1 files changed, 10 insertions, 1 deletions

diff --git a/sshconnect.c b/sshconnect.c
index 6fc3fa520..ae3b642cb 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.256 2015/01/20 23:14:00 deraadt Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.257 2015/01/26 03:04:46 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -818,6 +818,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
         int len, cancelled_forwarding = 0;
         int local = sockaddr_is_local(hostaddr);
         int r, want_cert = key_is_cert(host_key), host_ip_differ = 0;
+        int hostkey_trusted = 0; /* Known or explicitly accepted by user */
         struct hostkeys *host_hostkeys, *ip_hostkeys;
         u_int i;
 
@@ -926,6 +927,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
                         free(ra);
                         free(fp);
                 }
+                hostkey_trusted = 1;
                 break;
         case HOST_NEW:
                 if (options.host_key_alias == NULL && port != 0 &&
@@ -989,6 +991,7 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
                         free(fp);
                         if (!confirm(msg))
                                 goto fail;
+                        hostkey_trusted = 1; /* user explicitly confirmed */
                 }
                 /*
                  * If not in strict mode, add the key automatically to the
@@ -1187,6 +1190,12 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port,
                 }
         }
 
+        if (!hostkey_trusted && options.update_hostkeys) {
+                debug("%s: hostkey not known or explicitly trusted: "
+                    "disabling UpdateHostkeys", __func__);
+                options.update_hostkeys = 0;
+        }
+
         free(ip);
         free(host);
         if (host_hostkeys != NULL)