diff options
author | Damien Miller <djm@cvs.openbsd.org> | 2015-06-02 09:10:41 +0000 |
---|---|---|
committer | Damien Miller <djm@cvs.openbsd.org> | 2015-06-02 09:10:41 +0000 |
commit | e3c1ec2773df29749bb43a9dc9ae84424d088112 (patch) | |
tree | 56f77cfd6805c15e4e152576586630c0cdc385c9 /usr.bin/ssh | |
parent | 1f5560c52efefb9558009745ce17a2b8d4bdd13f (diff) |
mention CheckHostIP adding addresses to known_hosts;
bz#1993; ok dtucker@
Diffstat (limited to 'usr.bin/ssh')
-rw-r--r-- | usr.bin/ssh/ssh_config.5 | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/usr.bin/ssh/ssh_config.5 b/usr.bin/ssh/ssh_config.5 index 87ef9bedfdf..268a627b2bc 100644 --- a/usr.bin/ssh/ssh_config.5 +++ b/usr.bin/ssh/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.210 2015/05/28 05:09:45 dtucker Exp $ -.Dd $Mdocdate: May 28 2015 $ +.\" $OpenBSD: ssh_config.5,v 1.211 2015/06/02 09:10:40 djm Exp $ +.Dd $Mdocdate: June 2 2015 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -340,7 +340,11 @@ If this flag is set to will additionally check the host IP address in the .Pa known_hosts file. -This allows ssh to detect if a host key changed due to DNS spoofing. +This allows ssh to detect if a host key changed due to DNS spoofing +and will add addresses of destination hosts to +.Pa ~/.ssh/known_hosts +in the process, regardless of the setting of +.Cm StrictHostKeyChecking . If the option is set to .Dq no , the check will not be executed. |