diff --git a/en_US.ISO8859-1/books/handbook/security/chapter.xml b/en_US.ISO8859-1/books/handbook/security/chapter.xml
index 378de9026d..a3bb5a8c70 100644
--- a/en_US.ISO8859-1/books/handbook/security/chapter.xml
+++ b/en_US.ISO8859-1/books/handbook/security/chapter.xml
@@ -2599,32 +2599,55 @@ COPYRIGHT 100% |*****************************| 4735
Instead of using passwords, a client can be configured
to connect to the remote machine using keys. To generate
- DSA or RSA
+ RSA
authentication keys, use ssh-keygen. To
generate a public and private key pair, specify the type of
key and follow the prompts. It is recommended to protect
the keys with a memorable, but hard to guess
passphrase.
- &prompt.user; ssh-keygen -t dsa
-Generating public/private dsa key pair.
-Enter file in which to save the key (/home/user/.ssh/id_dsa):
-Created directory '/home/user/.ssh'.
-Enter passphrase (empty for no passphrase): type some passphrase here which can contain spaces
-Enter same passphrase again: type some passphrase here which can contain spaces
-Your identification has been saved in /home/user/.ssh/id_dsa.
-Your public key has been saved in /home/user/.ssh/id_dsa.pub.
+ &prompt.user; ssh-keygen -t rsa
+Generating public/private rsa key pair.
+Enter file in which to save the key (/home/user/.ssh/id_rsa):
+Enter passphrase (empty for no passphrase):
+Enter same passphrase again:
+Your identification has been saved in /home/user/.ssh/id_rsa.
+Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
-bb:48:db:f2:93:57:80:b6:aa:bc:f5:d5:ba:8f:79:17 user@host.example.com
+SHA256:54Xm9Uvtv6H4NOo6yjP/YCfODryvUU7yWHzMqeXwhq8 user@host.example.com
+The key's randomart image is:
++---[RSA 2048]----+
+| |
+| |
+| |
+| . o.. |
+| .S*+*o |
+| . O=Oo . . |
+| = Oo= oo..|
+| .oB.* +.oo.|
+| =OE**.o..=|
++----[SHA256]-----+
- Depending upon the specified protocol, the private key
- is stored in ~/.ssh/id_dsa (or
- ~/.ssh/id_rsa), and the public key
- is stored in ~/.ssh/id_dsa.pub (or
- ~/.ssh/id_rsa.pub). The
- public key must be first copied to
+
+
+ Type a passphrase here. It can contain spaces and
+ symbols.
+
+
+
+ Retype the passphrase to verify it.
+
+
+
+
+ The private key
+ is stored in ~/.ssh/id_rsa
+ and the public key
+ is stored in ~/.ssh/id_rsa.pub.
+ The
+ public key must be copied to
~/.ssh/authorized_keys on the remote
- machine in order for key-based authentication to
+ machine for key-based authentication to
work.
@@ -2638,42 +2661,48 @@ bb:48:db:f2:93:57:80:b6:aa:bc:f5:d5:ba:8f:79:17 user@host.example.com
passphrase. In addition, to better secure end users,
from may be placed in the public key
file. For example, adding
- from="192.168.10.5" in the front of
- ssh-rsa or rsa-dsa
- prefix will only allow that specific user to login from
+ from="192.168.10.5" in front of the
+ ssh-rsa
+ prefix will only allow that specific user to log in from
that IP address.
- The various options and files can be different
- according to the OpenSSH version.
+ The options and files vary with different versions of
+ OpenSSH.
To avoid problems, consult &man.ssh-keygen.1;.
- If a passphrase is used, the user will be prompted for
+ If a passphrase is used, the user is prompted for
the passphrase each time a connection is made to the server.
- To load SSH keys into memory, without
- needing to type the passphrase each time, use
+ To load SSH keys into memory and remove
+ the need to type the passphrase each time, use
&man.ssh-agent.1; and &man.ssh-add.1;.
Authentication is handled by
- ssh-agent, using the private key(s) that
- are loaded into it. Then, ssh-agent
- should be used to launch another application such as a
+ ssh-agent, using the private keys that
+ are loaded into it. ssh-agent
+ can be used to launch another application like a
shell or a window manager.
To use ssh-agent in a shell, start it
- with a shell as an argument. Next, add the identity by
- running ssh-add and providing it the
- passphrase for the private key. Once these steps have been
- completed, the user will be able to ssh
+ with a shell as an argument. Add the identity by
+ running ssh-add and entering the
+ passphrase for the private key.
+ The user will then be able to ssh
to any host that has the corresponding public key installed.
For example:
&prompt.user; ssh-agent csh
&prompt.user; ssh-add
-Enter passphrase for key '/usr/home/user/.ssh/id_dsa': type passphrase here
-Identity added: /usr/home/user/.ssh/id_dsa (/usr/home/user/.ssh/id_dsa)
+Enter passphrase for key '/usr/home/user/.ssh/id_rsa':
+Identity added: /usr/home/user/.ssh/id_rsa (/usr/home/user/.ssh/id_rsa)
&prompt.user;
+
+
+ Enter the passphrase for the key.
+
+
+
To use ssh-agent in
&xorg;, add an entry for it in
~/.xinitrc. This provides the