version 1.335, 2020/10/07 02:18:45 |
version 1.336, 2020/10/08 00:31:05 |
|
|
This option allows learning alternate hostkeys for a server |
This option allows learning alternate hostkeys for a server |
and supports graceful key rotation by allowing a server to send replacement |
and supports graceful key rotation by allowing a server to send replacement |
public keys before old ones are removed. |
public keys before old ones are removed. |
|
.Pp |
Additional hostkeys are only accepted if the key used to authenticate the |
Additional hostkeys are only accepted if the key used to authenticate the |
host was already trusted or explicitly accepted by the user. |
host was already trusted or explicitly accepted by the user, the host was |
|
authenticated via |
|
.Cm UserKnownHostsFile |
|
(i.e. not |
|
.Cm GlobalKnownHostsFile ) |
|
and the host was authenticated using a plain key and not a certificate. |
.Pp |
.Pp |
.Cm UpdateHostKeys |
.Cm UpdateHostKeys |
is enabled by default if the user has not overridden the default |
is enabled by default if the user has not overridden the default |