summaryrefslogtreecommitdiffstats
path: root/ssh-keysign.8 (follow)
Commit message (Collapse)AuthorAgeFilesLines
* upstream commitjmc@openbsd.org2016-02-171-3/+3
| | | | | | | | | | since these pages now clearly tell folks to avoid v1, normalise the docs from a v2 perspective (i.e. stop pointing out which bits are v2 only); ok/tweaks djm ok markus Upstream-ID: eb474f8c36fb6a532dc05c282f7965e38dcfa129
* - naddy@cvs.openbsd.org 2013/12/07 11:58:46Damien Miller2013-12-181-2/+4
| | | | | | [ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8 ssh.1] [ssh_config.5 sshd.8 sshd_config.5] add missing mentions of ed25519; ok djm@
* - schwarze@cvs.openbsd.org 2013/07/16 00:07:52Damien Miller2013-07-181-3/+3
| | | | | [scp.1 sftp-server.8 ssh-keyscan.1 ssh-keysign.8 ssh-pkcs11-helper.8] use .Mt for email addresses; from Jan Stary <hans at stare dot cz>; ok jmc@
* - djm@cvs.openbsd.org 2010/08/31 11:54:45Damien Miller2010-08-311-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | [PROTOCOL PROTOCOL.agent PROTOCOL.certkeys auth2-jpake.c authfd.c] [authfile.c buffer.h dns.c kex.c kex.h key.c key.h monitor.c] [monitor_wrap.c myproposal.h packet.c packet.h pathnames.h readconf.c] [ssh-add.1 ssh-add.c ssh-agent.1 ssh-agent.c ssh-keygen.1 ssh-keygen.c] [ssh-keyscan.1 ssh-keyscan.c ssh-keysign.8 ssh.1 ssh.c ssh2.h] [ssh_config.5 sshconnect.c sshconnect2.c sshd.8 sshd.c sshd_config.5] [uuencode.c uuencode.h bufec.c kexecdh.c kexecdhc.c kexecdhs.c ssh-ecdsa.c] Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA offer better performance than plain DH and DSA at the same equivalent symmetric key length, as well as much shorter keys. Only the mandatory sections of RFC5656 are implemented, specifically the three REQUIRED curves nistp256, nistp384 and nistp521 and only ECDH and ECDSA. Point compression (optional in RFC5656 is NOT implemented). Certificate host and user keys using the new ECDSA key types are supported. Note that this code has not been tested for interoperability and may be subject to change. feedback and ok markus@
* - jmc@cvs.openbsd.org 2010/08/08 19:36:30Damien Miller2010-08-311-5/+9
| | | | | | [ssh-keysign.8 ssh.1 sshd.8] use the same template for all FILES sections; i.e. -compact/.Pp where we have multiple items, and .Pa for path names;
* - djm@cvs.openbsd.org 2010/08/04 05:42:47Damien Miller2010-08-051-2/+5
| | | | | | | [auth.c auth2-hostbased.c authfile.c authfile.h ssh-keysign.8] [ssh-keysign.c ssh.c] enable certificates for hostbased authentication, from Iain Morgan; "looks ok" markus@
* - jmc@cvs.openbsd.org 2007/05/31 19:20:16Darren Tucker2007-06-051-2/+2
| | | | | | | [scp.1 ssh_config.5 sftp-server.8 ssh-agent.1 sshd_config.5 sftp.1 ssh-keygen.1 ssh-keyscan.1 ssh-add.1 sshd.8 ssh.1 ssh-keysign.8] convert to new .Dd format; (We will need to teach mdoc2man.awk to understand this too.)
* - jmc@cvs.openbsd.org 2006/02/24 20:22:16Damien Miller2006-03-151-5/+5
| | | | | [ssh-keysign.8 ssh_config.5 sshd_config.5] some consistency fixes;
* - jmc@cvs.openbsd.org 2003/06/10 09:12:11Damien Miller2003-06-111-3/+3
| | | | | | | | | | | [scp.1 sftp-server.8 ssh.1 ssh-add.1 ssh-agent.1 ssh_config.5] [sshd.8 sshd_config.5 ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8] - section reorder - COMPATIBILITY merge - macro cleanup - kill whitespace at EOL - new sentence, new line ssh pages ok markus@
* - (djm) OpenBSD CVS SyncDamien Miller2003-04-011-3/+3
| | | | | | | | | | - jmc@cvs.openbsd.org 2003/03/28 10:11:43 [scp.1 sftp.1 ssh.1 ssh-add.1 ssh-agent.1 ssh_config.5 sshd_config.5] [ssh-keygen.1 ssh-keyscan.1 ssh-keysign.8] - killed whitespace - new sentence new line - .Bk for arguments ok markus@
* - stevesk@cvs.openbsd.org 2002/11/24 21:46:24Ben Lindstrom2002-12-231-2/+2
| | | | | [ssh-keysign.8] typo: "the the"
* - markus@cvs.openbsd.org 2002/11/07 22:08:07Ben Lindstrom2002-11-091-2/+2
| | | | | | | | | [readconf.c readconf.h ssh-keysign.8 ssh-keysign.c] we cannot use HostbasedAuthentication for enabling ssh-keysign(8), because HostbasedAuthentication might be enabled based on the target host and ssh-keysign(8) does not know the remote hostname and not trust ssh(1) about the hostname, so we add a new option EnableSSHKeysign; ok djm@, report from zierke@informatik.uni-hamburg.de
* - markus@cvs.openbsd.org 2002/07/03 14:21:05Ben Lindstrom2002-07-041-1/+16
| | | | | | | | [ssh-keysign.8 ssh-keysign.c ssh.c ssh_config] re-enable ssh-keysign's sbit, but make ssh-keysign read /etc/ssh/ssh_config and exit if HostbasedAuthentication is disabled globally. based on discussions with deraadt, itojun and sommerfeld; ok itojun@
* - stevesk@cvs.openbsd.org 2002/06/10 16:56:30Ben Lindstrom2002-06-111-7/+16
| | | | | [ssh-keysign.8] merge in stuff from my man page; ok markus@
* - markus@cvs.openbsd.org 2002/05/23 19:24:30Ben Lindstrom2002-06-061-0/+58
[authfile.c authfile.h pathnames.h ssh.c sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c ssh-keysign.8 ssh-keysign.c Makefile.in] add /usr/libexec/ssh-keysign: a setuid helper program for hostbased authentication in protocol v2 (needs to access the hostkeys). Note: Makefile.in untested. Will test after merge is finished.