]> ruderich.org/simon Gitweb - config/dotfiles.git/blobdiff - ssh_config
ruderich.org/simon / config / dotfiles.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
zsh/rc: fix `reset` with zsh-internal colored stderr hack
[config/dotfiles.git] / ssh_config
diff --git a/ssh_config b/ssh_config
index babd153a0cacd5593a0cba5754dc441fa213a96f..09995ab12a8871146ec6a30d4c4586b9b4647b20 100644 (file)
--- a/ssh_config
+++ b/ssh_config
@@ -66,7 +66,7 @@ Host *
 # [1]: http://cseweb.ucsd.edu/~mihir/papers/oem.html
     MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-512
 # Disable DSA host keys because they are weak (only 1024 bit) and elliptic
-# curves. I don't need certificates, therefore disables those algorithms as
+# curves. I don't need certificates, therefore disable those algorithms as
 # well (*-cert-*).
     HostKeyAlgorithms ssh-rsa
 
@@ -132,5 +132,6 @@ Host *
     CheckHostIP yes
 # Ask before adding any host keys to ~/.ssh/known_hosts (default).
     StrictHostKeyChecking ask
-# Don't trust host keys from DNS' SSHFP resource records (default).
-    VerifyHostKeyDNS no
+# Check host keys from DNS' SSHFP resource records but ask apply
+# StrictHostKeyChecking before trusting them.
+    VerifyHostKeyDNS ask
Configuration files for zsh, vim, git, mutt, herbstluftwm and a few more shell and X11 related programs