enable UpdateHostkeys by default when the configuration has not

overridden UserKnownHostsFile;
ok markus@ "The timing is perfect" deraadt@

2 files changed, 10 insertions, 4 deletions

diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c
index de64b4dc57e..f5903171f1d 100644
--- a/usr.bin/ssh/readconf.c
+++ b/usr.bin/ssh/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.335 2020/08/27 02:11:09 djm Exp $ */
+/* $OpenBSD: readconf.c,v 1.336 2020/10/03 08:30:47 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -2162,8 +2162,14 @@ fill_default_options(Options * options)
 		options->system_hostfiles[options->num_system_hostfiles++] =
 		    xstrdup(_PATH_SSH_SYSTEM_HOSTFILE2);
 	}
-	if (options->update_hostkeys == -1)
+	if (options->update_hostkeys == -1) {
+		if (options->num_user_hostfiles == 0 ||
+		    (options->num_user_hostfiles == 1 && strcmp(options->
+		    user_hostfiles[0], _PATH_SSH_USER_HOSTFILE) == 0))
+			options->update_hostkeys = SSH_UPDATE_HOSTKEYS_YES;
+		else
 			options->update_hostkeys = SSH_UPDATE_HOSTKEYS_NO;
+	}
 	if (options->num_user_hostfiles == 0) {
 		options->user_hostfiles[options->num_user_hostfiles++] =
 		    xstrdup(_PATH_SSH_USER_HOSTFILE);
diff --git a/usr.bin/ssh/ssh_config.5 b/usr.bin/ssh/ssh_config.5
index 6157d6872b4..f62f0420cca 100644
--- a/usr.bin/ssh/ssh_config.5
+++ b/usr.bin/ssh/ssh_config.5
@@ -33,7 +33,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.333 2020/10/03 04:15:06 djm Exp $
+.\" $OpenBSD: ssh_config.5,v 1.334 2020/10/03 08:30:47 djm Exp $
 .Dd $Mdocdate: October 3 2020 $
 .Dt SSH_CONFIG 5
 .Os
@@ -1727,7 +1727,7 @@ is enabled by default if the user has not overridden the default
 setting, otherwise
 .Cm UpdateHostKeys
 will be set to
-.Cm ask .
+.Cm no .
 .Pp
 If
 .Cm UpdateHostKeys