changeset 860:057204b3dd61

docs for ecdsa
author Matt Johnston <matt@ucc.asn.au>
date Thu, 14 Nov 2013 22:14:09 +0800
parents 4891acd7ab4f
children e894dbc015ba
files dropbear.8 dropbearkey.1
diffstat 2 files changed, 23 insertions(+), 25 deletions(-) [+]
line wrap: on
line diff
--- a/dropbear.8	Thu Nov 14 22:07:18 2013 +0800
+++ b/dropbear.8	Thu Nov 14 22:14:09 2013 +0800
@@ -3,10 +3,10 @@
 dropbear \- lightweight SSH server
 .SH SYNOPSIS
 .B dropbear
-[\-FEmwsgjki] [\-b
-.I banner\fR] [\-d
-.I dsskey\fR] [\-r
-.I rsakey\fR] [\-p
+[\-RFEmwsgjki] [\-b
+.I banner\fR] 
+[\-r
+.I hostkeyfile\fR] [\-p
 .IR [address:]port ]
 .SH DESCRIPTION
 .B dropbear
@@ -20,24 +20,16 @@
 .I banner
 before user login (default: none).
 .TP
-.B \-d \fIdsskey
-dsskeyfile.
+.B \-r \fIhostkey
 Use the contents of the file
-.I dsskey
-for the DSS host key (default: /etc/dropbear/dropbear_dss_host_key). 
-Note that 
-some SSH implementations
-use the term "DSA" rather than "DSS", they mean the same thing.
+.I hostkey
+for the SSH hostkey.
 This file is generated with
-.BR dropbearkey (1).
+.BR dropbearkey (1) 
+or automatically with the '-R' option. See "Host Key Files" below.
 .TP
-.B \-r \fIrsakey
-rsakeyfile.
-Use the contents of the file
-.I rsakey
-for the rsa host key (default: /etc/dropbear/dropbear_rsa_host_key).
-This file is generated with
-.BR dropbearkey (1).
+.B \-R
+Generate hostkeys automatically
 .TP
 .B \-F
 Don't fork into background.
@@ -143,9 +135,13 @@
 Host Key Files
 
 Host key files are read at startup from a standard location, by default
-/etc/dropbear/dropbear_dss_host_key and /etc/dropbear/dropbear_rsa_host_key
-or specified on the commandline with -d or -r. These are of the form generated
-by dropbearkey.
+/etc/dropbear/dropbear_dss_host_key, /etc/dropbear/dropbear_rsa_host_key, and 
+/etc/dropbear/dropbear-ecdsa_host_key
+or specified on the commandline with -r. These are of the form generated
+by dropbearkey. The -R option can be used to automatically generate keys
+in the default location - keys will be generated after startup when the first
+connection is established. This had the benefit that the system /dev/urandom
+random number source has a better chance of being securely seeded.
 
 .TP
 Message Of The Day
--- a/dropbearkey.1	Thu Nov 14 22:07:18 2013 +0800
+++ b/dropbearkey.1	Thu Nov 14 22:14:09 2013 +0800
@@ -12,9 +12,10 @@
 .SH DESCRIPTION
 .B dropbearkey
 generates a
-.I RSA
+.I RSA 
+.I DSS,
 or
-.I DSS
+.I ECDSA
 format SSH private key, and saves it to a file for the use with the
 Dropbear client or server.
 Note that 
@@ -26,6 +27,7 @@
 Type of key to generate.
 Must be one of
 .I rsa
+.I ecdsa
 or
 .IR dss .
 .TP
@@ -36,7 +38,7 @@
 .B \-s \fIbits
 Set the key size to
 .I bits
-bits, should be multiple of 8 (optional).
+bits, should be multiple of 8 (optional). 
 .SH NOTES
 The program dropbearconvert(1) can be used to convert between Dropbear and OpenSSH key formats.
 .P