summaryrefslogtreecommitdiff
path: root/usr.bin/ssh
diff options
context:
space:
mode:
authorDamien Miller <djm@cvs.openbsd.org>2015-06-02 09:10:41 +0000
committerDamien Miller <djm@cvs.openbsd.org>2015-06-02 09:10:41 +0000
commite3c1ec2773df29749bb43a9dc9ae84424d088112 (patch)
tree56f77cfd6805c15e4e152576586630c0cdc385c9 /usr.bin/ssh
parent1f5560c52efefb9558009745ce17a2b8d4bdd13f (diff)
mention CheckHostIP adding addresses to known_hosts;
bz#1993; ok dtucker@
Diffstat (limited to 'usr.bin/ssh')
-rw-r--r--usr.bin/ssh/ssh_config.510
1 files changed, 7 insertions, 3 deletions
diff --git a/usr.bin/ssh/ssh_config.5 b/usr.bin/ssh/ssh_config.5
index 87ef9bedfdf..268a627b2bc 100644
--- a/usr.bin/ssh/ssh_config.5
+++ b/usr.bin/ssh/ssh_config.5
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh_config.5,v 1.210 2015/05/28 05:09:45 dtucker Exp $
-.Dd $Mdocdate: May 28 2015 $
+.\" $OpenBSD: ssh_config.5,v 1.211 2015/06/02 09:10:40 djm Exp $
+.Dd $Mdocdate: June 2 2015 $
.Dt SSH_CONFIG 5
.Os
.Sh NAME
@@ -340,7 +340,11 @@ If this flag is set to
will additionally check the host IP address in the
.Pa known_hosts
file.
-This allows ssh to detect if a host key changed due to DNS spoofing.
+This allows ssh to detect if a host key changed due to DNS spoofing
+and will add addresses of destination hosts to
+.Pa ~/.ssh/known_hosts
+in the process, regardless of the setting of
+.Cm StrictHostKeyChecking .
If the option is set to
.Dq no ,
the check will not be executed.