diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2001-01-29 08:37:08 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2001-01-29 08:37:08 +0000 |
commit | eb930d4432ecdbb8187d9e9b7cd894c3e0e9d0ef (patch) | |
tree | 20a78176b21eb8bb3a36e3345916204c1a520e1d /ssh.1 | |
parent | 035782e71284c2d424f605b20d720c00797b3733 (diff) |
- stevesk@cvs.openbsd.org 2001/01/28 20:36:16
[readconf.c ssh.1]
``StrictHostKeyChecking ask'' documentation and small cleanup.
ok markus@
Diffstat (limited to 'ssh.1')
-rw-r--r-- | ssh.1 | 35 |
1 files changed, 24 insertions, 11 deletions
@@ -34,7 +34,7 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: ssh.1,v 1.78 2001/01/28 10:24:04 markus Exp $ | 37 | .\" $OpenBSD: ssh.1,v 1.79 2001/01/28 20:36:16 stevesk Exp $ |
38 | .Dd September 25, 1999 | 38 | .Dd September 25, 1999 |
39 | .Dt SSH 1 | 39 | .Dt SSH 1 |
40 | .Os | 40 | .Os |
@@ -924,28 +924,41 @@ The default is | |||
924 | If this flag is set to | 924 | If this flag is set to |
925 | .Dq yes , | 925 | .Dq yes , |
926 | .Nm | 926 | .Nm |
927 | ssh will never automatically add host keys to the | 927 | will never automatically add host keys to the |
928 | .Pa $HOME/.ssh/known_hosts | 928 | .Pa $HOME/.ssh/known_hosts |
929 | and | 929 | and |
930 | .Pa $HOME/.ssh/known_hosts2 | 930 | .Pa $HOME/.ssh/known_hosts2 |
931 | files, and refuses to connect hosts whose host key has changed. | 931 | files, and refuses to connect to hosts whose host key has changed. |
932 | This provides maximum protection against trojan horse attacks. | 932 | This provides maximum protection against trojan horse attacks. |
933 | However, it can be somewhat annoying if you don't have good | 933 | However, it can be somewhat annoying if you don't have good |
934 | .Pa /etc/ssh_known_hosts | 934 | .Pa /etc/ssh_known_hosts |
935 | and | 935 | and |
936 | .Pa /etc/ssh_known_hosts2 | 936 | .Pa /etc/ssh_known_hosts2 |
937 | files installed and frequently | 937 | files installed and frequently |
938 | connect new hosts. | 938 | connect to new hosts. |
939 | Basically this option forces the user to manually | 939 | This option forces the user to manually |
940 | add any new hosts. | 940 | add all new hosts. |
941 | Normally this option is disabled, and new hosts | 941 | If this flag is set to |
942 | will automatically be added to the known host files. | 942 | .Dq no , |
943 | .Nm | ||
944 | will automatically add new host keys to the | ||
945 | user known hosts files. | ||
946 | If this flag is set to | ||
947 | .Dq ask , | ||
948 | new host keys | ||
949 | will be added to the user known host files only after the user | ||
950 | has confirmed that is what they really want to do, and | ||
951 | .Nm | ||
952 | will refuse to connect to hosts whose host key has changed. | ||
943 | The host keys of | 953 | The host keys of |
944 | known hosts will be verified automatically in either case. | 954 | known hosts will be verified automatically in all cases. |
945 | The argument must be | 955 | The argument must be |
946 | .Dq yes | 956 | .Dq yes , |
957 | .Dq no | ||
947 | or | 958 | or |
948 | .Dq no . | 959 | .Dq ask . |
960 | The default is | ||
961 | .Dq ask . | ||
949 | .It Cm UsePrivilegedPort | 962 | .It Cm UsePrivilegedPort |
950 | Specifies whether to use a privileged port for outgoing connections. | 963 | Specifies whether to use a privileged port for outgoing connections. |
951 | The argument must be | 964 | The argument must be |