diff options
| author | Damien Miller <djm@mindrot.org> | 2010-03-05 21:31:11 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2010-03-05 21:31:11 +1100 |
| commit | 5059d8d7e647ed6202e3d77f623774919b20eefc (patch) | |
| tree | 285bb505349fb471abe769549afd67f462ba3596 | |
| parent | 922b541329285cede860607c877f72663f3d2a9f (diff) | |
| download | openssh-git-5059d8d7e647ed6202e3d77f623774919b20eefc.tar.gz | |
- djm@cvs.openbsd.org 2010/03/05 10:28:21
[ssh-add.1 ssh.1 ssh_config.5]
mention loading of certificate files from [private]-cert.pub when
they are present; feedback and ok jmc@
| -rw-r--r-- | ChangeLog | 4 | ||||
| -rw-r--r-- | ssh-add.1 | 11 | ||||
| -rw-r--r-- | ssh.1 | 7 | ||||
| -rw-r--r-- | ssh_config.5 | 10 |
4 files changed, 27 insertions, 5 deletions
@@ -29,6 +29,10 @@ - jmc@cvs.openbsd.org 2010/03/05 08:31:20 [ssh.1] document certificate authentication; help/ok djm + - djm@cvs.openbsd.org 2010/03/05 10:28:21 + [ssh-add.1 ssh.1 ssh_config.5] + mention loading of certificate files from [private]-cert.pub when + they are present; feedback and ok jmc@ - (tim) [ssh-pkcs11.c] Fix "non-constant initializer" errors in older compilers. OK djm@ - (djm) [ssh-rand-helper.c] declare optind, avoiding compilation failure @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-add.1,v 1.51 2010/02/10 23:20:38 markus Exp $ +.\" $OpenBSD: ssh-add.1,v 1.52 2010/03/05 10:28:21 djm Exp $ .\" .\" -*- nroff -*- .\" @@ -37,7 +37,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: February 10 2010 $ +.Dd $Mdocdate: March 5 2010 $ .Dt SSH-ADD 1 .Os .Sh NAME @@ -61,7 +61,14 @@ When run without arguments, it adds the files .Pa ~/.ssh/id_dsa and .Pa ~/.ssh/identity . +After loading a private key, +.Nm +will try to load corresponding certificate information from the +filename obtained by appending +.Pa -cert.pub +to the name of the private key file. Alternative file names can be given on the command line. +.Pp If any file requires a passphrase, .Nm asks for the passphrase from the user. @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.301 2010/03/05 08:31:20 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.302 2010/03/05 10:28:21 djm Exp $ .Dd $Mdocdate: March 5 2010 $ .Dt SSH 1 .Os @@ -306,6 +306,11 @@ It is possible to have multiple .Fl i options (and multiple identities specified in configuration files). +.Nm +will also try to load certificate information from the filename obtained +by appending +.Pa -cert.pub +to identity filenames. .It Fl K Enables GSSAPI-based authentication and forwarding (delegation) of GSSAPI credentials to the server. diff --git a/ssh_config.5 b/ssh_config.5 index 7ab5d02f..8cf02597 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -34,8 +34,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.128 2010/02/10 23:20:38 markus Exp $ -.Dd $Mdocdate: February 10 2010 $ +.\" $OpenBSD: ssh_config.5,v 1.129 2010/03/05 10:28:21 djm Exp $ +.Dd $Mdocdate: March 5 2010 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -559,6 +559,12 @@ and for protocol version 2. Additionally, any identities represented by the authentication agent will be used for authentication. +.Xr ssh 1 +will try to load certificate information from the filename obtained by +appending +.Pa -cert.pub +to the path of a specified +.Cm IdentityFile . .Pp The file name may use the tilde syntax to refer to a user's home directory or one of the following |