-.\" $OpenBSD: ssh-add.1,v 1.76 2019/11/30 07:07:59 jmc Exp $
+.\" $OpenBSD: ssh-add.1,v 1.77 2019/12/21 20:22:34 naddy Exp $
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: November 30 2019 $
+.Dd $Mdocdate: December 21 2019 $
.Dt SSH-ADD 1
.Os
.Sh NAME
.It Fl q
Be quiet after a successful operation.
.It Fl S Ar provider
-Specifies a path to a security key provider library that will be used when
-adding any security key-hosted keys, overriding the default of using the
+Specifies a path to a library that will be used when adding
+FIDO authenticator-hosted keys, overriding the default of using the
internal USB HID support.
.It Fl s Ar pkcs11
Add keys provided by the PKCS#11 shared library
.Ux Ns -domain
socket used to communicate with the agent.
.It Ev SSH_SK_PROVIDER
-Specifies the path to a security key provider library used to interact with
-hardware security keys.
+Specifies the path to a library used to interact with FIDO authenticators.
.El
.Sh FILES
-.Bl -tag -width Ds
+.Bl -tag -width Ds -compact
.It Pa ~/.ssh/id_dsa
-Contains the DSA authentication identity of the user.
.It Pa ~/.ssh/id_ecdsa
-Contains the ECDSA authentication identity of the user.
.It Pa ~/.ssh/id_ecdsa_sk
-Contains the security key-hosted ECDSA authentication identity of the user.
.It Pa ~/.ssh/id_ed25519
-Contains the Ed25519 authentication identity of the user.
.It Pa ~/.ssh/id_ed25519_sk
-Contains the security key-hosted Ed25519 authentication identity of the user.
.It Pa ~/.ssh/id_rsa
-Contains the RSA authentication identity of the user.
+Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519,
+authenticator-hosted Ed25519 or RSA authentication identity of the user.
.El
.Pp
Identity files should not be readable by anyone but the user.
-.\" $OpenBSD: ssh-agent.1,v 1.69 2019/11/30 07:07:59 jmc Exp $
+.\" $OpenBSD: ssh-agent.1,v 1.70 2019/12/21 20:22:34 naddy Exp $
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: November 30 2019 $
+.Dd $Mdocdate: December 21 2019 $
.Dt SSH-AGENT 1
.Os
.Sh NAME
.Ev SSH_AGENT_PID
environment variable).
.It Fl P Ar provider_whitelist
-Specify a pattern-list of acceptable paths for PKCS#11 and security key shared
-libraries that may be used with the
+Specify a pattern-list of acceptable paths for PKCS#11 and FIDO authenticator
+shared libraries that may be used with the
.Fl S
or
.Fl s
-.\" $OpenBSD: ssh-keygen.1,v 1.179 2019/11/30 07:07:59 jmc Exp $
+.\" $OpenBSD: ssh-keygen.1,v 1.180 2019/12/21 20:22:34 naddy Exp $
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: November 30 2019 $
+.Dd $Mdocdate: December 21 2019 $
.Dt SSH-KEYGEN 1
.Os
.Sh NAME
.It Ic no-touch-required
Do not require signatures made using this key require demonstration
of user presence (e.g. by having the user touch the key).
-This option only makes sense for the Security Key algorithms
+This option only makes sense for the FIDO authenticator algorithms
.Cm ecdsa-sk
and
.Cm ed25519-sk .
.It Fl W Ar generator
Specify desired generator when testing candidate moduli for DH-GEX.
.It Fl w Ar provider
-Specifies a path to a security key provider library that will be used when
-creating any security key-hosted keys, overriding the default of the
-internal support for USB HID keys.
+Specifies a path to a library that will be used when creating
+FIDO authenticator-hosted keys, overriding the default of using
+the internal USB HID support.
.It Fl x Ar flags
-Specifies the security key flags to use when enrolling a security key-hosted
+Specifies the authenticator flags to use when enrolling an authenticator-hosted
key.
Flags may be specified by name or directly as a hexadecimal value.
Only one named flag is supported at present:
.Sh ENVIRONMENT
.Bl -tag -width Ds
.It Ev SSH_SK_PROVIDER
-Specifies the path to a security key provider library used to interact with
-hardware security keys.
+Specifies the path to a library used to interact with FIDO authenticators.
.El
.Sh FILES
.Bl -tag -width Ds -compact
.It Pa ~/.ssh/id_ed25519
.It Pa ~/.ssh/id_ed25519_sk
.It Pa ~/.ssh/id_rsa
-Contains the DSA, ECDSA, security key-hosted ECDSA, Ed25519,
-security key-hosted Ed25519 or RSA authentication identity of the user.
+Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519,
+authenticator-hosted Ed25519 or RSA authentication identity of the user.
This file should not be readable by anyone but the user.
It is possible to
specify a passphrase when generating the key; that passphrase will be
.It Pa ~/.ssh/id_ed25519.pub
.It Pa ~/.ssh/id_ed25519_sk.pub
.It Pa ~/.ssh/id_rsa.pub
-Contains the DSA, ECDSA, security key-hosted ECDSA, Ed25519,
-security key-hosted Ed25519 or RSA public key for authentication.
+Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519,
+authenticator-hosted Ed25519 or RSA public key for authentication.
The contents of this file should be added to
.Pa ~/.ssh/authorized_keys
on all machines
-.\" $OpenBSD: ssh-sk-helper.8,v 1.2 2019/11/30 07:07:59 jmc Exp $
+.\" $OpenBSD: ssh-sk-helper.8,v 1.3 2019/12/21 20:22:34 naddy Exp $
.\"
.\" Copyright (c) 2010 Markus Friedl. All rights reserved.
.\"
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd $Mdocdate: November 30 2019 $
+.Dd $Mdocdate: December 21 2019 $
.Dt SSH-SK-HELPER 8
.Os
.Sh NAME
.Nm ssh-sk-helper
-.Nd OpenSSH helper for security key support
+.Nd OpenSSH helper for FIDO authenticator support
.Sh SYNOPSIS
.Nm
.Op Fl v
.Nm
is used by
.Xr ssh-agent 1
-to access keys provided by a security key.
+to access keys provided by a FIDO authenticator.
.Pp
.Nm
is not intended to be invoked by the user, but from
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.408 2019/11/30 07:07:59 jmc Exp $
-.Dd $Mdocdate: November 30 2019 $
+.\" $OpenBSD: ssh.1,v 1.409 2019/12/21 20:22:34 naddy Exp $
+.Dd $Mdocdate: December 21 2019 $
.Dt SSH 1
.Os
.Sh NAME
.Pa ~/.ssh/id_ecdsa
(ECDSA),
.Pa ~/.ssh/id_ecdsa_sk
-(security key-hosted ECDSA),
+(authenticator-hosted ECDSA),
.Pa ~/.ssh/id_ed25519
(Ed25519),
.Pa ~/.ssh/id_ed25519_sk
-(security key-hosted Ed25519),
+(authenticator-hosted Ed25519),
or
.Pa ~/.ssh/id_rsa
(RSA)
.Pa ~/.ssh/id_ecdsa.pub
(ECDSA),
.Pa ~/.ssh/id_ecdsa_sk.pub
-(security key-hosted ECDSA),
+(authenticator-hosted ECDSA),
.Pa ~/.ssh/id_ed25519.pub
(Ed25519),
.Pa ~/.ssh/id_ed25519_sk.pub
-(security key-hosted Ed25519),
+(authenticator-hosted Ed25519),
or
.Pa ~/.ssh/id_rsa.pub
(RSA)
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh_config.5,v 1.312 2019/12/21 02:19:13 djm Exp $
+.\" $OpenBSD: ssh_config.5,v 1.313 2019/12/21 20:22:34 naddy Exp $
.Dd $Mdocdate: December 21 2019 $
.Dt SSH_CONFIG 5
.Os
.Sx TOKENS
section.
.It Cm IdentityFile
-Specifies a file from which the user's DSA, ECDSA, security key-hosted ECDSA,
-Ed25519 or RSA authentication identity is read.
+Specifies a file from which the user's DSA, ECDSA, authenticator-hosted ECDSA,
+Ed25519, authenticator-hosted Ed25519 or RSA authentication identity is read.
The default is
.Pa ~/.ssh/id_dsa ,
.Pa ~/.ssh/id_ecdsa ,
For more information on KRLs, see the KEY REVOCATION LISTS section in
.Xr ssh-keygen 1 .
.It Cm SecurityKeyProvider
-Specifies a path to a security key provider library that will be used when
-loading any security key-hosted keys, overriding the default of using
-the built-in support for USB HID keys.
+Specifies a path to a library that will be used when loading any
+FIDO authenticator-hosted keys, overriding the default of using
+the built-in USB HID support.
.Pp
If the specified value begins with a
.Sq $
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd.8,v 1.310 2019/12/19 03:50:01 dtucker Exp $
-.Dd $Mdocdate: December 19 2019 $
+.\" $OpenBSD: sshd.8,v 1.311 2019/12/21 20:22:34 naddy Exp $
+.Dd $Mdocdate: December 21 2019 $
.Dt SSHD 8
.Os
.Sh NAME
.It Cm no-touch-required
Do not require demonstration of user presence
for signatures made using this key.
-This option only makes sense for the Security Key algorithms
+This option only makes sense for the FIDO authenticator algorithms
.Cm ecdsa-sk
and
.Cm ed25519-sk .
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.296 2019/12/19 15:09:30 naddy Exp $
-.Dd $Mdocdate: December 19 2019 $
+.\" $OpenBSD: sshd_config.5,v 1.297 2019/12/21 20:22:34 naddy Exp $
+.Dd $Mdocdate: December 21 2019 $
.Dt SSHD_CONFIG 5
.Os
.Sh NAME
.Pp
The
.Cm touch-required
-option causes public key authentication using a security key algorithm
+option causes public key authentication using a FIDO authenticator algorithm
(i.e.\&
.Cm ecdsa-sk
or
.Cm ed25519-sk )
to always require the signature to attest that a physically present user
-explicitly confirmed the authentication (usually by touching the security key).
+explicitly confirmed the authentication (usually by touching the authenticator).
By default,
.Xr sshd 8
-requires key touch unless overridden with an authorized_keys option.
+requires user presence unless overridden with an authorized_keys option.
The
.Cm touch-required
flag disables this override.
-This option has no effect for other, non-security key, public key types.
+This option has no effect for other, non-authenticator public key types.
.It Cm PubkeyAuthentication
Specifies whether public key authentication is allowed.
The default is
.Cm \&%D ,
then the domain in which the incoming connection was received will be applied.
.It Cm SecurityKeyProvider
-Specifies a path to a security key provider library that will be used when
-loading any security key-hosted keys, overriding the default of using
-the built-in support for USB HID keys.
+Specifies a path to a library that will be used when loading
+FIDO authenticator-hosted keys, overriding the default of using
+the built-in USB HID support.
.It Cm SetEnv
Specifies one or more environment variables to set in child sessions started
by
projects / thirdparty / openssh-portable.git / commitdiff
