diff options
| author | Damien Miller <djm@mindrot.org> | 2008-06-30 00:04:03 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2008-06-30 00:04:03 +1000 |
| commit | 1028824e5c456dc3d8a57fe5bae539beb4a95432 (patch) | |
| tree | aa151e1b321494095a70f8b65b298529386e609c /ssh_config.5 | |
| parent | 2e9cf4906926fba123d415fdac8465b94bcd38b3 (diff) | |
- grunk@cvs.openbsd.org 2008/06/26 11:46:31
[readconf.c readconf.h ssh.1 ssh_config.5 sshconnect.c]
Move SSH Fingerprint Visualization away from sharing the config option
CheckHostIP to an own config option named VisualHostKey.
While there, fix the behaviour that ssh would draw a random art picture
on every newly seen host even when the option was not enabled.
prodded by deraadt@, discussions,
help and ok markus@ djm@ dtucker@
Diffstat (limited to 'ssh_config.5')
| -rw-r--r-- | ssh_config.5 | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/ssh_config.5 b/ssh_config.5 index 53b3b6f1f..85e7ba06d 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
| @@ -34,8 +34,8 @@ | |||
| 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 34 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 35 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 36 | .\" | 36 | .\" |
| 37 | .\" $OpenBSD: ssh_config.5,v 1.110 2008/06/12 19:10:09 jmc Exp $ | 37 | .\" $OpenBSD: ssh_config.5,v 1.111 2008/06/26 11:46:31 grunk Exp $ |
| 38 | .Dd $Mdocdate: June 12 2008 $ | 38 | .Dd $Mdocdate: June 26 2008 $ |
| 39 | .Dt SSH_CONFIG 5 | 39 | .Dt SSH_CONFIG 5 |
| 40 | .Os | 40 | .Os |
| 41 | .Sh NAME | 41 | .Sh NAME |
| @@ -161,10 +161,6 @@ will additionally check the host IP address in the | |||
| 161 | file. | 161 | file. |
| 162 | This allows ssh to detect if a host key changed due to DNS spoofing. | 162 | This allows ssh to detect if a host key changed due to DNS spoofing. |
| 163 | If the option is set to | 163 | If the option is set to |
| 164 | .Dq fingerprint , | ||
| 165 | a fingerprint and an ASCII art representation of the key are printed, | ||
| 166 | in addition to the host IP address check. | ||
| 167 | If the option is set to | ||
| 168 | .Dq no , | 164 | .Dq no , |
| 169 | the check will not be executed. | 165 | the check will not be executed. |
| 170 | The default is | 166 | The default is |
| @@ -1064,6 +1060,16 @@ See also | |||
| 1064 | .Sx VERIFYING HOST KEYS | 1060 | .Sx VERIFYING HOST KEYS |
| 1065 | in | 1061 | in |
| 1066 | .Xr ssh 1 . | 1062 | .Xr ssh 1 . |
| 1063 | .It Cm VisualHostKey | ||
| 1064 | If this flag is set to | ||
| 1065 | .Dq yes , | ||
| 1066 | an ASCII art representation of the remote host key fingerprint is | ||
| 1067 | printed additionally to the hex fingerprint string. | ||
| 1068 | If this flag is set to | ||
| 1069 | .Dq no , | ||
| 1070 | only the hex fingerprint string will be printed. | ||
| 1071 | The default is | ||
| 1072 | .Dq no . | ||
| 1067 | .It Cm XAuthLocation | 1073 | .It Cm XAuthLocation |
| 1068 | Specifies the full pathname of the | 1074 | Specifies the full pathname of the |
| 1069 | .Xr xauth 1 | 1075 | .Xr xauth 1 |