X-Git-Url: https://ruderich.org/simon/gitweb/?a=blobdiff_plain;f=ssh_config;h=09995ab12a8871146ec6a30d4c4586b9b4647b20;hb=363110875986d10c37122e5b430f357520504d8a;hp=babd153a0cacd5593a0cba5754dc441fa213a96f;hpb=43fc6ae667ca55c4c3e3a3f1dd0881a7c2c117ce;p=config%2Fdotfiles.git

diff --git a/ssh_config b/ssh_config
index babd153..09995ab 100644
--- a/ssh_config
+++ b/ssh_config
@@ -66,7 +66,7 @@ Host *
 # [1]: http://cseweb.ucsd.edu/~mihir/papers/oem.html
     MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-512
 # Disable DSA host keys because they are weak (only 1024 bit) and elliptic
-# curves. I don't need certificates, therefore disables those algorithms as
+# curves. I don't need certificates, therefore disable those algorithms as
 # well (*-cert-*).
     HostKeyAlgorithms ssh-rsa
 
@@ -132,5 +132,6 @@ Host *
     CheckHostIP yes
 # Ask before adding any host keys to ~/.ssh/known_hosts (default).
     StrictHostKeyChecking ask
-# Don't trust host keys from DNS' SSHFP resource records (default).
-    VerifyHostKeyDNS no
+# Check host keys from DNS' SSHFP resource records but ask apply
+# StrictHostKeyChecking before trusting them.
+    VerifyHostKeyDNS ask