summaryrefslogtreecommitdiff
path: root/ssh.1
diff options
context:
space:
mode:
authordjm <djm>2010-03-05 10:30:54 +0000
committerdjm <djm>2010-03-05 10:30:54 +0000
commitbdb72c78b09b18758fd98c3ef894212249d8694f (patch)
tree3249a0785d8efb7bef3853ce1df7ce4db692fbfd /ssh.1
parent035f6d65ca630c6d35e9e0361b1866927387527b (diff)
downloadopenssh-bdb72c78b09b18758fd98c3ef894212249d8694f.tar.gz
- jmc@cvs.openbsd.org 2010/03/05 08:31:20
[ssh.1] document certificate authentication; help/ok djm
Diffstat (limited to 'ssh.1')
-rw-r--r--ssh.118
1 files changed, 15 insertions, 3 deletions
diff --git a/ssh.1 b/ssh.1
index fd713e3b..c1a40834 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.300 2010/03/05 06:50:34 jmc Exp $
+.\" $OpenBSD: ssh.1,v 1.301 2010/03/05 08:31:20 jmc Exp $
.Dd $Mdocdate: March 5 2010 $
.Dt SSH 1
.Os
@@ -798,8 +798,20 @@ file, and has one key
per line, though the lines can be very long.
After this, the user can log in without giving the password.
.Pp
-The most convenient way to use public key authentication may be with an
-authentication agent.
+A variation on public key authentication
+is available in the form of certificate authentication:
+instead of a set of public/private keys,
+signed certificates are used.
+This has the advantage that a single trusted certification authority
+can be used in place of many public/private keys.
+See the
+.Sx CERTIFICATES
+section of
+.Xr ssh-keygen 1
+for more information.
+.Pp
+The most convenient way to use public key or certificate authentication
+may be with an authentication agent.
See
.Xr ssh-agent 1
for more information.