From 6cb52d5bf771f6769b630fce35a8e9b8e433044f Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 8 Jan 2021 04:49:13 +0000 Subject: upstream: make CheckHostIP default to 'no'. It doesn't provide any perceptible value and makes it much harder for hosts to change host keys, particularly ones that use IP-based load-balancing. ok dtucker@ OpenBSD-Commit-ID: 0db98413e82074f78c7d46784b1286d08aee78f0 --- ssh_config.5 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'ssh_config.5') diff --git a/ssh_config.5 b/ssh_config.5 index 04da0575..18a98a8f 100644 --- a/ssh_config.5 +++ b/ssh_config.5 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh_config.5,v 1.340 2020/12/22 07:40:26 jmc Exp $ -.Dd $Mdocdate: December 22 2020 $ +.\" $OpenBSD: ssh_config.5,v 1.341 2021/01/08 04:49:13 djm Exp $ +.Dd $Mdocdate: January 8 2021 $ .Dt SSH_CONFIG 5 .Os .Sh NAME @@ -421,7 +421,6 @@ or .It Cm CheckHostIP If set to .Cm yes -(the default), .Xr ssh 1 will additionally check the host IP address in the .Pa known_hosts @@ -432,7 +431,8 @@ and will add addresses of destination hosts to in the process, regardless of the setting of .Cm StrictHostKeyChecking . If the option is set to -.Cm no , +.Cm no +(the default), the check will not be executed. .It Cm Ciphers Specifies the ciphers allowed and their order of preference. -- cgit v1.2.1