[openssh-commits] [openssh] 01/05: upstream: Replace the term "security key" with "(FIDO)
git+noreply at mindrot.org
git+noreply at mindrot.org
Mon Dec 30 14:34:01 AEDT 2019
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit 141df487ba699cfd1ec3dcd98186e7c956e99024
Author: naddy at openbsd.org <naddy at openbsd.org>
Date: Sat Dec 21 20:22:34 2019 +0000
upstream: Replace the term "security key" with "(FIDO)
authenticator".
The polysemous use of "key" was too confusing. Input from markus at .
ok jmc@
OpenBSD-Commit-ID: 12eea973a44c8232af89f86e4269d71ae900ca8f
---
ssh-add.1 | 21 ++++++++-------------
ssh-agent.1 | 8 ++++----
ssh-keygen.1 | 25 ++++++++++++-------------
ssh-sk-helper.8 | 8 ++++----
ssh.1 | 12 ++++++------
ssh_config.5 | 12 ++++++------
sshd.8 | 6 +++---
sshd_config.5 | 18 +++++++++---------
8 files changed, 52 insertions(+), 58 deletions(-)
diff --git a/ssh-add.1 b/ssh-add.1
index 1832ae66..45af7357 100644
--- a/ssh-add.1
+++ b/ssh-add.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-add.1,v 1.76 2019/11/30 07:07:59 jmc Exp $
+.\" $OpenBSD: ssh-add.1,v 1.77 2019/12/21 20:22:34 naddy Exp $
.\"
.\" Author: Tatu Ylonen <ylo at cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: November 30 2019 $
+.Dd $Mdocdate: December 21 2019 $
.Dt SSH-ADD 1
.Os
.Sh NAME
@@ -135,8 +135,8 @@ Lists fingerprints of all identities currently represented by the agent.
.It Fl q
Be quiet after a successful operation.
.It Fl S Ar provider
-Specifies a path to a security key provider library that will be used when
-adding any security key-hosted keys, overriding the default of using the
+Specifies a path to a library that will be used when adding
+FIDO authenticator-hosted keys, overriding the default of using the
internal USB HID support.
.It Fl s Ar pkcs11
Add keys provided by the PKCS#11 shared library
@@ -197,23 +197,18 @@ Identifies the path of a
.Ux Ns -domain
socket used to communicate with the agent.
.It Ev SSH_SK_PROVIDER
-Specifies the path to a security key provider library used to interact with
-hardware security keys.
+Specifies the path to a library used to interact with FIDO authenticators.
.El
.Sh FILES
-.Bl -tag -width Ds
+.Bl -tag -width Ds -compact
.It Pa ~/.ssh/id_dsa
-Contains the DSA authentication identity of the user.
.It Pa ~/.ssh/id_ecdsa
-Contains the ECDSA authentication identity of the user.
.It Pa ~/.ssh/id_ecdsa_sk
-Contains the security key-hosted ECDSA authentication identity of the user.
.It Pa ~/.ssh/id_ed25519
-Contains the Ed25519 authentication identity of the user.
.It Pa ~/.ssh/id_ed25519_sk
-Contains the security key-hosted Ed25519 authentication identity of the user.
.It Pa ~/.ssh/id_rsa
-Contains the RSA authentication identity of the user.
+Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519,
+authenticator-hosted Ed25519 or RSA authentication identity of the user.
.El
.Pp
Identity files should not be readable by anyone but the user.
diff --git a/ssh-agent.1 b/ssh-agent.1
index a3f63467..fff0db6b 100644
--- a/ssh-agent.1
+++ b/ssh-agent.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-agent.1,v 1.69 2019/11/30 07:07:59 jmc Exp $
+.\" $OpenBSD: ssh-agent.1,v 1.70 2019/12/21 20:22:34 naddy Exp $
.\"
.\" Author: Tatu Ylonen <ylo at cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: November 30 2019 $
+.Dd $Mdocdate: December 21 2019 $
.Dt SSH-AGENT 1
.Os
.Sh NAME
@@ -98,8 +98,8 @@ Kill the current agent (given by the
.Ev SSH_AGENT_PID
environment variable).
.It Fl P Ar provider_whitelist
-Specify a pattern-list of acceptable paths for PKCS#11 and security key shared
-libraries that may be used with the
+Specify a pattern-list of acceptable paths for PKCS#11 and FIDO authenticator
+shared libraries that may be used with the
.Fl S
or
.Fl s
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 1b77bdf6..e4859738 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-keygen.1,v 1.179 2019/11/30 07:07:59 jmc Exp $
+.\" $OpenBSD: ssh-keygen.1,v 1.180 2019/12/21 20:22:34 naddy Exp $
.\"
.\" Author: Tatu Ylonen <ylo at cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: November 30 2019 $
+.Dd $Mdocdate: December 21 2019 $
.Dt SSH-KEYGEN 1
.Os
.Sh NAME
@@ -537,7 +537,7 @@ Allows X11 forwarding.
.It Ic no-touch-required
Do not require signatures made using this key require demonstration
of user presence (e.g. by having the user touch the key).
-This option only makes sense for the Security Key algorithms
+This option only makes sense for the FIDO authenticator algorithms
.Cm ecdsa-sk
and
.Cm ed25519-sk .
@@ -673,11 +673,11 @@ The maximum is 3.
.It Fl W Ar generator
Specify desired generator when testing candidate moduli for DH-GEX.
.It Fl w Ar provider
-Specifies a path to a security key provider library that will be used when
-creating any security key-hosted keys, overriding the default of the
-internal support for USB HID keys.
+Specifies a path to a library that will be used when creating
+FIDO authenticator-hosted keys, overriding the default of using
+the internal USB HID support.
.It Fl x Ar flags
-Specifies the security key flags to use when enrolling a security key-hosted
+Specifies the authenticator flags to use when enrolling an authenticator-hosted
key.
Flags may be specified by name or directly as a hexadecimal value.
Only one named flag is supported at present:
@@ -1053,8 +1053,7 @@ user2 at example.com namespaces="file" ssh-ed25519 AAA41...
.Sh ENVIRONMENT
.Bl -tag -width Ds
.It Ev SSH_SK_PROVIDER
-Specifies the path to a security key provider library used to interact with
-hardware security keys.
+Specifies the path to a library used to interact with FIDO authenticators.
.El
.Sh FILES
.Bl -tag -width Ds -compact
@@ -1064,8 +1063,8 @@ hardware security keys.
.It Pa ~/.ssh/id_ed25519
.It Pa ~/.ssh/id_ed25519_sk
.It Pa ~/.ssh/id_rsa
-Contains the DSA, ECDSA, security key-hosted ECDSA, Ed25519,
-security key-hosted Ed25519 or RSA authentication identity of the user.
+Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519,
+authenticator-hosted Ed25519 or RSA authentication identity of the user.
This file should not be readable by anyone but the user.
It is possible to
specify a passphrase when generating the key; that passphrase will be
@@ -1082,8 +1081,8 @@ will read this file when a login attempt is made.
.It Pa ~/.ssh/id_ed25519.pub
.It Pa ~/.ssh/id_ed25519_sk.pub
.It Pa ~/.ssh/id_rsa.pub
-Contains the DSA, ECDSA, security key-hosted ECDSA, Ed25519,
-security key-hosted Ed25519 or RSA public key for authentication.
+Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519,
+authenticator-hosted Ed25519 or RSA public key for authentication.
The contents of this file should be added to
.Pa ~/.ssh/authorized_keys
on all machines
diff --git a/ssh-sk-helper.8 b/ssh-sk-helper.8
index 9a518fba..3c53da1e 100644
--- a/ssh-sk-helper.8
+++ b/ssh-sk-helper.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-sk-helper.8,v 1.2 2019/11/30 07:07:59 jmc Exp $
+.\" $OpenBSD: ssh-sk-helper.8,v 1.3 2019/12/21 20:22:34 naddy Exp $
.\"
.\" Copyright (c) 2010 Markus Friedl. All rights reserved.
.\"
@@ -14,12 +14,12 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\"
-.Dd $Mdocdate: November 30 2019 $
+.Dd $Mdocdate: December 21 2019 $
.Dt SSH-SK-HELPER 8
.Os
.Sh NAME
.Nm ssh-sk-helper
-.Nd OpenSSH helper for security key support
+.Nd OpenSSH helper for FIDO authenticator support
.Sh SYNOPSIS
.Nm
.Op Fl v
@@ -27,7 +27,7 @@
.Nm
is used by
.Xr ssh-agent 1
-to access keys provided by a security key.
+to access keys provided by a FIDO authenticator.
.Pp
.Nm
is not intended to be invoked by the user, but from
diff --git a/ssh.1 b/ssh.1
index 8b4b79e1..97133752 100644
--- a/ssh.1
+++ b/ssh.1
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.408 2019/11/30 07:07:59 jmc Exp $
-.Dd $Mdocdate: November 30 2019 $
+.\" $OpenBSD: ssh.1,v 1.409 2019/12/21 20:22:34 naddy Exp $
+.Dd $Mdocdate: December 21 2019 $
.Dt SSH 1
.Os
.Sh NAME
@@ -903,11 +903,11 @@ This stores the private key in
.Pa ~/.ssh/id_ecdsa
(ECDSA),
.Pa ~/.ssh/id_ecdsa_sk
-(security key-hosted ECDSA),
+(authenticator-hosted ECDSA),
.Pa ~/.ssh/id_ed25519
(Ed25519),
.Pa ~/.ssh/id_ed25519_sk
-(security key-hosted Ed25519),
+(authenticator-hosted Ed25519),
or
.Pa ~/.ssh/id_rsa
(RSA)
@@ -917,11 +917,11 @@ and stores the public key in
.Pa ~/.ssh/id_ecdsa.pub
(ECDSA),
.Pa ~/.ssh/id_ecdsa_sk.pub
-(security key-hosted ECDSA),
+(authenticator-hosted ECDSA),
.Pa ~/.ssh/id_ed25519.pub
(Ed25519),
.Pa ~/.ssh/id_ed25519_sk.pub
-(security key-hosted Ed25519),
+(authenticator-hosted Ed25519),
or
.Pa ~/.ssh/id_rsa.pub
(RSA)
diff --git a/ssh_config.5 b/ssh_config.5
index 186e0761..d3d45b53 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,7 +33,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh_config.5,v 1.312 2019/12/21 02:19:13 djm Exp $
+.\" $OpenBSD: ssh_config.5,v 1.313 2019/12/21 20:22:34 naddy Exp $
.Dd $Mdocdate: December 21 2019 $
.Dt SSH_CONFIG 5
.Os
@@ -936,8 +936,8 @@ or the tokens described in the
.Sx TOKENS
section.
.It Cm IdentityFile
-Specifies a file from which the user's DSA, ECDSA, security key-hosted ECDSA,
-Ed25519 or RSA authentication identity is read.
+Specifies a file from which the user's DSA, ECDSA, authenticator-hosted ECDSA,
+Ed25519, authenticator-hosted Ed25519 or RSA authentication identity is read.
The default is
.Pa ~/.ssh/id_dsa ,
.Pa ~/.ssh/id_ecdsa ,
@@ -1462,9 +1462,9 @@ an OpenSSH Key Revocation List (KRL) as generated by
For more information on KRLs, see the KEY REVOCATION LISTS section in
.Xr ssh-keygen 1 .
.It Cm SecurityKeyProvider
-Specifies a path to a security key provider library that will be used when
-loading any security key-hosted keys, overriding the default of using
-the built-in support for USB HID keys.
+Specifies a path to a library that will be used when loading any
+FIDO authenticator-hosted keys, overriding the default of using
+the built-in USB HID support.
.Pp
If the specified value begins with a
.Sq $
diff --git a/sshd.8 b/sshd.8
index dc11a0d0..b7042cb5 100644
--- a/sshd.8
+++ b/sshd.8
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd.8,v 1.310 2019/12/19 03:50:01 dtucker Exp $
-.Dd $Mdocdate: December 19 2019 $
+.\" $OpenBSD: sshd.8,v 1.311 2019/12/21 20:22:34 naddy Exp $
+.Dd $Mdocdate: December 21 2019 $
.Dt SSHD 8
.Os
.Sh NAME
@@ -627,7 +627,7 @@ option.
.It Cm no-touch-required
Do not require demonstration of user presence
for signatures made using this key.
-This option only makes sense for the Security Key algorithms
+This option only makes sense for the FIDO authenticator algorithms
.Cm ecdsa-sk
and
.Cm ed25519-sk .
diff --git a/sshd_config.5 b/sshd_config.5
index 22219317..76ec69ba 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.296 2019/12/19 15:09:30 naddy Exp $
-.Dd $Mdocdate: December 19 2019 $
+.\" $OpenBSD: sshd_config.5,v 1.297 2019/12/21 20:22:34 naddy Exp $
+.Dd $Mdocdate: December 21 2019 $
.Dt SSHD_CONFIG 5
.Os
.Sh NAME
@@ -1462,20 +1462,20 @@ and
.Pp
The
.Cm touch-required
-option causes public key authentication using a security key algorithm
+option causes public key authentication using a FIDO authenticator algorithm
(i.e.\&
.Cm ecdsa-sk
or
.Cm ed25519-sk )
to always require the signature to attest that a physically present user
-explicitly confirmed the authentication (usually by touching the security key).
+explicitly confirmed the authentication (usually by touching the authenticator).
By default,
.Xr sshd 8
-requires key touch unless overridden with an authorized_keys option.
+requires user presence unless overridden with an authorized_keys option.
The
.Cm touch-required
flag disables this override.
-This option has no effect for other, non-security key, public key types.
+This option has no effect for other, non-authenticator public key types.
.It Cm PubkeyAuthentication
Specifies whether public key authentication is allowed.
The default is
@@ -1527,9 +1527,9 @@ If the routing domain is set to
.Cm \&%D ,
then the domain in which the incoming connection was received will be applied.
.It Cm SecurityKeyProvider
-Specifies a path to a security key provider library that will be used when
-loading any security key-hosted keys, overriding the default of using
-the built-in support for USB HID keys.
+Specifies a path to a library that will be used when loading
+FIDO authenticator-hosted keys, overriding the default of using
+the built-in USB HID support.
.It Cm SetEnv
Specifies one or more environment variables to set in child sessions started
by
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list