diff options
author | Damien Miller <djm@mindrot.org> | 2010-03-05 21:30:54 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2010-03-05 21:30:54 +1100 |
commit | 922b541329285cede860607c877f72663f3d2a9f (patch) | |
tree | 0c41ed5f86f96a859eba2ff544a21e4121cfe2f0 | |
parent | 98339054f949ad87f15b4d618a421765d4097cd9 (diff) |
- jmc@cvs.openbsd.org 2010/03/05 08:31:20
[ssh.1]
document certificate authentication; help/ok djm
-rw-r--r-- | ChangeLog | 3 | ||||
-rw-r--r-- | ssh.1 | 18 |
2 files changed, 18 insertions, 3 deletions
@@ -26,6 +26,9 @@ - jmc@cvs.openbsd.org 2010/03/05 06:50:35 [ssh.1 sshd.8] tweak previous; + - jmc@cvs.openbsd.org 2010/03/05 08:31:20 + [ssh.1] + document certificate authentication; help/ok djm - (tim) [ssh-pkcs11.c] Fix "non-constant initializer" errors in older compilers. OK djm@ - (djm) [ssh-rand-helper.c] declare optind, avoiding compilation failure @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.300 2010/03/05 06:50:34 jmc Exp $ +.\" $OpenBSD: ssh.1,v 1.301 2010/03/05 08:31:20 jmc Exp $ .Dd $Mdocdate: March 5 2010 $ .Dt SSH 1 .Os @@ -798,8 +798,20 @@ file, and has one key per line, though the lines can be very long. After this, the user can log in without giving the password. .Pp -The most convenient way to use public key authentication may be with an -authentication agent. +A variation on public key authentication +is available in the form of certificate authentication: +instead of a set of public/private keys, +signed certificates are used. +This has the advantage that a single trusted certification authority +can be used in place of many public/private keys. +See the +.Sx CERTIFICATES +section of +.Xr ssh-keygen 1 +for more information. +.Pp +The most convenient way to use public key or certificate authentication +may be with an authentication agent. See .Xr ssh-agent 1 for more information. |