From ce87661d06dac2ab73bbdd13881508b9fff8dcfe Mon Sep 17 00:00:00 2001 From: djm Date: Fri, 22 May 2015 05:28:45 +0000 Subject: [PATCH] mention ssh-keygen -E for comparing legacy MD5 fingerprints; bz#2332 --- usr.bin/ssh/ssh.1 | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/usr.bin/ssh/ssh.1 b/usr.bin/ssh/ssh.1 index dd01b978779..df7ac86af93 100644 --- a/usr.bin/ssh/ssh.1 +++ b/usr.bin/ssh/ssh.1 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: ssh.1,v 1.357 2015/05/06 05:45:17 dtucker Exp $ -.Dd $Mdocdate: May 6 2015 $ +.\" $OpenBSD: ssh.1,v 1.358 2015/05/22 05:28:45 djm Exp $ +.Dd $Mdocdate: May 22 2015 $ .Dt SSH 1 .Os .Sh NAME @@ -1106,6 +1106,11 @@ Fingerprints can be determined using .Pp If the fingerprint is already known, it can be matched and the key can be accepted or rejected. +If only legacy (MD5) fingerprints for the server are available, the +.Xr ssh-keygen 1 +.Fl E +option may be used to downgrade the fingerprint algorithm to match. +.Pp Because of the difficulty of comparing host keys just by looking at fingerprint strings, there is also support to compare host keys visually, -- 2.20.1