diff options
author | djm@openbsd.org <djm@openbsd.org> | 2015-06-02 09:10:40 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2015-06-04 08:53:54 +1000 |
commit | 5e67859a623826ccdf2df284cbb37e2d8e2787eb (patch) | |
tree | 8df14d2484c1285d9ef0f8ca953a03fbae41f724 | |
parent | d7a58bbac6583e33fd5eca8e2c2cc70c57617818 (diff) |
upstream commit
mention CheckHostIP adding addresses to known_hosts;
bz#1993; ok dtucker@
Upstream-ID: fd44b68440fd0dc29abf9f2d3f703d74a2396cb7
-rw-r--r-- | ssh_config.5 | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/ssh_config.5 b/ssh_config.5 index 87ef9bedf..268a627b2 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: ssh_config.5,v 1.210 2015/05/28 05:09:45 dtucker Exp $ | 36 | .\" $OpenBSD: ssh_config.5,v 1.211 2015/06/02 09:10:40 djm Exp $ |
37 | .Dd $Mdocdate: May 28 2015 $ | 37 | .Dd $Mdocdate: June 2 2015 $ |
38 | .Dt SSH_CONFIG 5 | 38 | .Dt SSH_CONFIG 5 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -340,7 +340,11 @@ If this flag is set to | |||
340 | will additionally check the host IP address in the | 340 | will additionally check the host IP address in the |
341 | .Pa known_hosts | 341 | .Pa known_hosts |
342 | file. | 342 | file. |
343 | This allows ssh to detect if a host key changed due to DNS spoofing. | 343 | This allows ssh to detect if a host key changed due to DNS spoofing |
344 | and will add addresses of destination hosts to | ||
345 | .Pa ~/.ssh/known_hosts | ||
346 | in the process, regardless of the setting of | ||
347 | .Cm StrictHostKeyChecking . | ||
344 | If the option is set to | 348 | If the option is set to |
345 | .Dq no , | 349 | .Dq no , |
346 | the check will not be executed. | 350 | the check will not be executed. |