From 726d6c984de7e297200843e99ab5e70c88a0cbf4 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Mon, 26 Aug 2024 09:43:01 +0200 Subject: Merging upstream version 1:9.8p1. Signed-off-by: Daniel Baumann --- ssh.0 | 72 ++++++++++++++++++++++++++++++++----------------------------------- 1 file changed, 34 insertions(+), 38 deletions(-) (limited to 'ssh.0') diff --git a/ssh.0 b/ssh.0 index f2c32af..78863b1 100644 --- a/ssh.0 +++ b/ssh.0 @@ -145,25 +145,26 @@ DESCRIPTION file to use the corresponding private key that is loaded in ssh-agent(1) when the private key file is not present locally. The default is ~/.ssh/id_rsa, ~/.ssh/id_ecdsa, - ~/.ssh/id_ecdsa_sk, ~/.ssh/id_ed25519, ~/.ssh/id_ed25519_sk and - ~/.ssh/id_dsa. Identity files may also be specified on a per- - host basis in the configuration file. It is possible to have - multiple -i options (and multiple identities specified in - configuration files). If no certificates have been explicitly - specified by the CertificateFile directive, ssh will also try to - load certificate information from the filename obtained by - appending -cert.pub to identity filenames. + ~/.ssh/id_ecdsa_sk, ~/.ssh/id_ed25519 and ~/.ssh/id_ed25519_sk. + Identity files may also be specified on a per-host basis in the + configuration file. It is possible to have multiple -i options + (and multiple identities specified in configuration files). If + no certificates have been explicitly specified by the + CertificateFile directive, ssh will also try to load certificate + information from the filename obtained by appending -cert.pub to + identity filenames. -J destination Connect to the target host by first making an ssh connection to the jump host described by destination and then establishing a TCP forwarding to the ultimate destination from there. Multiple - jump hops may be specified separated by comma characters. This - is a shortcut to specify a ProxyJump configuration directive. - Note that configuration directives supplied on the command-line - generally apply to the destination host and not any specified - jump hosts. Use ~/.ssh/config to specify configuration for jump - hosts. + jump hops may be specified separated by comma characters. IPv6 + addresses can be specified by enclosing the address in square + brackets. This is a shortcut to specify a ProxyJump + configuration directive. Note that configuration directives + supplied on the command-line generally apply to the destination + host and not any specified jump hosts. Use ~/.ssh/config to + specify configuration for jump hosts. -K Enables GSSAPI-based authentication and forwarding (delegation) of GSSAPI credentials to the server. @@ -501,8 +502,7 @@ AUTHENTICATION creates a public/private key pair for authentication purposes. The server knows the public key, and only the user knows the private key. ssh implements public key authentication protocol automatically, using - one of the DSA, ECDSA, Ed25519 or RSA algorithms. The HISTORY section of - ssl(8) contains a brief discussion of the DSA and RSA algorithms. + one of the ECDSA, Ed25519 or RSA algorithms. The file ~/.ssh/authorized_keys lists the public keys that are permitted for logging in. When the user logs in, the ssh program tells the server @@ -516,18 +516,18 @@ AUTHENTICATION DEBUG or higher (e.g. by using the -v flag). The user creates their key pair by running ssh-keygen(1). This stores - the private key in ~/.ssh/id_dsa (DSA), ~/.ssh/id_ecdsa (ECDSA), - ~/.ssh/id_ecdsa_sk (authenticator-hosted ECDSA), ~/.ssh/id_ed25519 - (Ed25519), ~/.ssh/id_ed25519_sk (authenticator-hosted Ed25519), or - ~/.ssh/id_rsa (RSA) and stores the public key in ~/.ssh/id_dsa.pub (DSA), - ~/.ssh/id_ecdsa.pub (ECDSA), ~/.ssh/id_ecdsa_sk.pub (authenticator-hosted - ECDSA), ~/.ssh/id_ed25519.pub (Ed25519), ~/.ssh/id_ed25519_sk.pub - (authenticator-hosted Ed25519), or ~/.ssh/id_rsa.pub (RSA) in the user's - home directory. The user should then copy the public key to - ~/.ssh/authorized_keys in their home directory on the remote machine. - The authorized_keys file corresponds to the conventional ~/.rhosts file, - and has one key per line, though the lines can be very long. After this, - the user can log in without giving the password. + the private key in ~/.ssh/id_ecdsa (ECDSA), ~/.ssh/id_ecdsa_sk + (authenticator-hosted ECDSA), ~/.ssh/id_ed25519 (Ed25519), + ~/.ssh/id_ed25519_sk (authenticator-hosted Ed25519), or ~/.ssh/id_rsa + (RSA) and stores the public key in ~/.ssh/id_ecdsa.pub (ECDSA), + ~/.ssh/id_ecdsa_sk.pub (authenticator-hosted ECDSA), + ~/.ssh/id_ed25519.pub (Ed25519), ~/.ssh/id_ed25519_sk.pub (authenticator- + hosted Ed25519), or ~/.ssh/id_rsa.pub (RSA) in the user's home directory. + The user should then copy the public key to ~/.ssh/authorized_keys in + their home directory on the remote machine. The authorized_keys file + corresponds to the conventional ~/.rhosts file, and has one key per line, + though the lines can be very long. After this, the user can log in + without giving the password. A variation on public key authentication is available in the form of certificate authentication: instead of a set of public/private keys, @@ -879,11 +879,11 @@ FILES for the user, and not accessible by others. ~/.ssh/authorized_keys - Lists the public keys (DSA, ECDSA, Ed25519, RSA) that can be used - for logging in as this user. The format of this file is - described in the sshd(8) manual page. This file is not highly - sensitive, but the recommended permissions are read/write for the - user, and not accessible by others. + Lists the public keys (ECDSA, Ed25519, RSA) that can be used for + logging in as this user. The format of this file is described in + the sshd(8) manual page. This file is not highly sensitive, but + the recommended permissions are read/write for the user, and not + accessible by others. ~/.ssh/config This is the per-user configuration file. The file format and @@ -895,7 +895,6 @@ FILES Contains additional definitions for environment variables; see ENVIRONMENT, above. - ~/.ssh/id_dsa ~/.ssh/id_ecdsa ~/.ssh/id_ecdsa_sk ~/.ssh/id_ed25519 @@ -909,7 +908,6 @@ FILES will be used to encrypt the sensitive part of this file using AES-128. - ~/.ssh/id_dsa.pub ~/.ssh/id_ecdsa.pub ~/.ssh/id_ecdsa_sk.pub ~/.ssh/id_ed25519.pub @@ -942,8 +940,6 @@ FILES Systemwide configuration file. The file format and configuration options are described in ssh_config(5). - /etc/ssh/ssh_host_key - /etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_ecdsa_key /etc/ssh/ssh_host_ed25519_key /etc/ssh/ssh_host_rsa_key @@ -1020,4 +1016,4 @@ AUTHORS created OpenSSH. Markus Friedl contributed the support for SSH protocol versions 1.5 and 2.0. -OpenBSD 7.5 October 11, 2023 OpenBSD 7.5 +OpenBSD 7.5 June 27, 2024 OpenBSD 7.5 -- cgit v1.2.3