From 9ce5bc401cc7309cc93ec1ab4de600d59d013ca4 Mon Sep 17 00:00:00 2001 From: Jacob Nevins Date: Wed, 12 Jul 2023 17:55:58 +0100 Subject: [PATCH] Tweaks to OpenSSH key format docs. Index the older format as 'PEM-style', since PEM is how it's referred to in OpenSSH's own docs; and justify why you might want to use the newer format. --- doc/index.but | 3 +++ doc/pubkey.but | 8 ++++++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/doc/index.but b/doc/index.but index 187f5a1e..86c6f931 100644 --- a/doc/index.but +++ b/doc/index.but @@ -869,6 +869,9 @@ saved sessions from \IM{ssh.com private key format} \cw{ssh.com} private key file format \IM{ssh.com private key format} private key file, \cw{ssh.com} +\IM{PEM-style} PEM-style OpenSSH private key format +\IM{PEM-style} OpenSSH private key format, PEM-style + \IM{importing keys} importing private keys \IM{importing keys} loading private keys diff --git a/doc/pubkey.but b/doc/pubkey.but index cdd33301..c421cedb 100644 --- a/doc/pubkey.but +++ b/doc/pubkey.but @@ -507,13 +507,17 @@ passphrase in beforehand, and you will be warned if you are about to save a key without a passphrase. For OpenSSH there are two options. Modern OpenSSH actually has two -formats it uses for storing private keys. \q{Export OpenSSH key} +formats it uses for storing private keys: an older (\q{\i{PEM-style}}) +format, and a newer \q{native} format with better resistance to +passphrase guessing and support for comments. \q{Export OpenSSH key} will automatically choose the oldest format supported for the key type, for maximum backward compatibility with older versions of OpenSSH; for newer key types like Ed25519, it will use the newer format as that is the only legal option. If you have some specific reason for wanting to use OpenSSH's newer format even for RSA, DSA, -or ECDSA keys, you can choose \q{Export OpenSSH key (force new file +or ECDSA keys \dash for instance, you know your file will only be +used by OpenSSH 6.5 or newer (released in 2014), and want the extra +security \dash you can choose \q{Export OpenSSH key (force new file format)}. Most clients for the older SSH-1 protocol use a standard format for