summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2015-06-02 09:10:40 +0000
committerDamien Miller <djm@mindrot.org>2015-06-04 08:53:54 +1000
commit5e67859a623826ccdf2df284cbb37e2d8e2787eb (patch)
tree8df14d2484c1285d9ef0f8ca953a03fbae41f724
parentd7a58bbac6583e33fd5eca8e2c2cc70c57617818 (diff)
upstream commit
mention CheckHostIP adding addresses to known_hosts; bz#1993; ok dtucker@ Upstream-ID: fd44b68440fd0dc29abf9f2d3f703d74a2396cb7
-rw-r--r--ssh_config.510
1 files changed, 7 insertions, 3 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index 87ef9bedf..268a627b2 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 33.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35.\" 35.\"
36.\" $OpenBSD: ssh_config.5,v 1.210 2015/05/28 05:09:45 dtucker Exp $ 36.\" $OpenBSD: ssh_config.5,v 1.211 2015/06/02 09:10:40 djm Exp $
37.Dd $Mdocdate: May 28 2015 $ 37.Dd $Mdocdate: June 2 2015 $
38.Dt SSH_CONFIG 5 38.Dt SSH_CONFIG 5
39.Os 39.Os
40.Sh NAME 40.Sh NAME
@@ -340,7 +340,11 @@ If this flag is set to
340will additionally check the host IP address in the 340will additionally check the host IP address in the
341.Pa known_hosts 341.Pa known_hosts
342file. 342file.
343This allows ssh to detect if a host key changed due to DNS spoofing. 343This allows ssh to detect if a host key changed due to DNS spoofing
344and will add addresses of destination hosts to
345.Pa ~/.ssh/known_hosts
346in the process, regardless of the setting of
347.Cm StrictHostKeyChecking .
344If the option is set to 348If the option is set to
345.Dq no , 349.Dq no ,
346the check will not be executed. 350the check will not be executed.