From 5e67859a623826ccdf2df284cbb37e2d8e2787eb Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Tue, 2 Jun 2015 09:10:40 +0000
Subject: upstream commit

mention CheckHostIP adding addresses to known_hosts;
 bz#1993; ok dtucker@

Upstream-ID: fd44b68440fd0dc29abf9f2d3f703d74a2396cb7
---
 ssh_config.5 | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/ssh_config.5 b/ssh_config.5
index 87ef9bedf..268a627b2 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.210 2015/05/28 05:09:45 dtucker Exp $
-.Dd $Mdocdate: May 28 2015 $
+.\" $OpenBSD: ssh_config.5,v 1.211 2015/06/02 09:10:40 djm Exp $
+.Dd $Mdocdate: June 2 2015 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -340,7 +340,11 @@ If this flag is set to
 will additionally check the host IP address in the
 .Pa known_hosts
 file.
-This allows ssh to detect if a host key changed due to DNS spoofing.
+This allows ssh to detect if a host key changed due to DNS spoofing
+and will add addresses of destination hosts to
+.Pa ~/.ssh/known_hosts
+in the process, regardless of the setting of
+.Cm StrictHostKeyChecking .
 If the option is set to
 .Dq no ,
 the check will not be executed.
-- 
cgit v1.2.3