From aaa18db99cda6616d9694861687bf47779bc7621 Mon Sep 17 00:00:00 2001 From: djm Date: Fri, 13 Jan 2006 23:08:36 +0000 Subject: [PATCH] - (djm) OpenBSD CVS Sync - jmc@cvs.openbsd.org 2006/01/06 13:27:32 [ssh.1] weed out some duplicate info in the known_hosts FILES entries; ok djm --- ChangeLog | 7 +++++++ ssh.1 | 30 ++++++++---------------------- 2 files changed, 15 insertions(+), 22 deletions(-) diff --git a/ChangeLog b/ChangeLog index 72be7e93..81e3756f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,10 @@ +20060114 + - (djm) OpenBSD CVS Sync + - jmc@cvs.openbsd.org 2006/01/06 13:27:32 + [ssh.1] + weed out some duplicate info in the known_hosts FILES entries; + ok djm + 20060109 - (dtucker) [contrib/cygwin/ssh-host-config] Make sshd service depend on tcpip service so it's always started after IP is up. Patch from diff --git a/ssh.1 b/ssh.1 index 789e9473..cfe1655e 100644 --- a/ssh.1 +++ b/ssh.1 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.243 2006/01/04 19:50:09 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.244 2006/01/06 13:27:32 jmc Exp $ .Dd September 25, 1999 .Dt SSH 1 .Os @@ -1120,11 +1120,11 @@ never used automatically and are not necessary: they are only provided for the convenience of the user. .Pp .It ~/.ssh/known_hosts -Records host keys for all hosts the user has logged into that are not -in -.Pa /etc/ssh/ssh_known_hosts . +Contains a list of host keys for all hosts the user has logged into +that are not already in the systemwide list of known host keys. See -.Xr sshd 8 . +.Xr sshd 8 +for further details of the format of this file. .Pp .It ~/.ssh/rc Commands in this file are executed by @@ -1181,24 +1181,10 @@ Systemwide list of known host keys. This file should be prepared by the system administrator to contain the public host keys of all machines in the organization. -This file should be world-readable. -This file contains -public keys, one per line, in the following format (fields separated -by spaces): system name, public key and optional comment field. -When different names are used -for the same machine, all such names should be listed, separated by -commas. -The format is described in the -.Xr sshd 8 -manual page. -.Pp -The canonical system name (as returned by name servers) is used by +It should be world-readable. +See .Xr sshd 8 -to verify the client host when logging in; other names are needed because -.Nm -does not convert the user-supplied name to a canonical name before -checking the key, because someone with access to the name servers -would then be able to fool host authentication. +for further details of the format of this file. .Pp .It /etc/ssh/sshrc Commands in this file are executed by -- 2.45.2