- stevesk@cvs.openbsd.org 2002/06/10 16:56:30

[ssh-keysign.8] merge in stuff from my man page; ok markus@
2024-11-23 18:23:25 +08:00 · 2002-06-11 15:50:13 +00:00 · 2002-06-11 15:50:13 +00:00 · 11d470de34
commit 11d470de34
parent 2779d28a0f
2 changed files with 20 additions and 8 deletions
--- a/5
+++ b/5
@ -10,6 +10,9 @@
   - stevesk@cvs.openbsd.org 2002/06/10 16:53:06
     [auth-rsa.c ssh-rsa.c]
     display minimum RSA modulus in error(); ok markus@
+   - stevesk@cvs.openbsd.org 2002/06/10 16:56:30
+     [ssh-keysign.8]
+     merge in stuff from my man page; ok markus@

 20020609
 - (bal) OpenBSD CVS Sync
@ -875,4 +878,4 @@
 - (stevesk) entropy.c: typo in debug message
 - (djm) ssh-keygen -i needs seeded RNG; report from markus@

-$Id: ChangeLog,v 1.2202 2002/06/11 15:47:42 mouring Exp $
+$Id: ChangeLog,v 1.2203 2002/06/11 15:50:13 mouring Exp $
--- a/ssh-keysign.8
+++ b/ssh-keysign.8
@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-keysign.8,v 1.1 2002/05/25 08:16:59 markus Exp $
+.\" $OpenBSD: ssh-keysign.8,v 1.2 2002/06/10 16:56:30 stevesk Exp $
 .\"
 .\" Copyright (c) 2002 Markus Friedl.  All rights reserved.
 .\"
@ -29,16 +29,13 @@
 .Nm ssh-keysign
 .Nd ssh helper program for hostbased authentication
 .Sh SYNOPSIS
-.Nm ssh-keysign
+.Nm
 .Sh DESCRIPTION
 .Nm
 is used by
 .Xr ssh 1
-to access the local host keys during hostbased authentication with
-SSH protocol version 2.
-Since the host keys are readable only by root
-.Nm
-must be setuid root.
+to access the local host keys and generate the digital signature
+required during hostbased authentication with SSH protocol version 2.
 .Nm
 is not intended to be invoked by the user, but from
 .Xr ssh 1 .
@ -47,8 +44,20 @@ See
 and
 .Xr sshd 8
 for more information about hostbased authentication.
+.Sh FILES
+.Bl -tag -width Ds
+.It Pa /etc/ssh/ssh_host_dsa_key, /etc/ssh/ssh_host_rsa_key
+These files contain the private parts of the host keys used to
+generate the digital signature.  They
+should be owned by root, readable only by root, and not
+accessible to others.
+Since they are readable only by root,
+.Nm
+must be set-uid root if hostbased authentication is used.
+.El
 .Sh SEE ALSO
 .Xr ssh 1 ,
+.Xr ssh-keygen 1 ,
 .Xr sshd 8
 .Sh AUTHORS
 Markus Friedl <markus@openbsd.org>