From: djm@openbsd.org <djm@openbsd.org>
Date: Tue, 2 Jun 2015 09:10:40 +0000 (+0000)
Subject: upstream commit
X-Git-Tag: V_6_9_P1~30
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5e67859a623826ccdf2df284cbb37e2d8e2787eb;p=thirdparty%2Fopenssh-portable.git

upstream commit

mention CheckHostIP adding addresses to known_hosts;
 bz#1993; ok dtucker@

Upstream-ID: fd44b68440fd0dc29abf9f2d3f703d74a2396cb7
---

diff --git a/ssh_config.5 b/ssh_config.5
index 87ef9bedf..268a627b2 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.210 2015/05/28 05:09:45 dtucker Exp $
-.Dd $Mdocdate: May 28 2015 $
+.\" $OpenBSD: ssh_config.5,v 1.211 2015/06/02 09:10:40 djm Exp $
+.Dd $Mdocdate: June 2 2015 $
 .Dt SSH_CONFIG 5
 .Os
 .Sh NAME
@@ -340,7 +340,11 @@ If this flag is set to
 will additionally check the host IP address in the
 .Pa known_hosts
 file.
-This allows ssh to detect if a host key changed due to DNS spoofing.
+This allows ssh to detect if a host key changed due to DNS spoofing
+and will add addresses of destination hosts to
+.Pa ~/.ssh/known_hosts
+in the process, regardless of the setting of
+.Cm StrictHostKeyChecking .
 If the option is set to
 .Dq no ,
 the check will not be executed.