From owner-svn-doc-all@FreeBSD.ORG Fri Apr 11 14:11:36 2014 Return-Path: Delivered-To: svn-doc-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 8D9CCD30 for ; Fri, 11 Apr 2014 14:11:36 +0000 (UTC) Received: from nm38.bullet.mail.ne1.yahoo.com (nm38.bullet.mail.ne1.yahoo.com [98.138.229.31]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 49CCD1FD4 for ; Fri, 11 Apr 2014 14:11:35 +0000 (UTC) Received: from [127.0.0.1] by nm38.bullet.mail.ne1.yahoo.com with NNFMP; 11 Apr 2014 14:11:29 -0000 Received: from [98.138.100.118] by nm38.bullet.mail.ne1.yahoo.com with NNFMP; 11 Apr 2014 14:08:43 -0000 Received: from [216.39.60.167] by tm109.bullet.mail.ne1.yahoo.com with NNFMP; 11 Apr 2014 14:08:43 -0000 Received: from [216.39.60.231] by tm3.access.bullet.mail.gq1.yahoo.com with NNFMP; 11 Apr 2014 14:08:43 -0000 Received: from [127.0.0.1] by omp1002.access.mail.gq1.yahoo.com with NNFMP; 11 Apr 2014 14:08:43 -0000 X-Yahoo-Newman-Property: ymail-4 X-Yahoo-Newman-Id: 158611.52708.bm@omp1002.access.mail.gq1.yahoo.com Received: (qmail 27743 invoked by uid 60001); 11 Apr 2014 14:02:03 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=att.net; s=s1024; t=1397224923; bh=wMKQE61vDZ8qD3mftqoWVmVPyx+9jSRkzZekPbkITEg=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=pNLjZ9oabfW+TEkGz29kANJb5B7E6Wh5HYPBvI6j5t1ZwJmsoYf0LdcBeRyJ3PFmG+8h8DQ38Dn4sZsPLWY6iZpyK5m+O8GiBaz7ZbBzDGJjtdiZYUkYBGTBNWziXx/sIUnb4oAW+7JOyhwoZUFJG8ub7ssdq3LBawVazJg1fYM= DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=att.net; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:References:Message-ID:Date:From:Reply-To:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=pti49OMtVzJ28CNfTqGJOr/qwFjRx74PHWO5q+uxnzlbPwhljghOikWZE5wrQ4PNZPZbOEQuOIfMwkvDL/2vc9ns8XPhoQVC4A6ddjrCHVFPtxC/zo8LJ/aX6g1GTqLlug3yCjruLpi+U3NwJJBNZHjBcASYUh+zxJTxSqHhgTs=; X-YMail-OSG: 0Os6RskVM1nMnjBu72ByYkxpgTMMOhF5NdulJ3KrGZU39tQ hvX2ohYk62C4yB.LmQn5iVr1ucBcdsa4ve8XmmnzhInuTe3S7oLQOA6efiRO 7l_Slsj2W.jnkoB4SguTpwuQRQqSfC.lhJbM.2H6ycJbgE60H.OaNOBs0cDa 4cQoVzF0v2hVLvtCaJ_u2dHBQaLMbY96dPTBVgrRH1pBo2QQgyQSGqMJQmfP b4baBFhkA1v80HjRg_vOlC7o4SoPsI0Lt1HJYjggnztLZ7_zzlZkY.7vj5AC rRG3.v0t3fZ6vldiYO985QUVKI6ckoIiJ3qk6cjVdRg.0br2fBK8U0SKhiWK gdwPCoOW5sux_Cy0aLkXqY_ss.7KTX71uWN716IMnN0SEFF8XVt5AvKKxspX OSjnIxm8fRNAOSjZZrRD44N6UL71Tl8dOHRr7Kgvs5bbnmh59OBzk1ZcLy5Y ShcwwcVEo4S.5E9F7bwEnYUO68_OvJtAL_vDHJjNgUm6naG5i.vtGJOKRwzp 44463Ew-- Received: from [99.98.83.69] by web184904.mail.gq1.yahoo.com via HTTP; Fri, 11 Apr 2014 07:02:03 PDT X-Rocket-MIMEInfo: 002.001, CgoKCi0tLS0tIE9yaWdpbmFsIE1lc3NhZ2UgLS0tLS0KPiBGcm9tOiBCZW5qYW1pbiBLYWR1ayA8a2FkdWtATUlULkVEVT4KPiBUbzogRHJ1IExhdmlnbmUgPGRydUBmcmVlYnNkLm9yZz4KPiBDYzogZG9jLWNvbW1pdHRlcnNAZnJlZWJzZC5vcmc7IHN2bi1kb2MtYWxsQGZyZWVic2Qub3JnOyBzdm4tZG9jLWhlYWRAZnJlZWJzZC5vcmcKPiBTZW50OiBUaHVyc2RheSwgQXByaWwgMTAsIDIwMTQgMzowNCBQTQo.IFN1YmplY3Q6IFJlOiBzdm4gY29tbWl0OiByNDQ1MjAgLSBoZWFkL2VuX1VTLklTTzg4NTktMS8BMAEBAQE- X-Mailer: YahooMailWebService/0.8.182.648 References: <201404101805.s3AI5XFJ061345@svn.freebsd.org> Message-ID: <1397224923.21440.YahooMailNeo@web184904.mail.gq1.yahoo.com> Date: Fri, 11 Apr 2014 07:02:03 -0700 (PDT) From: Dru Lavigne Subject: Re: svn commit: r44520 - head/en_US.ISO8859-1/books/handbook/security To: Benjamin Kaduk In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Cc: "svn-doc-head@freebsd.org" , "svn-doc-all@freebsd.org" , "doc-committers@freebsd.org" X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: Dru Lavigne List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Apr 2014 14:11:36 -0000 =0A=0A=0A=0A----- Original Message -----=0A> From: Benjamin Kaduk =0A> To: Dru Lavigne =0A> Cc: doc-committers@freebsd= .org; svn-doc-all@freebsd.org; svn-doc-head@freebsd.org=0A> Sent: Thursday,= April 10, 2014 3:04 PM=0A> Subject: Re: svn commit: r44520 - head/en_US.IS= O8859-1/books/handbook/security=0A> =0A> On Thu, 10 Apr 2014, Dru Lavigne w= rote:=0A> =0A>> Modified: head/en_US.ISO8859-1/books/handbook/security/cha= pter.xml=0A>> =0A> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=0A>> --- head/en_US.ISO8859-1/books/handboo= k/security/chapter.xml=A0=A0=A0 Thu Apr 10 =0A> 16:57:57 2014=A0=A0=A0 (r44= 519)=0A>> +++ head/en_US.ISO8859-1/books/handbook/security/chapter.xml=A0= =A0=A0 Thu Apr 10 =0A> 18:05:32 2014=A0=A0=A0 (r44520)=0A>> @@ -2464,34 +2= 469,39 @@ =0A> racoon_enable=3D"yes"=0A>> =A0=A0=A0 client=0A>> =A0 =A0 =A0 =0A>> =0A>> -=A0 = =A0 =A0 To use &man.ssh.1; to connect to a system running=0A>> -=A0= =A0=A0 &man.sshd.8;, specify the username and host to log=0A>> -=A0=A0=A0 = into:=0A>> +=A0 =A0 =A0 To log into a SSH = server, =0A> use=0A>> +=A0=A0=A0 ssh and specify a user= name that exists =0A> on=0A>> +=A0=A0=A0 that server and the IP address or =0A> hostname=0A>> +=A0=A0=A0 of the server.=A0 If thi= s is the first time a connection has=0A>> +=A0=A0=A0 been made to the spec= ified server, the user will be prompted=0A>> +=A0=A0=A0 to first verify th= e server's fingerprint:=0A> =0A> There are a few cases where the use= r will not be prompted to verify the =0A> server's fingerprint on the first= connection (and also some where the user =0A> will be prompted on not-the-= first connection).=A0 They are probably uncommon =0A> enough that we don't = need to document them, but for the record, the ones I =0A> can think of are= :=0A> =0A> Successful GSSAPIKeyExchange will avoid the need for a prompt=0A= > =0A> VerifyHostKeyDNS in ssh_config in combination with SSHFP records fro= m =0A> DNSSEC can be configured to validate the key without prompting the u= ser=0A> =0A> If there is a software upgrade on either client or server such= that the =0A> negotiated key-exchange algorithm changes (e.g., from RSA to= ECDSA), the =0A> user will be re-prompted for the new key, even though an = old key for a =0A> different mechanism is saved.=0A> =0A>> +=A0 =A0 =A0 Since the fingerprint was already verified for this =0A> host,=0A>> += =A0=A0=A0 the server's key is automatically checked before prompting for=0A= >> +=A0=A0=A0 the user's password.=0A>> +=0A>> +=A0 =A0 =A0 The arguments passed to =0A> scp are similar to=0A>> += =A0=A0=A0 cp.=A0 The file or files to copy is the =0A> f= irst=0A> =0A> It is probably worth noting a glaring discrepancy between scp= (1) and =0A> cp(1)'s arguments, here, namely with respect to recursive copi= es.=A0 scp =0A> takes -r, but cp takes -R.=0A> =0A>> +=A0=A0=A0 argument a= nd the destination to copy to is the second.=A0 Since the file=0A>> +=A0= =A0=A0 is fetched over the network, one or more of the file=0A>> =A0=A0=A0= arguments takes the form=0A>> =A0=A0=A0 =0A> .=0A>> =0A> [...]=0A>> +=A0 =A0 =A0 =A0 <= para>Instead of using passwords, a client can be configured=0A>> +=A0=A0= =A0 =A0 to connect to the remote machine=0A>> +=A0=A0=A0 =A0 using keys in= stead of=0A>> +=A0=A0=A0 =A0 passwords.=A0 To generate DSA or=0A> =0A> "instead of [using] passwords" is duplicated in this senten= ce.=0A=0A=0AThanks! See r44530 and r44521.=0A=0ACheers,=0A=0ADru=0A