- stevesk@cvs.openbsd.org 2001/01/28 20:36:16

[readconf.c ssh.1] ``StrictHostKeyChecking ask'' documentation and small cleanup. ok markus@
author: Ben Lindstrom <mouring@eviladmin.org> 2001-01-29 08:37:08 +0000
committer: Ben Lindstrom <mouring@eviladmin.org> 2001-01-29 08:37:08 +0000
commit: eb930d4432ecdbb8187d9e9b7cd894c3e0e9d0ef (patch)
tree: 20a78176b21eb8bb3a36e3345916204c1a520e1d /ssh.1
parent: 035782e71284c2d424f605b20d720c00797b3733 (diff)
1 files changed, 24 insertions, 11 deletions
diff --git a/ssh.1 b/ssh.1
index 621d1af29..34f949888 100644
--- a/ssh.1
+++ b/ssh.1
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.78 2001/01/28 10:24:04 markus Exp $
+.\" $OpenBSD: ssh.1,v 1.79 2001/01/28 20:36:16 stevesk Exp $
 .Dd September 25, 1999
 .Dt SSH 1
 .Os
@@ -924,28 +924,41 @@ The default is
 If this flag is set to
 .Dq yes ,
 .Nm
-ssh will never automatically add host keys to the
+will never automatically add host keys to the
 .Pa $HOME/.ssh/known_hosts
 and
 .Pa $HOME/.ssh/known_hosts2
-files, and refuses to connect hosts whose host key has changed.
+files, and refuses to connect to hosts whose host key has changed.
 This provides maximum protection against trojan horse attacks.
 However, it can be somewhat annoying if you don't have good
 .Pa /etc/ssh_known_hosts
 and
 .Pa /etc/ssh_known_hosts2
 files installed and frequently
-connect new hosts.
+connect to new hosts.
-Basically this option forces the user to manually
+This option forces the user to manually
-add any new hosts.
+add all new hosts.
-Normally this option is disabled, and new hosts
+If this flag is set to
-will automatically be added to the known host files.
+.Dq no ,
+.Nm
+will automatically add new host keys to the
+user known hosts files.
+If this flag is set to
+.Dq ask ,
+new host keys
+will be added to the user known host files only after the user
+has confirmed that is what they really want to do, and
+.Nm
+will refuse to connect to hosts whose host key has changed.
 The host keys of
-known hosts will be verified automatically in either case.
+known hosts will be verified automatically in all cases.
 The argument must be
-.Dq yes
+.Dq yes ,
+.Dq no
 or
-.Dq no .
+.Dq ask .
+The default is
+.Dq ask .
 .It Cm UsePrivilegedPort
 Specifies whether to use a privileged port for outgoing connections.
 The argument must be
author	Ben Lindstrom <mouring@eviladmin.org>	2001-01-29 08:37:08 +0000
committer	Ben Lindstrom <mouring@eviladmin.org>	2001-01-29 08:37:08 +0000
commit	eb930d4432ecdbb8187d9e9b7cd894c3e0e9d0ef (patch)
tree	20a78176b21eb8bb3a36e3345916204c1a520e1d /ssh.1
parent	035782e71284c2d424f605b20d720c00797b3733 (diff)

diff --git a/ssh.1 b/ssh.1 index 621d1af29..34f949888 100644 --- a/ssh.1 +++ b/ssh.1
@@ -34,7 +34,7 @@
34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	34	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	35	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36	.\"	36	.\"
37	.\" $OpenBSD: ssh.1,v 1.78 2001/01/28 10:24:04 markus Exp $	37	.\" $OpenBSD: ssh.1,v 1.79 2001/01/28 20:36:16 stevesk Exp $
38	.Dd September 25, 1999	38	.Dd September 25, 1999
39	.Dt SSH 1	39	.Dt SSH 1
40	.Os	40	.Os
@@ -924,28 +924,41 @@ The default is
924	If this flag is set to	924	If this flag is set to
925	.Dq yes ,	925	.Dq yes ,
926	.Nm	926	.Nm
927	ssh will never automatically add host keys to the	927	will never automatically add host keys to the
928	.Pa $HOME/.ssh/known_hosts	928	.Pa $HOME/.ssh/known_hosts
929	and	929	and
930	.Pa $HOME/.ssh/known_hosts2	930	.Pa $HOME/.ssh/known_hosts2
931	files, and refuses to connect hosts whose host key has changed.	931	files, and refuses to connect to hosts whose host key has changed.
932	This provides maximum protection against trojan horse attacks.	932	This provides maximum protection against trojan horse attacks.
933	However, it can be somewhat annoying if you don't have good	933	However, it can be somewhat annoying if you don't have good
934	.Pa /etc/ssh_known_hosts	934	.Pa /etc/ssh_known_hosts
935	and	935	and
936	.Pa /etc/ssh_known_hosts2	936	.Pa /etc/ssh_known_hosts2
937	files installed and frequently	937	files installed and frequently
938	connect new hosts.	938	connect to new hosts.
939	Basically this option forces the user to manually	939	This option forces the user to manually
940	add any new hosts.	940	add all new hosts.
941	Normally this option is disabled, and new hosts	941	If this flag is set to
942	will automatically be added to the known host files.	942	.Dq no ,
		943	.Nm
		944	will automatically add new host keys to the
		945	user known hosts files.
		946	If this flag is set to
		947	.Dq ask ,
		948	new host keys
		949	will be added to the user known host files only after the user
		950	has confirmed that is what they really want to do, and
		951	.Nm
		952	will refuse to connect to hosts whose host key has changed.
943	The host keys of	953	The host keys of
944	known hosts will be verified automatically in either case.	954	known hosts will be verified automatically in all cases.
945	The argument must be	955	The argument must be
946	.Dq yes	956	.Dq yes ,
		957	.Dq no
947	or	958	or
948	.Dq no .	959	.Dq ask .
		960	The default is
		961	.Dq ask .
949	.It Cm UsePrivilegedPort	962	.It Cm UsePrivilegedPort
950	Specifies whether to use a privileged port for outgoing connections.	963	Specifies whether to use a privileged port for outgoing connections.
951	The argument must be	964	The argument must be