From owner-svn-doc-head@FreeBSD.ORG Fri Apr 11 16:47:04 2014 Return-Path: Delivered-To: svn-doc-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 54140C48; Fri, 11 Apr 2014 16:47:04 +0000 (UTC) Received: from dmz-mailsec-scanner-7.mit.edu (dmz-mailsec-scanner-7.mit.edu [18.7.68.36]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8E89D1270; Fri, 11 Apr 2014 16:47:03 +0000 (UTC) X-AuditID: 12074424-f79e26d000000c70-04-53481b5231c5 Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-7.mit.edu (Symantec Messaging Gateway) with SMTP id 52.C2.03184.25B18435; Fri, 11 Apr 2014 12:41:54 -0400 (EDT) Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id s3BGfrS3012434; Fri, 11 Apr 2014 12:41:53 -0400 Received: from multics.mit.edu (system-low-sipb.mit.edu [18.187.2.37]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id s3BGfpee031841 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 11 Apr 2014 12:41:52 -0400 Received: (from kaduk@localhost) by multics.mit.edu (8.12.9.20060308) id s3BGfoCR018407; Fri, 11 Apr 2014 12:41:50 -0400 (EDT) Date: Fri, 11 Apr 2014 12:41:50 -0400 (EDT) From: Benjamin Kaduk To: Dru Lavigne Subject: Re: svn commit: r44524 - head/en_US.ISO8859-1/books/handbook/security In-Reply-To: <201404102037.s3AKb52d024905@svn.freebsd.org> Message-ID: References: <201404102037.s3AKb52d024905@svn.freebsd.org> User-Agent: Alpine 1.10 (GSO 962 2008-03-14) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrAIsWRmVeSWpSXmKPExsUixCmqrBsk7RFs8OQqq8WPj4eYLLqaVC1u LNrPZLG7v5fZgcVjxqf5LAGMUVw2Kak5mWWpRfp2CVwZP6/tYyq4wVGxf71fA+M89i5GTg4J AROJpwcXMEPYYhIX7q1n62Lk4hASmM0kMenFZXYIZyOjxI73k5ggnENMEn9vvGOBcBoYJVav +Qk2i0VAW6J5818wm01ARWLmm41sILaIgKLE0697GUFsZoEoiT1LG1lBbGGBAIm/HYdYQGxO ASuJaz+Wg9m8Ao4SX2e0A93EAbTAUuLnRC6QsKiAjsTq/VOgSgQlTs58wgIx0lLi3J/rbBMY BWchSc1CklrAyLSKUTYlt0o3NzEzpzg1Wbc4OTEvL7VI11wvN7NELzWldBMjKGDZXVR2MDYf UjrEKMDBqMTDe+CSW7AQa2JZcWXuIUZJDiYlUd4Lkh7BQnxJ+SmVGYnFGfFFpTmpxYcYJTiY lUR4N111DxbiTUmsrEotyodJSXOwKInzvrW2ChYSSE8sSc1OTS1ILYLJynBwKEnwqkoBDRUs Sk1PrUjLzClBSDNxcIIM5wEaHgJSw1tckJhbnJkOkT/FqCglznsL5CIBkERGaR5cLyyhvGIU B3pFmFcbpJ0HmIzgul8BDWYCGnxpMsjVxSWJCCmpBsbwK5VVihrNl5Zv4fjD6JN0wULIUFG9 wVKZT9ox6Ln1/7puix0yO6pnfRFSm1v7uF7F5V4cZ+OVz618ytPf+k8OKpoS3L4gO27tiuOz DGoMA2QUr6maWJ3cEyBo/5dl3i/3J86rEyR0T1ZV2k/o8MxeVCqQutpotY+fEGuYS2zHV+WP 8UsnKrEUZyQaajEXFScCADz/aMEDAwAA Cc: svn-doc-head@freebsd.org, svn-doc-all@freebsd.org, doc-committers@freebsd.org X-BeenThere: svn-doc-head@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: SVN commit messages for the doc tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Apr 2014 16:47:04 -0000 On Thu, 10 Apr 2014, Dru Lavigne wrote: > Modified: head/en_US.ISO8859-1/books/handbook/security/chapter.xml > ============================================================================== > --- head/en_US.ISO8859-1/books/handbook/security/chapter.xml Thu Apr 10 20:15:39 2014 (r44523) > +++ head/en_US.ISO8859-1/books/handbook/security/chapter.xml Thu Apr 10 20:37:05 2014 (r44524) > > + The first time sshd starts on a > + &os; system, the system's host keys will be automatically > + created and the fingerprint will be displayed on the console. > + Provide users with the fingerprint so that they can verify it > + the first time they connect to the server. I wonder if any readers will think that they need to save this fingerprint from the first startup (as if it would not be retrievable later). On the other hand, talking about 'ssh-keygen -l -f /etc/ssh/ssh_host_ecdsa_key.pub' is not really appropriate here, I think. I don't think this text necessarily has to change, though; it was just a thought that occurred to me. -Ben