-add.1 b/ssh-add.1 index 3cdf3374..d7725c6e 100644 --- a/ssh-add.1 +++ b/ssh-add.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-add.1,v 1.23 2001/04/09 15:19:49 markus Exp $ +.\" $OpenBSD: ssh-add.1,v 1.24 2001/04/10 09:13:21 itojun Exp $ .\" .\" -*- nroff -*- .\" @@ -80,7 +80,7 @@ Deletes all identities from the agent. .Sh FILES .Bl -tag -width Ds .It Pa $HOME/.ssh/identity -Contains the RSA authentication identity of the user. +Contains the protocol version 1 RSA authentication identity of the user. This file should not be readable by anyone but the user. Note that .Nm @@ -92,7 +92,9 @@ This is the default file added by .Nm when no other files have been specified. .It Pa $HOME/.ssh/id_dsa -Contains the DSA authentication identity of the user. +Contains the protocol version 2 DSA authentication identity of the user. +.It Pa $HOME/.ssh/id_rsa +Contains the protocol version 2 RSA authentication identity of the user. .El .Sh ENVIRONMENT .Bl -tag -width Ds diff --git a/ssh-agent.1 b/ssh-agent.1 index a14f359a..1d214698 100644 --- a/ssh-agent.1 +++ b/ssh-agent.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-agent.1,v 1.23 2001/04/02 17:32:23 deraadt Exp $ +.\" $OpenBSD: ssh-agent.1,v 1.24 2001/04/10 09:13:21 itojun Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -142,7 +142,7 @@ line terminates. .Sh FILES .Bl -tag -width Ds .It Pa $HOME/.ssh/identity -Contains the RSA authentication identity of the user. +Contains the protocol version 1 RSA authentication identity of the user. This file should not be readable by anyone but the user. It is possible to specify a passphrase when generating the key; that passphrase will be @@ -153,7 +153,9 @@ but is normally added to the agent using .Xr ssh-add 1 at login time. .It Pa $HOME/.ssh/id_dsa -Contains the DSA authentication identity of the user. +Contains the protocol version 2 DSA authentication identity of the user. +.It Pa $HOME/.ssh/id_rsa +Contains the protocol version 2 RSA authentication identity of the user. .It Pa /tmp/ssh-XXXXXXXX/agent. Unix-domain sockets used to contain the connection to the authentication agent. diff --git a/ssh-keygen.1 b/ssh-keygen.1 index a3914680..6808ede6 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.35 2001/03/11 22:33:23 markus Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.36 2001/04/10 09:13:21 itojun Exp $ .\" .\" -*- nroff -*- .\" @@ -89,9 +89,10 @@ option allows you to create a key for use by protocol 2.0. Normally each user wishing to use SSH with RSA or DSA authentication runs this once to create the authentication key in -.Pa $HOME/.ssh/identity +.Pa $HOME/.ssh/identity , +.Pa $HOME/.ssh/id_dsa or -.Pa $HOME/.ssh/id_dsa . +.Pa $HOME/.ssh/id_rsa . Additionally, the system administrator may use this to generate host keys, as seen in .Pa /etc/rc . @@ -191,7 +192,7 @@ OpenSSH format file and print an OpenSSH public key to stdout. .Sh FILES .Bl -tag -width Ds .It Pa $HOME/.ssh/identity -Contains the RSA authentication identity of the user. +Contains the protocol version 1 RSA authentication identity of the user. This file should not be readable by anyone but the user. It is possible to specify a passphrase when generating the key; that passphrase will be @@ -202,14 +203,14 @@ but it is offered as the default file for the private key. .Xr sshd 8 will read this file when a login attempt is made. .It Pa $HOME/.ssh/identity.pub -Contains the public key for authentication. +Contains the protocol version 1 RSA public key for authentication. The contents of this file should be added to .Pa $HOME/.ssh/authorized_keys on all machines where you wish to log in using RSA authentication. There is no need to keep the contents of this file secret. .It Pa $HOME/.ssh/id_dsa -Contains the DSA authentication identity of the user. +Contains the protocol version 2 DSA authentication identity of the user. This file should not be readable by anyone but the user. It is possible to specify a passphrase when generating the key; that passphrase will be @@ -220,7 +221,25 @@ but it is offered as the default file for the private key. .Xr sshd 8 will read this file when a login attempt is made. .It Pa $HOME/.ssh/id_dsa.pub -Contains the public key for authentication. +Contains the protocol version 2 DSA public key for authentication. +The contents of this file should be added to +.Pa $HOME/.ssh/authorized_keys2 +on all machines +where you wish to log in using public key authentication. +There is no need to keep the contents of this file secret. +.It Pa $HOME/.ssh/id_rsa +Contains the protocol version 2 RSA authentication identity of the user. +This file should not be readable by anyone but the user. +It is possible to +specify a passphrase when generating the key; that passphrase will be +used to encrypt the private part of this file using 3DES. +This file is not automatically accessed by +.Nm +but it is offered as the default file for the private key. +.Xr sshd 8 +will read this file when a login attempt is made. +.It Pa $HOME/.ssh/id_rsa.pub +Contains the protocol version 2 RSA public key for authentication. The contents of this file should be added to .Pa $HOME/.ssh/authorized_keys2 on all machines diff --git a/ssh.1 b/ssh.1 index 1d30a7c2..e775d0dc 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.101 2001/04/05 15:45:43 markus Exp $ +.\" $OpenBSD: ssh.1,v 1.102 2001/04/10 09:13:22 itojun Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -212,8 +212,10 @@ If this method fails password authentication is tried. The public key method is similar to RSA authentication described in the previous section except that the DSA or RSA algorithm is used instead. -The client uses his private key +The client uses his private key, .Pa $HOME/.ssh/id_dsa +or +.Pa $HOME/.ssh/id_rsa , to sign the session identifier and sends the result to the server. The server checks whether the matching public key is listed in .Pa $HOME/.ssh/authorized_keys2 @@ -1136,8 +1138,9 @@ for protocol version 1 or for protocol version 2). See .Xr sshd 8 . -.It Pa $HOME/.ssh/identity, $HOME/.ssh/id_dsa -Contains the RSA and the DSA authentication identity of the user. +.It Pa $HOME/.ssh/identity, $HOME/.ssh/id_dsa, $HOME/.ssh/id_rsa +Contains the authentication identity of the user. +They are for protocol 1 RSA, protocol 2 DSA, and protocol 2 RSA, respectively. These files contain sensitive data and should be readable by the user but not accessible by others (read/write/execute). @@ -1147,7 +1150,7 @@ ignores a private key file if it is accessible by others. It is possible to specify a passphrase when generating the key; the passphrase will be used to encrypt the sensitive part of this file using 3DES. -.It Pa $HOME/.ssh/identity.pub, $HOME/.ssh/id_dsa.pub +.It Pa $HOME/.ssh/identity.pub, $HOME/.ssh/id_dsa.pub, $HOME/.ssh/id_rsa.pub Contains the public key for authentication (public part of the identity file in human-readable form). The contents of the @@ -1155,13 +1158,15 @@ The contents of the file should be added to .Pa $HOME/.ssh/authorized_keys on all machines -where you wish to log in using RSA authentication. +where you wish to log in using protocol version 1 RSA authentication. The contents of the .Pa $HOME/.ssh/id_dsa.pub +and +.Pa $HOME/.ssh/id_rsa.pub file should be added to .Pa $HOME/.ssh/authorized_keys2 on all machines -where you wish to log in using DSA authentication. +where you wish to log in using protocol version 2 DSA/RSA authentication. These files are not sensitive and can (but need not) be readable by anyone. These files are diff --git a/sshd.8 b/sshd.8 index 54b7861f..4611c063 100644 --- a/sshd.8 +++ b/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.112 2001/04/09 18:00:15 stevesk Exp $ +.\" $OpenBSD: sshd.8,v 1.113 2001/04/10 09:13:22 itojun Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -821,9 +821,10 @@ or Note that lines in this file are usually several hundred bytes long (because of the size of the RSA key modulus). You don't want to type them in; instead, copy the -.Pa identity.pub -or the +.Pa identity.pub , .Pa id_dsa.pub +or the +.Pa id_rsa.pub file and edit it. .Pp The options (if present) consist of comma-separated option @@ -1014,6 +1015,8 @@ It is recommended that it not be accessible by others. The format of this file is described above. Users will place the contents of their .Pa id_dsa.pub +and/or +.Pa id_rsa.pub files into this file, as described in .Xr ssh-keygen 1 . .It Pa "/etc/ssh_known_hosts" and "$HOME/.ssh/known_hosts"