# Don't permit running local commands (default).
PermitLocalCommand no
-# Don't send any environment variables (default).
- SendEnv
-
# Don't hash any hosts in ~/.ssh/known_hosts. It doesn't help if the ssh hosts
# are stored in the shell's history file or in this file as shortcut so it's
# rather useless (default).
HashKnownHosts no
+# Ask to update the known hosts when the server sends additional host keys
+# (default, currently incompatible with ControlPersist).
+ UpdateHostKeys ask
# Check host IP in known_hosts when connecting to detect DNS spoofing
# (default).
CheckHostIP yes
# Ask before adding any host keys to ~/.ssh/known_hosts (default).
StrictHostKeyChecking ask
-# Check host keys from DNS' SSHFP resource records but ask apply
+# Check host keys from DNS' SSHFP resource records but apply
# StrictHostKeyChecking before trusting them.
VerifyHostKeyDNS ask