=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh-keygen.1,v retrieving revision 1.139 retrieving revision 1.140 diff -u -r1.139 -r1.140 --- src/usr.bin/ssh/ssh-keygen.1 2017/05/02 17:04:09 1.139 +++ src/usr.bin/ssh/ssh-keygen.1 2017/05/03 06:32:02 1.140 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.139 2017/05/02 17:04:09 jmc Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.140 2017/05/03 06:32:02 jmc Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -35,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: May 2 2017 $ +.Dd $Mdocdate: May 3 2017 $ .Dt SSH-KEYGEN 1 .Os .Sh NAME @@ -141,11 +141,7 @@ generates, manages and converts authentication keys for .Xr ssh 1 . .Nm -can create keys for use by SSH protocol versions 1 and 2. -Protocol 1 should not be used -and is only offered to support legacy devices. -It suffers from a number of cryptographic weaknesses -and doesn't support many of the advanced features available for protocol 2. +can create keys for use by SSH protocol version 2. .Pp The type of key to be generated is specified with the .Fl t @@ -172,7 +168,6 @@ Normally each user wishing to use SSH with public key authentication runs this once to create the authentication key in -.Pa ~/.ssh/identity , .Pa ~/.ssh/id_dsa , .Pa ~/.ssh/id_ecdsa , .Pa ~/.ssh/id_ed25519 @@ -231,16 +226,14 @@ .Pa /etc/rc to generate new host keys. .It Fl a Ar rounds -When saving a new-format private key (i.e. an ed25519 key or any SSH protocol -2 key when the +When saving a new-format private key (i.e. an ed25519 key or when the .Fl o flag is set), this option specifies the number of KDF (key derivation function) rounds used. Higher numbers result in slower passphrase verification and increased resistance to brute-force password cracking (should the keys be stolen). .Pp -When screening DH-GEX candidates ( -using the +When screening DH-GEX candidates (using the .Fl T command). This option specifies the number of primality tests to perform. @@ -819,26 +812,6 @@ A zero exit status will only be returned if no key was revoked. .Sh FILES .Bl -tag -width Ds -compact -.It Pa ~/.ssh/identity -Contains the protocol version 1 RSA authentication identity of the user. -This file should not be readable by anyone but the user. -It is possible to -specify a passphrase when generating the key; that passphrase will be -used to encrypt the private part of this file using 3DES. -This file is not automatically accessed by -.Nm -but it is offered as the default file for the private key. -.Xr ssh 1 -will read this file when a login attempt is made. -.Pp -.It Pa ~/.ssh/identity.pub -Contains the protocol version 1 RSA public key for authentication. -The contents of this file should be added to -.Pa ~/.ssh/authorized_keys -on all machines -where the user wishes to log in using RSA authentication. -There is no need to keep the contents of this file secret. -.Pp .It Pa ~/.ssh/id_dsa .It Pa ~/.ssh/id_ecdsa .It Pa ~/.ssh/id_ed25519