CURLOPT_SSH_*_KEYFILE: clarify

Closes #12554

docs/libcurl/opts/CURLOPT_SSH_PRIVATE_KEYFILE.3

@@ -34,12 +34,17 @@ CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSH_PRIVATE_KEYFILE,
 .SH DESCRIPTION
 Pass a char * pointing to a \fIfilename\fP for your private key. If not used,
 libcurl defaults to \fB$HOME/.ssh/id_rsa\fP or \fB$HOME/.ssh/id_dsa\fP if the
-HOME environment variable is set, and just \fB"id_rsa"\fP or \fB"id_dsa"\fP in
-the current directory if HOME is not set.
+HOME environment variable is set, and in the current directory if HOME is not
+set.
 
 If the file is password-protected, set the password with
 \fICURLOPT_KEYPASSWD(3)\fP.
 
+The SSH library derives the public key from this private key when possible. If
+the SSH library cannot derive the public key from the private one and no
+public one is provided with \fICURLOPT_SSH_PUBLIC_KEYFILE(3)\fP, the transfer
+fails.
+
 The application does not have to keep the string around after setting this
 option.
 .SH DEFAULT

docs/libcurl/opts/CURLOPT_SSH_PUBLIC_KEYFILE.3

@@ -37,9 +37,10 @@ libcurl defaults to \fB$HOME/.ssh/id_dsa.pub\fP if the HOME environment
 variable is set, and just "id_dsa.pub" in the current directory if HOME is not
 set.
 
-If NULL (or an empty string) is passed, libcurl passes no public key to
-libssh2, which then computes it from the private key. This is known to work
-with libssh2 1.4.0+ linked against OpenSSL.
+If NULL (or an empty string) is passed to this option, libcurl passes no
+public key to the SSH library, which then rather derives it from the private
+key. If the SSH library cannot derive the public key from the private one and
+no public one is provided, the transfer fails.
 
 The application does not have to keep the string around after setting this
 option.