[openssh-commits] [openssh] 01/05: upstream: Replace the term "security key" with "(FIDO)

git+noreply at mindrot.org git+noreply at mindrot.org
Mon Dec 30 14:34:01 AEDT 2019


This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 141df487ba699cfd1ec3dcd98186e7c956e99024
Author: naddy at openbsd.org <naddy at openbsd.org>
Date:   Sat Dec 21 20:22:34 2019 +0000

    upstream: Replace the term "security key" with "(FIDO)
    
    authenticator".
    
    The polysemous use of "key" was too confusing.  Input from markus at .
    ok jmc@
    
    OpenBSD-Commit-ID: 12eea973a44c8232af89f86e4269d71ae900ca8f
---
 ssh-add.1       | 21 ++++++++-------------
 ssh-agent.1     |  8 ++++----
 ssh-keygen.1    | 25 ++++++++++++-------------
 ssh-sk-helper.8 |  8 ++++----
 ssh.1           | 12 ++++++------
 ssh_config.5    | 12 ++++++------
 sshd.8          |  6 +++---
 sshd_config.5   | 18 +++++++++---------
 8 files changed, 52 insertions(+), 58 deletions(-)

diff --git a/ssh-add.1 b/ssh-add.1
index 1832ae66..45af7357 100644
--- a/ssh-add.1
+++ b/ssh-add.1
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ssh-add.1,v 1.76 2019/11/30 07:07:59 jmc Exp $
+.\"	$OpenBSD: ssh-add.1,v 1.77 2019/12/21 20:22:34 naddy Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo at cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: November 30 2019 $
+.Dd $Mdocdate: December 21 2019 $
 .Dt SSH-ADD 1
 .Os
 .Sh NAME
@@ -135,8 +135,8 @@ Lists fingerprints of all identities currently represented by the agent.
 .It Fl q
 Be quiet after a successful operation.
 .It Fl S Ar provider
-Specifies a path to a security key provider library that will be used when
-adding any security key-hosted keys, overriding the default of using the
+Specifies a path to a library that will be used when adding
+FIDO authenticator-hosted keys, overriding the default of using the
 internal USB HID support.
 .It Fl s Ar pkcs11
 Add keys provided by the PKCS#11 shared library
@@ -197,23 +197,18 @@ Identifies the path of a
 .Ux Ns -domain
 socket used to communicate with the agent.
 .It Ev SSH_SK_PROVIDER
-Specifies the path to a security key provider library used to interact with
-hardware security keys.
+Specifies the path to a library used to interact with FIDO authenticators.
 .El
 .Sh FILES
-.Bl -tag -width Ds
+.Bl -tag -width Ds -compact
 .It Pa ~/.ssh/id_dsa
-Contains the DSA authentication identity of the user.
 .It Pa ~/.ssh/id_ecdsa
-Contains the ECDSA authentication identity of the user.
 .It Pa ~/.ssh/id_ecdsa_sk
-Contains the security key-hosted ECDSA authentication identity of the user.
 .It Pa ~/.ssh/id_ed25519
-Contains the Ed25519 authentication identity of the user.
 .It Pa ~/.ssh/id_ed25519_sk
-Contains the security key-hosted Ed25519 authentication identity of the user.
 .It Pa ~/.ssh/id_rsa
-Contains the RSA authentication identity of the user.
+Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519,
+authenticator-hosted Ed25519 or RSA authentication identity of the user.
 .El
 .Pp
 Identity files should not be readable by anyone but the user.
diff --git a/ssh-agent.1 b/ssh-agent.1
index a3f63467..fff0db6b 100644
--- a/ssh-agent.1
+++ b/ssh-agent.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-agent.1,v 1.69 2019/11/30 07:07:59 jmc Exp $
+.\" $OpenBSD: ssh-agent.1,v 1.70 2019/12/21 20:22:34 naddy Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo at cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: November 30 2019 $
+.Dd $Mdocdate: December 21 2019 $
 .Dt SSH-AGENT 1
 .Os
 .Sh NAME
@@ -98,8 +98,8 @@ Kill the current agent (given by the
 .Ev SSH_AGENT_PID
 environment variable).
 .It Fl P Ar provider_whitelist
-Specify a pattern-list of acceptable paths for PKCS#11 and security key shared
-libraries that may be used with the
+Specify a pattern-list of acceptable paths for PKCS#11 and FIDO authenticator
+shared libraries that may be used with the
 .Fl S
 or
 .Fl s
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 1b77bdf6..e4859738 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ssh-keygen.1,v 1.179 2019/11/30 07:07:59 jmc Exp $
+.\"	$OpenBSD: ssh-keygen.1,v 1.180 2019/12/21 20:22:34 naddy Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo at cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
@@ -35,7 +35,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: November 30 2019 $
+.Dd $Mdocdate: December 21 2019 $
 .Dt SSH-KEYGEN 1
 .Os
 .Sh NAME
@@ -537,7 +537,7 @@ Allows X11 forwarding.
 .It Ic no-touch-required
 Do not require signatures made using this key require demonstration
 of user presence (e.g. by having the user touch the key).
-This option only makes sense for the Security Key algorithms
+This option only makes sense for the FIDO authenticator algorithms
 .Cm ecdsa-sk
 and
 .Cm ed25519-sk .
@@ -673,11 +673,11 @@ The maximum is 3.
 .It Fl W Ar generator
 Specify desired generator when testing candidate moduli for DH-GEX.
 .It Fl w Ar provider
-Specifies a path to a security key provider library that will be used when
-creating any security key-hosted keys, overriding the default of the
-internal support for USB HID keys.
+Specifies a path to a library that will be used when creating
+FIDO authenticator-hosted keys, overriding the default of using
+the internal USB HID support.
 .It Fl x Ar flags
-Specifies the security key flags to use when enrolling a security key-hosted
+Specifies the authenticator flags to use when enrolling an authenticator-hosted
 key.
 Flags may be specified by name or directly as a hexadecimal value.
 Only one named flag is supported at present:
@@ -1053,8 +1053,7 @@ user2 at example.com namespaces="file" ssh-ed25519 AAA41...
 .Sh ENVIRONMENT
 .Bl -tag -width Ds
 .It Ev SSH_SK_PROVIDER
-Specifies the path to a security key provider library used to interact with
-hardware security keys.
+Specifies the path to a library used to interact with FIDO authenticators.
 .El
 .Sh FILES
 .Bl -tag -width Ds -compact
@@ -1064,8 +1063,8 @@ hardware security keys.
 .It Pa ~/.ssh/id_ed25519
 .It Pa ~/.ssh/id_ed25519_sk
 .It Pa ~/.ssh/id_rsa
-Contains the DSA, ECDSA, security key-hosted ECDSA, Ed25519,
-security key-hosted Ed25519 or RSA authentication identity of the user.
+Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519,
+authenticator-hosted Ed25519 or RSA authentication identity of the user.
 This file should not be readable by anyone but the user.
 It is possible to
 specify a passphrase when generating the key; that passphrase will be
@@ -1082,8 +1081,8 @@ will read this file when a login attempt is made.
 .It Pa ~/.ssh/id_ed25519.pub
 .It Pa ~/.ssh/id_ed25519_sk.pub
 .It Pa ~/.ssh/id_rsa.pub
-Contains the DSA, ECDSA, security key-hosted ECDSA, Ed25519,
-security key-hosted Ed25519 or RSA public key for authentication.
+Contains the DSA, ECDSA, authenticator-hosted ECDSA, Ed25519,
+authenticator-hosted Ed25519 or RSA public key for authentication.
 The contents of this file should be added to
 .Pa ~/.ssh/authorized_keys
 on all machines
diff --git a/ssh-sk-helper.8 b/ssh-sk-helper.8
index 9a518fba..3c53da1e 100644
--- a/ssh-sk-helper.8
+++ b/ssh-sk-helper.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-sk-helper.8,v 1.2 2019/11/30 07:07:59 jmc Exp $
+.\" $OpenBSD: ssh-sk-helper.8,v 1.3 2019/12/21 20:22:34 naddy Exp $
 .\"
 .\" Copyright (c) 2010 Markus Friedl.  All rights reserved.
 .\"
@@ -14,12 +14,12 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: November 30 2019 $
+.Dd $Mdocdate: December 21 2019 $
 .Dt SSH-SK-HELPER 8
 .Os
 .Sh NAME
 .Nm ssh-sk-helper
-.Nd OpenSSH helper for security key support
+.Nd OpenSSH helper for FIDO authenticator support
 .Sh SYNOPSIS
 .Nm
 .Op Fl v
@@ -27,7 +27,7 @@
 .Nm
 is used by
 .Xr ssh-agent 1
-to access keys provided by a security key.
+to access keys provided by a FIDO authenticator.
 .Pp
 .Nm
 is not intended to be invoked by the user, but from
diff --git a/ssh.1 b/ssh.1
index 8b4b79e1..97133752 100644
--- a/ssh.1
+++ b/ssh.1
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.408 2019/11/30 07:07:59 jmc Exp $
-.Dd $Mdocdate: November 30 2019 $
+.\" $OpenBSD: ssh.1,v 1.409 2019/12/21 20:22:34 naddy Exp $
+.Dd $Mdocdate: December 21 2019 $
 .Dt SSH 1
 .Os
 .Sh NAME
@@ -903,11 +903,11 @@ This stores the private key in
 .Pa ~/.ssh/id_ecdsa
 (ECDSA),
 .Pa ~/.ssh/id_ecdsa_sk
-(security key-hosted ECDSA),
+(authenticator-hosted ECDSA),
 .Pa ~/.ssh/id_ed25519
 (Ed25519),
 .Pa ~/.ssh/id_ed25519_sk
-(security key-hosted Ed25519),
+(authenticator-hosted Ed25519),
 or
 .Pa ~/.ssh/id_rsa
 (RSA)
@@ -917,11 +917,11 @@ and stores the public key in
 .Pa ~/.ssh/id_ecdsa.pub
 (ECDSA),
 .Pa ~/.ssh/id_ecdsa_sk.pub
-(security key-hosted ECDSA),
+(authenticator-hosted ECDSA),
 .Pa ~/.ssh/id_ed25519.pub
 (Ed25519),
 .Pa ~/.ssh/id_ed25519_sk.pub
-(security key-hosted Ed25519),
+(authenticator-hosted Ed25519),
 or
 .Pa ~/.ssh/id_rsa.pub
 (RSA)
diff --git a/ssh_config.5 b/ssh_config.5
index 186e0761..d3d45b53 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,7 +33,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.312 2019/12/21 02:19:13 djm Exp $
+.\" $OpenBSD: ssh_config.5,v 1.313 2019/12/21 20:22:34 naddy Exp $
 .Dd $Mdocdate: December 21 2019 $
 .Dt SSH_CONFIG 5
 .Os
@@ -936,8 +936,8 @@ or the tokens described in the
 .Sx TOKENS
 section.
 .It Cm IdentityFile
-Specifies a file from which the user's DSA, ECDSA, security key-hosted ECDSA,
-Ed25519 or RSA authentication identity is read.
+Specifies a file from which the user's DSA, ECDSA, authenticator-hosted ECDSA,
+Ed25519, authenticator-hosted Ed25519 or RSA authentication identity is read.
 The default is
 .Pa ~/.ssh/id_dsa ,
 .Pa ~/.ssh/id_ecdsa ,
@@ -1462,9 +1462,9 @@ an OpenSSH Key Revocation List (KRL) as generated by
 For more information on KRLs, see the KEY REVOCATION LISTS section in
 .Xr ssh-keygen 1 .
 .It Cm SecurityKeyProvider
-Specifies a path to a security key provider library that will be used when
-loading any security key-hosted keys, overriding the default of using
-the built-in support for USB HID keys.
+Specifies a path to a library that will be used when loading any
+FIDO authenticator-hosted keys, overriding the default of using
+the built-in USB HID support.
 .Pp
 If the specified value begins with a
 .Sq $
diff --git a/sshd.8 b/sshd.8
index dc11a0d0..b7042cb5 100644
--- a/sshd.8
+++ b/sshd.8
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd.8,v 1.310 2019/12/19 03:50:01 dtucker Exp $
-.Dd $Mdocdate: December 19 2019 $
+.\" $OpenBSD: sshd.8,v 1.311 2019/12/21 20:22:34 naddy Exp $
+.Dd $Mdocdate: December 21 2019 $
 .Dt SSHD 8
 .Os
 .Sh NAME
@@ -627,7 +627,7 @@ option.
 .It Cm no-touch-required
 Do not require demonstration of user presence
 for signatures made using this key.
-This option only makes sense for the Security Key algorithms
+This option only makes sense for the FIDO authenticator algorithms
 .Cm ecdsa-sk
 and
 .Cm ed25519-sk .
diff --git a/sshd_config.5 b/sshd_config.5
index 22219317..76ec69ba 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.296 2019/12/19 15:09:30 naddy Exp $
-.Dd $Mdocdate: December 19 2019 $
+.\" $OpenBSD: sshd_config.5,v 1.297 2019/12/21 20:22:34 naddy Exp $
+.Dd $Mdocdate: December 21 2019 $
 .Dt SSHD_CONFIG 5
 .Os
 .Sh NAME
@@ -1462,20 +1462,20 @@ and
 .Pp
 The
 .Cm touch-required
-option causes public key authentication using a security key algorithm
+option causes public key authentication using a FIDO authenticator algorithm
 (i.e.\&
 .Cm ecdsa-sk
 or
 .Cm ed25519-sk )
 to always require the signature to attest that a physically present user
-explicitly confirmed the authentication (usually by touching the security key).
+explicitly confirmed the authentication (usually by touching the authenticator).
 By default,
 .Xr sshd 8
-requires key touch unless overridden with an authorized_keys option.
+requires user presence unless overridden with an authorized_keys option.
 The
 .Cm touch-required
 flag disables this override.
-This option has no effect for other, non-security key, public key types.
+This option has no effect for other, non-authenticator public key types.
 .It Cm PubkeyAuthentication
 Specifies whether public key authentication is allowed.
 The default is
@@ -1527,9 +1527,9 @@ If the routing domain is set to
 .Cm \&%D ,
 then the domain in which the incoming connection was received will be applied.
 .It Cm SecurityKeyProvider
-Specifies a path to a security key provider library that will be used when
-loading any security key-hosted keys, overriding the default of using
-the built-in support for USB HID keys.
+Specifies a path to a library that will be used when loading
+FIDO authenticator-hosted keys, overriding the default of using
+the built-in USB HID support.
 .It Cm SetEnv
 Specifies one or more environment variables to set in child sessions started
 by

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list