=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/sshd.8,v retrieving revision 1.258 retrieving revision 1.259 diff -u -r1.258 -r1.259 --- src/usr.bin/ssh/sshd.8 2010/08/08 19:36:30 1.258 +++ src/usr.bin/ssh/sshd.8 2010/08/31 11:54:45 1.259 @@ -34,8 +34,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.258 2010/08/08 19:36:30 jmc Exp $ -.Dd $Mdocdate: August 8 2010 $ +.\" $OpenBSD: sshd.8,v 1.259 2010/08/31 11:54:45 djm Exp $ +.Dd $Mdocdate: August 31 2010 $ .Dt SSHD 8 .Os .Sh NAME @@ -170,9 +170,10 @@ The default is .Pa /etc/ssh/ssh_host_key for protocol version 1, and -.Pa /etc/ssh/ssh_host_rsa_key +.Pa /etc/ssh/ssh_host_dsa_key , +.Pa /etc/ssh/ssh_host_ecdsa_key and -.Pa /etc/ssh/ssh_host_dsa_key +.Pa /etc/ssh/ssh_host_rsa_key for protocol version 2. It is possible to have multiple host key files for the different protocol versions and host key algorithms. @@ -275,7 +276,7 @@ .Cm Protocol option in .Xr sshd_config 5 . -Protocol 2 supports both RSA and DSA keys; +Protocol 2 supports DSA, ECDSA and RSA keys; protocol 1 only supports RSA keys. For both protocols, each host has a host-specific key, @@ -456,6 +457,9 @@ comment field is not used for anything (but may be convenient for the user to identify the key). For protocol version 2 the keytype is +.Dq ecdsa-sha2-nistp256 , +.Dq ecdsa-sha2-nistp384 , +.Dq ecdsa-sha2-nistp521 , .Dq ssh-dss or .Dq ssh-rsa . @@ -467,6 +471,7 @@ You don't want to type them in; instead, copy the .Pa identity.pub , .Pa id_dsa.pub , +.Pa id_ecdsa.pub , or the .Pa id_rsa.pub file and edit it. @@ -765,7 +770,8 @@ and not accessible by others. .Pp .It Pa ~/.ssh/authorized_keys -Lists the public keys (RSA/DSA) that can be used for logging in as this user. +Lists the public keys (DSA/ECDSA/RSA) that can be used for logging in +as this user. The format of this file is described above. The content of the file is not highly sensitive, but the recommended permissions are read/write for the user, and not accessible by others. @@ -844,6 +850,7 @@ .Pp .It Pa /etc/ssh/ssh_host_key .It Pa /etc/ssh/ssh_host_dsa_key +.It Pa /etc/ssh/ssh_host_ecdsa_key .It Pa /etc/ssh/ssh_host_rsa_key These three files contain the private parts of the host keys. These files should only be owned by root, readable only by root, and not @@ -854,6 +861,7 @@ .Pp .It Pa /etc/ssh/ssh_host_key.pub .It Pa /etc/ssh/ssh_host_dsa_key.pub +.It Pa /etc/ssh/ssh_host_ecdsa_key.pub .It Pa /etc/ssh/ssh_host_rsa_key.pub These three files contain the public parts of the host keys. These files should be world-readable but writable only by