upstream commit

mention CheckHostIP adding addresses to known_hosts; bz#1993; ok dtucker@ Upstream-ID: fd44b68440fd0dc29abf9f2d3f703d74a2396cb7
author: djm@openbsd.org <djm@openbsd.org> 2015-06-02 09:10:40 +0000
committer: Damien Miller <djm@mindrot.org> 2015-06-04 08:53:54 +1000
commit: 5e67859a623826ccdf2df284cbb37e2d8e2787eb (patch)
tree: 8df14d2484c1285d9ef0f8ca953a03fbae41f724
parent: d7a58bbac6583e33fd5eca8e2c2cc70c57617818 (diff)
1 files changed, 7 insertions, 3 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index 87ef9bedf..268a627b2 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.210 2015/05/28 05:09:45 dtucker Exp $
+.\" $OpenBSD: ssh_config.5,v 1.211 2015/06/02 09:10:40 djm Exp $
-.Dd $Mdocdate: May 28 2015 $
+.Dd $Mdocdate: June 2 2015 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -340,7 +340,11 @@ If this flag is set to
 will additionally check the host IP address in the
 .Pa known_hosts
 file.
-This allows ssh to detect if a host key changed due to DNS spoofing.
+This allows ssh to detect if a host key changed due to DNS spoofing
+and will add addresses of destination hosts to
+.Pa ~/.ssh/known_hosts
+in the process, regardless of the setting of
+.Cm StrictHostKeyChecking .
 If the option is set to
 .Dq no ,
 the check will not be executed.
author	djm@openbsd.org <djm@openbsd.org>	2015-06-02 09:10:40 +0000
committer	Damien Miller <djm@mindrot.org>	2015-06-04 08:53:54 +1000
commit	5e67859a623826ccdf2df284cbb37e2d8e2787eb (patch)
tree	8df14d2484c1285d9ef0f8ca953a03fbae41f724
parent	d7a58bbac6583e33fd5eca8e2c2cc70c57617818 (diff)

diff --git a/ssh_config.5 b/ssh_config.5 index 87ef9bedf..268a627b2 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -33,8 +33,8 @@
33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35	.\"	35	.\"
36	.\" $OpenBSD: ssh_config.5,v 1.210 2015/05/28 05:09:45 dtucker Exp $	36	.\" $OpenBSD: ssh_config.5,v 1.211 2015/06/02 09:10:40 djm Exp $
37	.Dd $Mdocdate: May 28 2015 $	37	.Dd $Mdocdate: June 2 2015 $
38	.Dt SSH_CONFIG 5	38	.Dt SSH_CONFIG 5
39	.Os	39	.Os
40	.Sh NAME	40	.Sh NAME
@@ -340,7 +340,11 @@ If this flag is set to
340	will additionally check the host IP address in the	340	will additionally check the host IP address in the
341	.Pa known_hosts	341	.Pa known_hosts
342	file.	342	file.
343	This allows ssh to detect if a host key changed due to DNS spoofing.	343	This allows ssh to detect if a host key changed due to DNS spoofing
		344	and will add addresses of destination hosts to
		345	.Pa ~/.ssh/known_hosts
		346	in the process, regardless of the setting of
		347	.Cm StrictHostKeyChecking .
344	If the option is set to	348	If the option is set to
345	.Dq no ,	349	.Dq no ,
346	the check will not be executed.	350	the check will not be executed.