===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh-keygen.1,v
retrieving revision 1.40.2.2
retrieving revision 1.40.2.3
diff -u -r1.40.2.2 -r1.40.2.3
--- src/usr.bin/ssh/ssh-keygen.1	2001/11/15 22:51:15	1.40.2.2
+++ src/usr.bin/ssh/ssh-keygen.1	2002/03/09 00:20:45	1.40.2.3
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ssh-keygen.1,v 1.40.2.2 2001/11/15 22:51:15 miod Exp $
+.\"	$OpenBSD: ssh-keygen.1,v 1.40.2.3 2002/03/09 00:20:45 miod Exp $
 .\"
 .\"  -*- nroff -*-
 .\"
@@ -47,7 +47,7 @@
 .Nm ssh-keygen
 .Op Fl q
 .Op Fl b Ar bits
-.Op Fl t Ar type
+.Fl t Ar type
 .Op Fl N Ar new_passphrase
 .Op Fl C Ar comment
 .Op Fl f Ar output_keyfile
@@ -86,10 +86,11 @@
 generates, manages and converts authentication keys for
 .Xr ssh 1 .
 .Nm
-defaults to generating a RSA1 key for use by SSH protocol version 1.
-Specifying the
+can create RSA keys for use by SSH protocol version 1 and RSA or DSA 
+keys for use by SSH protocol version 2. The type of key to be generated
+is specified with the
 .Fl t
-option instead creates a key for use by SSH protocol version 2.
+option.
 .Pp
 Normally each user wishing to use SSH
 with RSA or DSA authentication runs this once to create the authentication
@@ -111,10 +112,14 @@
 The passphrase may be empty to indicate no passphrase
 (host keys must have an empty passphrase), or it may be a string of
 arbitrary length.
-Good passphrases are 10-30 characters long and are
+A passphrase is similar to a password, except it can be a phrase with a
+series of words, punctuation, numbers, whitespace, or any string of
+characters you want.
+Good passphrases are 10-30 characters long, are
 not simple sentences or otherwise easily guessable (English
 prose has only 1-2 bits of entropy per character, and provides very bad
-passphrases).
+passphrases), and contain a mix of upper and lowercase letters,
+numbers, and non-alphanumeric characters.
 The passphrase can be changed later by using the
 .Fl p
 option.
@@ -198,8 +203,6 @@
 or
 .Dq dsa
 for protocol version 2.
-The default is
-.Dq rsa1 .
 .It Fl B
 Show the bubblebabble digest of specified private or public key file.
 .It Fl C Ar comment