Vendor import of OpenSSH 3.1

1 files changed, 21 insertions, 19 deletions

diff --git a/crypto/openssh/ssh-agent.1 b/crypto/openssh/ssh-agent.1
index 1d21469..9909ef5 100644
--- a/crypto/openssh/ssh-agent.1
+++ b/crypto/openssh/ssh-agent.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-agent.1,v 1.24 2001/04/10 09:13:21 itojun Exp $
+.\" $OpenBSD: ssh-agent.1,v 1.31 2002/02/04 20:41:16 stevesk Exp $
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
 .\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -42,11 +42,11 @@
 .Nd authentication agent
 .Sh SYNOPSIS
 .Nm ssh-agent
-.Ar command
-.Ar args ...
-.Nm ssh-agent
 .Op Fl c Li | Fl s
+.Op Fl d
+.Op Ar command Op Ar args ...
 .Nm ssh-agent
+.Op Fl c Li | Fl s
 .Fl k
 .Sh DESCRIPTION
 .Nm
@@ -80,6 +80,10 @@ does not look like it's a csh style of shell.
 Kill the current agent (given by the
 .Ev SSH_AGENT_PID
 environment variable).
+.It Fl d
+Debug mode.  When this option is specified
+.Nm
+will not fork.
 .El
 .Pp
 If a commandline is given, this is executed as a subprocess of the agent.
@@ -90,9 +94,11 @@ Keys are added using
 .Xr ssh-add 1 .
 When executed without arguments,
 .Xr ssh-add 1
-adds the
-.Pa $HOME/.ssh/identity
-file.
+adds the files
+.Pa $HOME/.ssh/id_rsa ,
+.Pa $HOME/.ssh/id_dsa 
+and
+.Pa $HOME/.ssh/identity .
 If the identity has a passphrase,
 .Xr ssh-add 1
 asks for the passphrase (using a small X11 application if running
@@ -112,9 +118,9 @@ remote logins, and the user can thus use the privileges given by the
 identities anywhere in the network in a secure way.
 .Pp
 There are two main ways to get an agent setup:
-Either you let the agent
-start a new subcommand into which some environment variables are exported, or
-you let the agent print the needed shell commands (either
+Either the agent starts a new subcommand into which some environment
+variables are exported, or the agent prints the needed shell commands
+(either
 .Xr sh 1
 or
 .Xr csh 1
@@ -123,6 +129,11 @@ Later
 .Xr ssh 1
 looks at these variables and uses them to establish a connection to the agent.
 .Pp
+The agent will never send a private key over its request channel.
+Instead, operations that require a private key will be performed
+by the agent, and the result will be returned to the requester.
+This way, private keys are not exposed to clients using the agent.
+.Pp
 A unix-domain socket is created
 .Pq Pa /tmp/ssh-XXXXXXXX/agent.<pid> ,
 and the name of this socket is stored in the
@@ -143,15 +154,6 @@ line terminates.
 .Bl -tag -width Ds
 .It Pa $HOME/.ssh/identity
 Contains the protocol version 1 RSA authentication identity of the user.
-This file should not be readable by anyone but the user.
-It is possible to
-specify a passphrase when generating the key; that passphrase will be
-used to encrypt the private part of this file.
-This file is not used by
-.Nm
-but is normally added to the agent using
-.Xr ssh-add 1
-at login time.
 .It Pa $HOME/.ssh/id_dsa
 Contains the protocol version 2 DSA authentication identity of the user.
 .It Pa $HOME/.ssh/id_rsa