From f948737449257d2cb83ffcfe7275eb79b677fd4a Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Fri, 22 May 2015 05:28:45 +0000
Subject: upstream commit

mention ssh-keygen -E for comparing legacy MD5
 fingerprints; bz#2332

Upstream-ID: 079a3669549041dbf10dbc072d9563f0dc3b2859
---
 ssh.1 | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/ssh.1 b/ssh.1
index dd01b978..df7ac86a 100644
--- a/ssh.1
+++ b/ssh.1
@@ -33,8 +33,8 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh.1,v 1.357 2015/05/06 05:45:17 dtucker Exp $
-.Dd $Mdocdate: May 6 2015 $
+.\" $OpenBSD: ssh.1,v 1.358 2015/05/22 05:28:45 djm Exp $
+.Dd $Mdocdate: May 22 2015 $
 .Dt SSH 1
 .Os
 .Sh NAME
@@ -1106,6 +1106,11 @@ Fingerprints can be determined using
 .Pp
 If the fingerprint is already known, it can be matched
 and the key can be accepted or rejected.
+If only legacy (MD5) fingerprints for the server are available, the
+.Xr ssh-keygen 1
+.Fl E
+option may be used to downgrade the fingerprint algorithm to match.
+.Pp
 Because of the difficulty of comparing host keys
 just by looking at fingerprint strings,
 there is also support to compare host keys visually,
-- 
cgit v1.2.3