diff options
| author | djm <djm> | 2010-02-11 22:21:02 +0000 |
|---|---|---|
| committer | djm <djm> | 2010-02-11 22:21:02 +0000 |
| commit | e72ccfcfb8491ff2020bffdd28c3db1506ec4701 (patch) | |
| tree | c3361888e3d6daff6e09d79577ca254c77dc9d90 /ssh.1 | |
| parent | a993be255ff6606cd3ec62245360b61444f6981c (diff) | |
| download | openssh-e72ccfcfb8491ff2020bffdd28c3db1506ec4701.tar.gz | |
- markus@cvs.openbsd.org 2010/02/08 10:50:20
[pathnames.h readconf.c readconf.h scp.1 sftp.1 ssh-add.1 ssh-add.c]
[ssh-agent.c ssh-keygen.1 ssh-keygen.c ssh.1 ssh.c ssh_config.5]
replace our obsolete smartcard code with PKCS#11.
ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.pdf
ssh(1) and ssh-keygen(1) use dlopen(3) directly to talk to a PKCS#11
provider (shared library) while ssh-agent(1) delegates PKCS#11 to
a forked a ssh-pkcs11-helper process.
PKCS#11 is currently a compile time option.
feedback and ok djm@; inspired by patches from Alon Bar-Lev
`
Diffstat (limited to 'ssh.1')
| -rw-r--r-- | ssh.1 | 14 |
1 files changed, 7 insertions, 7 deletions
@@ -34,8 +34,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.290 2010/01/11 01:39:46 dtucker Exp $ -.Dd $Mdocdate: January 11 2010 $ +.\" $OpenBSD: ssh.1,v 1.291 2010/02/08 10:50:20 markus Exp $ +.Dd $Mdocdate: February 8 2010 $ .Dt SSH 1 .Os .Sh NAME @@ -284,12 +284,12 @@ will wait for all remote port forwards to be successfully established before placing itself in the background. .It Fl g Allows remote hosts to connect to local forwarded ports. -.It Fl I Ar smartcard_device -Specify the device +.It Fl I Ar pkcs11 +Specify the PKCS#11 shared libarary .Nm -should use to communicate with a smartcard used for storing the user's +should use to communicate with a PKCS#11 token used for storing the user's private RSA key. -This option is only available if support for smartcard devices +This option is only available if support for PKCS#11 is compiled in (default is no support). .It Fl i Ar identity_file Selects a file from which the identity (private key) for @@ -469,6 +469,7 @@ For full details of the options listed below, and their possible values, see .It NumberOfPasswordPrompts .It PasswordAuthentication .It PermitLocalCommand +.It PKCS11Provider .It Port .It PreferredAuthentications .It Protocol @@ -481,7 +482,6 @@ For full details of the options listed below, and their possible values, see .It SendEnv .It ServerAliveInterval .It ServerAliveCountMax -.It SmartcardDevice .It StrictHostKeyChecking .It TCPKeepAlive .It Tunnel |