diff options
author | djm@openbsd.org <djm@openbsd.org> | 2021-01-08 04:49:13 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2021-01-08 16:01:30 +1100 |
commit | 6cb52d5bf771f6769b630fce35a8e9b8e433044f (patch) | |
tree | 708cefda897b855a609eb54e163e35304ea98760 /ssh_config.5 | |
parent | 309b642e1442961b5e57701f095bcd4acd2bfb5f (diff) | |
download | openssh-git-6cb52d5bf771f6769b630fce35a8e9b8e433044f.tar.gz |
upstream: make CheckHostIP default to 'no'. It doesn't provide any
perceptible value and makes it much harder for hosts to change host keys,
particularly ones that use IP-based load-balancing.
ok dtucker@
OpenBSD-Commit-ID: 0db98413e82074f78c7d46784b1286d08aee78f0
Diffstat (limited to 'ssh_config.5')
-rw-r--r-- | ssh_config.5 | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/ssh_config.5 b/ssh_config.5 index 04da0575..18a98a8f 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.340 2020/12/22 07:40:26 jmc Exp $ -.Dd $Mdocdate: December 22 2020 $ +.\" $OpenBSD: ssh_config.5,v 1.341 2021/01/08 04:49:13 djm Exp $ +.Dd $Mdocdate: January 8 2021 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -421,7 +421,6 @@ or .It Cm CheckHostIP If set to .Cm yes -(the default), .Xr ssh 1 will additionally check the host IP address in the .Pa known_hosts @@ -432,7 +431,8 @@ and will add addresses of destination hosts to in the process, regardless of the setting of .Cm StrictHostKeyChecking . If the option is set to -.Cm no , +.Cm no +(the default), the check will not be executed. .It Cm Ciphers Specifies the ciphers allowed and their order of preference. |