1 files changed, 24 insertions, 2 deletions
diff --git a/ssh_config.5 b/ssh_config.5
index 361c32288..0d4cdf4c6 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.199 2014/12/22 09:24:59 jmc Exp $
+.\" $OpenBSD: ssh_config.5,v 1.200 2015/01/26 03:04:45 djm Exp $
-.Dd $Mdocdate: December 22 2014 $
+.Dd $Mdocdate: January 26 2015 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -1492,6 +1492,28 @@ is not specified, it defaults to
 .Dq any .
 The default is
 .Dq any:any .
+.It Cm UpdateHostkeys
+Specifies whether
+.Xr ssh 1
+should accept notifications of additional hostkeys from the server sent
+after authentication has completed and add them to
+.Cm UserKnownHostsFile .
+The argument must be
+.Dq yes
+(the default)
+or
+.Dq no .
+Enabling this option allows learning alternate hostkeys for a server
+and supports graceful key rotation by allowing a server to public replacement
+keys before old ones are removed.
+Additional hostkeys are only accepted if the key used to authenticate the
+host was already trusted or explicity accepted by the user.
+.Pp
+Presently, only
+.Xr sshd 8
+from OpenSSH 6.8 and greater support the
+.Dq hostkeys@openssh.com
+protocol extension used to inform the client of all the server's hostkeys.
 .It Cm UsePrivilegedPort
 Specifies whether to use a privileged port for outgoing connections.
 The argument must be

diff --git a/ssh_config.5 b/ssh_config.5 index 361c32288..0d4cdf4c6 100644 --- a/ssh_config.5 +++ b/ssh_config.5
@@ -33,8 +33,8 @@
33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35	.\"	35	.\"
36	.\" $OpenBSD: ssh_config.5,v 1.199 2014/12/22 09:24:59 jmc Exp $	36	.\" $OpenBSD: ssh_config.5,v 1.200 2015/01/26 03:04:45 djm Exp $
37	.Dd $Mdocdate: December 22 2014 $	37	.Dd $Mdocdate: January 26 2015 $
38	.Dt SSH_CONFIG 5	38	.Dt SSH_CONFIG 5
39	.Os	39	.Os
40	.Sh NAME	40	.Sh NAME
@@ -1492,6 +1492,28 @@ is not specified, it defaults to
1492	.Dq any .	1492	.Dq any .
1493	The default is	1493	The default is
1494	.Dq any:any .	1494	.Dq any:any .
		1495	.It Cm UpdateHostkeys
		1496	Specifies whether
		1497	.Xr ssh 1
		1498	should accept notifications of additional hostkeys from the server sent
		1499	after authentication has completed and add them to
		1500	.Cm UserKnownHostsFile .
		1501	The argument must be
		1502	.Dq yes
		1503	(the default)
		1504	or
		1505	.Dq no .
		1506	Enabling this option allows learning alternate hostkeys for a server
		1507	and supports graceful key rotation by allowing a server to public replacement
		1508	keys before old ones are removed.
		1509	Additional hostkeys are only accepted if the key used to authenticate the
		1510	host was already trusted or explicity accepted by the user.
		1511	.Pp
		1512	Presently, only
		1513	.Xr sshd 8
		1514	from OpenSSH 6.8 and greater support the
		1515	.Dq hostkeys@openssh.com
		1516	protocol extension used to inform the client of all the server's hostkeys.
1495	.It Cm UsePrivilegedPort	1517	.It Cm UsePrivilegedPort
1496	Specifies whether to use a privileged port for outgoing connections.	1518	Specifies whether to use a privileged port for outgoing connections.
1497	The argument must be	1519	The argument must be