From 71c01e6ffe7c8f418e0a87bb30f5b1b7df2f882c Mon Sep 17 00:00:00 2001
From: Dmitri Iouchtchenko <johnnyspoon@gmail.com>
Date: Wed, 31 Aug 2016 13:53:12 -0400
Subject: doc: Mention support for Ed25519 in SSHbase

It has been possible to generate Ed25519 keys since commit
30a2bae0a92e8ba75fc10cc6eba4a6dddcecd2b6.
---
 doc/appendix/guides/import-existing-ssh-keys.txt |  7 ++++--
 doc/server/plugins/generators/sshbase.txt        | 31 ++++++++++++------------
 2 files changed, 21 insertions(+), 17 deletions(-)

diff --git a/doc/appendix/guides/import-existing-ssh-keys.txt b/doc/appendix/guides/import-existing-ssh-keys.txt
index 4e2282044..225844448 100644
--- a/doc/appendix/guides/import-existing-ssh-keys.txt
+++ b/doc/appendix/guides/import-existing-ssh-keys.txt
@@ -40,9 +40,12 @@ files explicity:
       <!-- requires a version of openssh that can generate ecdsa keys -->
       <Path name="/etc/ssh/ssh_host_ecdsa_key"/>
       <Path name="/etc/ssh/ssh_host_ecdsa_key.pub"/>
+      <!-- requires a version of openssh that can generate ed25519 keys -->
+      <Path name="/etc/ssh/ssh_host_ed25519_key"/>
+      <Path name="/etc/ssh/ssh_host_ed25519_key.pub"/>
       <Path name='/etc/ssh/ssh_host_dsa_key'/>
-      <Path name='/etc/ssh/ssh_host_rsa_key'/>
       <Path name='/etc/ssh/ssh_host_dsa_key.pub'/>
+      <Path name='/etc/ssh/ssh_host_rsa_key'/>
       <Path name='/etc/ssh/ssh_host_rsa_key.pub'/>
       <Path name='/etc/ssh/ssh_host_key'/>
       <Path name='/etc/ssh/ssh_host_key.pub'/>
@@ -97,7 +100,7 @@ Now, we pull the ssh host key data for the client out of the uploaded
 stats and insert it as host-specific copies of these files in
 ``/var/lib/bcfg2/SSHBase``.::
 
-    for key in ssh_host_ecdsa_key ssh_host_rsa_key ssh_host_dsa_key ssh_host_key; do
+    for key in ssh_host_ed25519_key ssh_host_ecdsa_key ssh_host_rsa_key ssh_host_dsa_key ssh_host_key; do
         sudo bcfg2-admin pull <clientname> Path /etc/ssh/$key
         sudo bcfg2-admin pull <clientname> Path /etc/ssh/$key.pub
     done
diff --git a/doc/server/plugins/generators/sshbase.txt b/doc/server/plugins/generators/sshbase.txt
index 540cc1e06..26c1a8121 100644
--- a/doc/server/plugins/generators/sshbase.txt
+++ b/doc/server/plugins/generators/sshbase.txt
@@ -14,8 +14,8 @@ record for the current system.
 
 It has two functions:
 
-* Generating new ssh keys -- When a client requests a ecdsa, dsa, rsa,
-  or v1 key, and there is no existing key in the repository, one is
+* Generating new ssh keys -- When a client requests a key (v1, rsa,
+  ecdsa, etc.), and there is no existing key in the repository, one is
   generated.
 
 * Maintaining the ``ssh_known_hosts`` file -- all current known public
@@ -73,6 +73,7 @@ SSHbase currently supports the following key formats:
 * RSA2 (``ssh_host_rsa_key``, ``ssh_host_rsa_key.pub``)
 * DSA (``ssh_host_dsa_key``, ``ssh_host_dsa_key.pub``)
 * ECDSA (``ssh_host_ecdsa_key``, ``ssh_host_ecdsa_key.pub``)
+* Ed25519 (``ssh_host_ed25519_key``, ``ssh_host_ed25519_key.pub``)
 
 Group-specific keys
 ===================
@@ -143,19 +144,19 @@ control the permissions and other metadata for the keys and
 
 Default permissions are as follows:
 
-+----------------------------------+-------+-------+------+-----------+----------+----------+
-| File                             | owner | group | mode | sensitive | paranoid | encoding |
-+==================================+=======+=======+======+===========+==========+==========+
-| ssh_known_hosts                  | root  | root  | 0644 | false     | false    | None     |
-+----------------------------------+-------+-------+------+-----------+----------+----------+
-| ssh_host_key                     | root  | root  | 0600 | false     | false    | base64   |
-+----------------------------------+-------+-------+------+-----------+----------+----------+
-| ssh_host_key.pub                 | root  | root  | 0644 | false     | false    | base64   |
-+----------------------------------+-------+-------+------+-----------+----------+----------+
-| ssh_host_[rsa|dsa|ecdsa]_key     | root  | root  | 0600 | false     | false    | None     |
-+----------------------------------+-------+-------+------+-----------+----------+----------+
-| ssh_host_[rsa|dsa|ecdsa]_key.pub | root  | root  | 0644 | false     | false    | None     |
-+----------------------------------+-------+-------+------+-----------+----------+----------+
++------------------------------------------+-------+-------+------+-----------+----------+----------+
+| File                                     | owner | group | mode | sensitive | paranoid | encoding |
++==========================================+=======+=======+======+===========+==========+==========+
+| ssh_known_hosts                          | root  | root  | 0644 | false     | false    | None     |
++------------------------------------------+-------+-------+------+-----------+----------+----------+
+| ssh_host_key                             | root  | root  | 0600 | false     | false    | base64   |
++------------------------------------------+-------+-------+------+-----------+----------+----------+
+| ssh_host_key.pub                         | root  | root  | 0644 | false     | false    | base64   |
++------------------------------------------+-------+-------+------+-----------+----------+----------+
+| ssh_host_[rsa|dsa|ecdsa|ed25519]_key     | root  | root  | 0600 | false     | false    | None     |
++------------------------------------------+-------+-------+------+-----------+----------+----------+
+| ssh_host_[rsa|dsa|ecdsa|ed25519]_key.pub | root  | root  | 0644 | false     | false    | None     |
++------------------------------------------+-------+-------+------+-----------+----------+----------+
 
 Note that the ``sensitive`` attribute is false, even for private keys,
 in order to permit :ref:`pulling with bcfg2-admin
-- 
cgit v1.2.3-1-g7c22