From 15ad750e5ec3cc69765b7eba1ce90060e7083399 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 2 Feb 2015 07:41:40 +0000 Subject: upstream commit turn UpdateHostkeys off by default until I figure out mlarkin@'s warning message; requested by deraadt@ --- readconf.c | 4 ++-- ssh_config.5 | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/readconf.c b/readconf.c index dd78da530..a5bb4a25e 100644 --- a/readconf.c +++ b/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.230 2015/01/30 11:43:14 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.231 2015/02/02 07:41:40 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -1855,7 +1855,7 @@ fill_default_options(Options * options) if (options->fingerprint_hash == -1) options->fingerprint_hash = SSH_FP_HASH_DEFAULT; if (options->update_hostkeys == -1) - options->update_hostkeys = 1; + options->update_hostkeys = 0; if (options->hostbased_key_types == NULL) options->hostbased_key_types = xstrdup("*"); diff --git a/ssh_config.5 b/ssh_config.5 index 95b7bf6e4..ce79fe03f 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.202 2015/01/30 11:43:14 djm Exp $ -.Dd $Mdocdate: January 30 2015 $ +.\" $OpenBSD: ssh_config.5,v 1.203 2015/02/02 07:41:40 djm Exp $ +.Dd $Mdocdate: February 2 2015 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -1511,9 +1511,9 @@ after authentication has completed and add them to .Cm UserKnownHostsFile . The argument must be .Dq yes -(the default) or -.Dq no . +.Dq no +(the default). Enabling this option allows learning alternate hostkeys for a server and supports graceful key rotation by allowing a server to send replacement public keys before old ones are removed. -- cgit v1.2.3