upstream commit
mention ssh-keygen -E for comparing legacy MD5
fingerprints; bz#2332
Upstream-ID: 079a3669549041dbf10dbc072d9563f0dc3b2859
diff --git a/ssh.1 b/ssh.1
index dd01b97..df7ac86 100644
--- a/ssh.1
+++ b/ssh.1
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.357 2015/05/06 05:45:17 dtucker Exp $
-.Dd $Mdocdate: May 6 2015 $
+.\" $OpenBSD: ssh.1,v 1.358 2015/05/22 05:28:45 djm Exp $
+.Dd $Mdocdate: May 22 2015 $
.Dt SSH 1
.Os
.Sh NAME
@@ -1106,6 +1106,11 @@
.Pp
If the fingerprint is already known, it can be matched
and the key can be accepted or rejected.
+If only legacy (MD5) fingerprints for the server are available, the
+.Xr ssh-keygen 1
+.Fl E
+option may be used to downgrade the fingerprint algorithm to match.
+.Pp
Because of the difficulty of comparing host keys
just by looking at fingerprint strings,
there is also support to compare host keys visually,