- djm@cvs.openbsd.org 2010/03/05 10:28:21

     [ssh-add.1 ssh.1 ssh_config.5]
     mention loading of certificate files from [private]-cert.pub when
     they are present; feedback and ok jmc@

diff --git a/ChangeLog b/ChangeLog
index 5e1bb231b106c97acd62bade3d0620ddc0b31b00..0f062fa60474ce36f21544ce1ee1b1ab17f41efc 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -29,6 +29,10 @@
    - jmc@cvs.openbsd.org 2010/03/05 08:31:20
      [ssh.1]
      document certificate authentication; help/ok djm
+   - djm@cvs.openbsd.org 2010/03/05 10:28:21
+     [ssh-add.1 ssh.1 ssh_config.5]
+     mention loading of certificate files from [private]-cert.pub when
+     they are present; feedback and ok jmc@
  - (tim) [ssh-pkcs11.c] Fix "non-constant initializer" errors in older
    compilers. OK djm@
  - (djm) [ssh-rand-helper.c] declare optind, avoiding compilation failure

diff --git a/ssh-add.1 b/ssh-add.1
index 0d5e39272f0c425592dbacf5668ad77754521b01..d7cc53101f8d39cdecc12318d3f16dc31df88d0d 100644 (file)
--- a/ssh-add.1
+++ b/ssh-add.1
@@ -1,4 +1,4 @@
-.\"    $OpenBSD: ssh-add.1,v 1.51 2010/02/10 23:20:38 markus Exp $
+.\"    $OpenBSD: ssh-add.1,v 1.52 2010/03/05 10:28:21 djm Exp $
 .\"
 .\"  -*- nroff -*-
 .\"
@@ -37,7 +37,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: February 10 2010 $
+.Dd $Mdocdate: March 5 2010 $
 .Dt SSH-ADD 1
 .Os
 .Sh NAME
@@ -61,7 +61,14 @@ When run without arguments, it adds the files
 .Pa ~/.ssh/id_dsa
 and
 .Pa ~/.ssh/identity .
+After loading a private key,
+.Nm
+will try to load corresponding certificate information from the
+filename obtained by appending
+.Pa -cert.pub
+to the name of the private key file.
 Alternative file names can be given on the command line.
+.Pp
 If any file requires a passphrase,
 .Nm
 asks for the passphrase from the user.

diff --git a/ssh.1 b/ssh.1
index c1a4083488968b4cfc41f22b714d76d5a1f9f73e..3f815b8e716119cb9f80ee86a794edc46ddea44e 100644 (file)
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.301 2010/03/05 08:31:20 jmc Exp $
+.\" $OpenBSD: ssh.1,v 1.302 2010/03/05 10:28:21 djm Exp $
 .Dd $Mdocdate: March 5 2010 $
 .Dt SSH 1
 .Os
@@ -306,6 +306,11 @@ It is possible to have multiple
 .Fl i
 options (and multiple identities specified in
 configuration files).
+.Nm
+will also try to load certificate information from the filename obtained
+by appending
+.Pa -cert.pub
+to identity filenames.
 .It Fl K
 Enables GSSAPI-based authentication and forwarding (delegation) of GSSAPI
 credentials to the server.

diff --git a/ssh_config.5 b/ssh_config.5
index 7ab5d02fdf683fc3dbbd3243f056789256176e72..8cf02597d0636733edd44873812fa7d18e7f01f6 100644 (file)
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,8 +34,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.128 2010/02/10 23:20:38 markus Exp $
-.Dd $Mdocdate: February 10 2010 $
+.\" $OpenBSD: ssh_config.5,v 1.129 2010/03/05 10:28:21 djm Exp $
+.Dd $Mdocdate: March 5 2010 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -559,6 +559,12 @@ and
 for protocol version 2.
 Additionally, any identities represented by the authentication agent
 will be used for authentication.
+.Xr ssh 1
+will try to load certificate information from the filename obtained by
+appending
+.Pa -cert.pub
+to the path of a specified
+.Cm IdentityFile .
 .Pp
 The file name may use the tilde
 syntax to refer to a user's home directory or one of the following