From: djm <djm@openbsd.org>
Date: Fri, 22 May 2015 05:28:45 +0000 (+0000)
Subject: mention ssh-keygen -E for comparing legacy MD5 fingerprints; bz#2332
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=ce87661d06dac2ab73bbdd13881508b9fff8dcfe;p=openbsd

mention ssh-keygen -E for comparing legacy MD5 fingerprints; bz#2332
---

diff --git a/usr.bin/ssh/ssh.1 b/usr.bin/ssh/ssh.1
index dd01b978779..df7ac86af93 100644
--- a/usr.bin/ssh/ssh.1
+++ b/usr.bin/ssh/ssh.1
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.357 2015/05/06 05:45:17 dtucker Exp $
-.Dd $Mdocdate: May 6 2015 $
+.\" $OpenBSD: ssh.1,v 1.358 2015/05/22 05:28:45 djm Exp $
+.Dd $Mdocdate: May 22 2015 $
 .Dt SSH 1
 .Os
 .Sh NAME
@@ -1106,6 +1106,11 @@ Fingerprints can be determined using
 .Pp
 If the fingerprint is already known, it can be matched
 and the key can be accepted or rejected.
+If only legacy (MD5) fingerprints for the server are available, the
+.Xr ssh-keygen 1
+.Fl E
+option may be used to downgrade the fingerprint algorithm to match.
+.Pp
 Because of the difficulty of comparing host keys
 just by looking at fingerprint strings,
 there is also support to compare host keys visually,