turn UpdateHostkeys off by default until I figure out mlarkin@'s

warning message; requested by deraadt@

2 files changed, 6 insertions, 6 deletions

diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c
index 45027a3cc60..89eff0c0074 100644
--- a/usr.bin/ssh/readconf.c
+++ b/usr.bin/ssh/readconf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readconf.c,v 1.230 2015/01/30 11:43:14 djm Exp $ */
+/* $OpenBSD: readconf.c,v 1.231 2015/02/02 07:41:40 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1841,7 +1841,7 @@ fill_default_options(Options * options)
 	if (options->fingerprint_hash == -1)
 		options->fingerprint_hash = SSH_FP_HASH_DEFAULT;
 	if (options->update_hostkeys == -1)
-		options->update_hostkeys = 1;
+		options->update_hostkeys = 0;
 	if (options->hostbased_key_types == NULL)
 		options->hostbased_key_types = xstrdup("*");
 
diff --git a/usr.bin/ssh/ssh_config.5 b/usr.bin/ssh/ssh_config.5
index 95b7bf6e4f6..ce79fe03fbf 100644
--- a/usr.bin/ssh/ssh_config.5
+++ b/usr.bin/ssh/ssh_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.202 2015/01/30 11:43:14 djm Exp $
-.Dd $Mdocdate: January 30 2015 $
+.\" $OpenBSD: ssh_config.5,v 1.203 2015/02/02 07:41:40 djm Exp $
+.Dd $Mdocdate: February 2 2015 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -1511,9 +1511,9 @@ after authentication has completed and add them to
 .Cm UserKnownHostsFile .
 The argument must be
 .Dq yes
-(the default)
 or
-.Dq no .
+.Dq no
+(the default).
 Enabling this option allows learning alternate hostkeys for a server
 and supports graceful key rotation by allowing a server to send replacement
 public keys before old ones are removed.