upstream commit

more protocol 1 stuff to go; ok djm

Upstream-ID: 307a30441d2edda480fd1661d998d36665671e47

4 files changed, 13 insertions, 47 deletions

diff --git a/sftp.1 b/sftp.1
index fc5e00503..5dce807f6 100644
--- a/sftp.1
+++ b/sftp.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: sftp.1,v 1.108 2017/05/02 14:06:37 jmc Exp $
+.\" $OpenBSD: sftp.1,v 1.109 2017/05/03 06:32:02 jmc Exp $
 .\"
 .\" Copyright (c) 2001 Damien Miller.  All rights reserved.
 .\"
@@ -22,7 +22,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: May 2 2017 $
+.Dd $Mdocdate: May 3 2017 $
 .Dt SFTP 1
 .Os
 .Sh NAME
@@ -273,9 +273,7 @@ options.
 .It Fl s Ar subsystem | sftp_server
 Specifies the SSH2 subsystem or the path for an sftp server
 on the remote host.
-A path is useful for using
-.Nm
-over protocol version 1, or when the remote
+A path is useful when the remote
 .Xr sshd 8
 does not have an sftp subsystem configured.
 .It Fl v
diff --git a/ssh-add.1 b/ssh-add.1
index f02b595d5..38631f858 100644
--- a/ssh-add.1
+++ b/ssh-add.1
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ssh-add.1,v 1.62 2015/03/30 18:28:37 jmc Exp $
+.\"	$OpenBSD: ssh-add.1,v 1.63 2017/05/03 06:32:02 jmc Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 30 2015 $
+.Dd $Mdocdate: May 3 2017 $
 .Dt SSH-ADD 1
 .Os
 .Sh NAME
@@ -59,9 +59,8 @@ When run without arguments, it adds the files
 .Pa ~/.ssh/id_rsa ,
 .Pa ~/.ssh/id_dsa ,
 .Pa ~/.ssh/id_ecdsa ,
-.Pa ~/.ssh/id_ed25519
 and
-.Pa ~/.ssh/identity .
+.Pa ~/.ssh/id_ed25519 .
 After loading a private key,
 .Nm
 will try to load corresponding certificate information from the
@@ -174,8 +173,6 @@ socket used to communicate with the agent.
 .El
 .Sh FILES
 .Bl -tag -width Ds
-.It Pa ~/.ssh/identity
-Contains the protocol version 1 RSA authentication identity of the user.
 .It Pa ~/.ssh/id_dsa
 Contains the protocol version 2 DSA authentication identity of the user.
 .It Pa ~/.ssh/id_ecdsa
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 624995617..d8ae3fada 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ssh-keygen.1,v 1.139 2017/05/02 17:04:09 jmc Exp $
+.\"	$OpenBSD: ssh-keygen.1,v 1.140 2017/05/03 06:32:02 jmc Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: May 2 2017 $
+.Dd $Mdocdate: May 3 2017 $
 .Dt SSH-KEYGEN 1
 .Os
 .Sh NAME
@@ -141,11 +141,7 @@
 generates, manages and converts authentication keys for
 .Xr ssh 1 .
 .Nm
-can create keys for use by SSH protocol versions 1 and 2.
-Protocol 1 should not be used
-and is only offered to support legacy devices.
-It suffers from a number of cryptographic weaknesses
-and doesn't support many of the advanced features available for protocol 2.
+can create keys for use by SSH protocol version 2.
 .Pp
 The type of key to be generated is specified with the
 .Fl t
@@ -172,7 +168,6 @@ section for details.
 Normally each user wishing to use SSH
 with public key authentication runs this once to create the authentication
 key in
-.Pa ~/.ssh/identity ,
 .Pa ~/.ssh/id_dsa ,
 .Pa ~/.ssh/id_ecdsa ,
 .Pa ~/.ssh/id_ed25519
@@ -231,16 +226,14 @@ This is used by
 .Pa /etc/rc
 to generate new host keys.
 .It Fl a Ar rounds
-When saving a new-format private key (i.e. an ed25519 key or any SSH protocol
-2 key when the
+When saving a new-format private key (i.e. an ed25519 key or when the
 .Fl o
 flag is set), this option specifies the number of KDF (key derivation function)
 rounds used.
 Higher numbers result in slower passphrase verification and increased
 resistance to brute-force password cracking (should the keys be stolen).
 .Pp
-When screening DH-GEX candidates (
-using the
+When screening DH-GEX candidates (using the
 .Fl T
 command).
 This option specifies the number of primality tests to perform.
@@ -819,26 +812,6 @@ will exit with a non-zero exit status.
 A zero exit status will only be returned if no key was revoked.
 .Sh FILES
 .Bl -tag -width Ds -compact
-.It Pa ~/.ssh/identity
-Contains the protocol version 1 RSA authentication identity of the user.
-This file should not be readable by anyone but the user.
-It is possible to
-specify a passphrase when generating the key; that passphrase will be
-used to encrypt the private part of this file using 3DES.
-This file is not automatically accessed by
-.Nm
-but it is offered as the default file for the private key.
-.Xr ssh 1
-will read this file when a login attempt is made.
-.Pp
-.It Pa ~/.ssh/identity.pub
-Contains the protocol version 1 RSA public key for authentication.
-The contents of this file should be added to
-.Pa ~/.ssh/authorized_keys
-on all machines
-where the user wishes to log in using RSA authentication.
-There is no need to keep the contents of this file secret.
-.Pp
 .It Pa ~/.ssh/id_dsa
 .It Pa ~/.ssh/id_ecdsa
 .It Pa ~/.ssh/id_ed25519
diff --git a/ssh.1 b/ssh.1
index 7ef599028..b9a85aff9 100644
--- a/ssh.1
+++ b/ssh.1
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.378 2017/05/02 13:44:51 jmc Exp $
-.Dd $Mdocdate: May 2 2017 $
+.\" $OpenBSD: ssh.1,v 1.379 2017/05/03 06:32:02 jmc Exp $
+.Dd $Mdocdate: May 3 2017 $
 .Dt SSH 1
 .Os
 .Sh NAME
@@ -1441,7 +1441,6 @@ Contains additional definitions for environment variables; see
 .Sx ENVIRONMENT ,
 above.
 .Pp
-.It Pa ~/.ssh/identity
 .It Pa ~/.ssh/id_dsa
 .It Pa ~/.ssh/id_ecdsa
 .It Pa ~/.ssh/id_ed25519
@@ -1456,7 +1455,6 @@ It is possible to specify a passphrase when
 generating the key which will be used to encrypt the
 sensitive part of this file using 3DES.
 .Pp
-.It Pa ~/.ssh/identity.pub
 .It Pa ~/.ssh/id_dsa.pub
 .It Pa ~/.ssh/id_ecdsa.pub
 .It Pa ~/.ssh/id_ed25519.pub