diff options
author | Damien Miller <djm@mindrot.org> | 2008-06-30 00:04:03 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2008-06-30 00:04:03 +1000 |
commit | 1028824e5c456dc3d8a57fe5bae539beb4a95432 (patch) | |
tree | aa151e1b321494095a70f8b65b298529386e609c /ssh_config.5 | |
parent | 2e9cf4906926fba123d415fdac8465b94bcd38b3 (diff) |
- grunk@cvs.openbsd.org 2008/06/26 11:46:31
[readconf.c readconf.h ssh.1 ssh_config.5 sshconnect.c]
Move SSH Fingerprint Visualization away from sharing the config option
CheckHostIP to an own config option named VisualHostKey.
While there, fix the behaviour that ssh would draw a random art picture
on every newly seen host even when the option was not enabled.
prodded by deraadt@, discussions,
help and ok markus@ djm@ dtucker@
Diffstat (limited to 'ssh_config.5')
-rw-r--r-- | ssh_config.5 | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/ssh_config.5 b/ssh_config.5 index 53b3b6f1f..85e7ba06d 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
@@ -34,8 +34,8 @@ | |||
34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
36 | .\" | 36 | .\" |
37 | .\" $OpenBSD: ssh_config.5,v 1.110 2008/06/12 19:10:09 jmc Exp $ | 37 | .\" $OpenBSD: ssh_config.5,v 1.111 2008/06/26 11:46:31 grunk Exp $ |
38 | .Dd $Mdocdate: June 12 2008 $ | 38 | .Dd $Mdocdate: June 26 2008 $ |
39 | .Dt SSH_CONFIG 5 | 39 | .Dt SSH_CONFIG 5 |
40 | .Os | 40 | .Os |
41 | .Sh NAME | 41 | .Sh NAME |
@@ -161,10 +161,6 @@ will additionally check the host IP address in the | |||
161 | file. | 161 | file. |
162 | This allows ssh to detect if a host key changed due to DNS spoofing. | 162 | This allows ssh to detect if a host key changed due to DNS spoofing. |
163 | If the option is set to | 163 | If the option is set to |
164 | .Dq fingerprint , | ||
165 | a fingerprint and an ASCII art representation of the key are printed, | ||
166 | in addition to the host IP address check. | ||
167 | If the option is set to | ||
168 | .Dq no , | 164 | .Dq no , |
169 | the check will not be executed. | 165 | the check will not be executed. |
170 | The default is | 166 | The default is |
@@ -1064,6 +1060,16 @@ See also | |||
1064 | .Sx VERIFYING HOST KEYS | 1060 | .Sx VERIFYING HOST KEYS |
1065 | in | 1061 | in |
1066 | .Xr ssh 1 . | 1062 | .Xr ssh 1 . |
1063 | .It Cm VisualHostKey | ||
1064 | If this flag is set to | ||
1065 | .Dq yes , | ||
1066 | an ASCII art representation of the remote host key fingerprint is | ||
1067 | printed additionally to the hex fingerprint string. | ||
1068 | If this flag is set to | ||
1069 | .Dq no , | ||
1070 | only the hex fingerprint string will be printed. | ||
1071 | The default is | ||
1072 | .Dq no . | ||
1067 | .It Cm XAuthLocation | 1073 | .It Cm XAuthLocation |
1068 | Specifies the full pathname of the | 1074 | Specifies the full pathname of the |
1069 | .Xr xauth 1 | 1075 | .Xr xauth 1 |