@@ 0,0 1,81 @@
+Fixes "saves unknown host's fingerprint in known_hosts without any prompt".
+See:
+
+  https://github.com/lavv17/lftp/issues/116
+  https://bugs.debian.org/774769
+
+From bc7b476e782d77839765f56bbdb4cee9f36b54ec Mon Sep 17 00:00:00 2001
+From: "Alexander V. Lukyanov" <lavv17f@gmail.com>
+Date: Tue, 13 Jan 2015 15:33:54 +0300
+Subject: [PATCH] add settings fish:auto-confirm and sftp:auto-confirm
+
+New host keys are now not confirmed by default, this should improve security.
+Suggested by Marcin Szewczyk <Marcin.Szewczyk@wodny.org>
+---
+ doc/lftp.1        | 8 ++++++++
+ src/SSH_Access.cc | 5 +++--
+ src/resource.cc   | 2 ++
+ 3 files changed, 13 insertions(+), 2 deletions(-)
+
+diff --git a/doc/lftp.1 b/doc/lftp.1
+index cabc1be..ed6c388 100644
+--- a/doc/lftp.1
++++ b/doc/lftp.1
+@@ -1384,6 +1384,10 @@ address family in dns:order.
+ .BR file:charset \ (string)
+ local character set. It is set from current locale initially.
+ .TP
++.BR fish:auto-confirm \ (boolean)
++when true, lftp answers ``yes'' to all ssh questions, in particular to the
++question about a new host key. Otherwise it answers ``no''.
++.TP
+ .BR fish:charset \ (string)
+ the character set used by fish server in requests, replies and file listings.
+ Default is empty which means the same as local.
+@@ -1952,6 +1956,10 @@ minimal chunk size to split the file to.
+ save pget transfer status this often. Set to `never' to disable saving of the status file.
+ The status is saved to a file with suffix \fI.lftp-pget-status\fP.
+ .TP
++.BR sftp:auto-confirm \ (boolean)
++when true, lftp answers ``yes'' to all ssh questions, in particular to the
++question about a new host key. Otherwise it answers ``no''.
++.TP
+ .BR sftp:charset \ (string)
+ the character set used by SFTP server in file names and file listings.
+ Default is empty which means the same as local. This setting is only used
+diff --git a/src/SSH_Access.cc b/src/SSH_Access.cc
+index 706fc6a..17c716d 100644
+--- a/src/SSH_Access.cc
++++ b/src/SSH_Access.cc
+@@ -72,8 +72,9 @@ int SSH_Access::HandleSSHMessage()
+       }
+       if(s>=y_len && !strncasecmp(b+s-y_len,y,y_len))
+       {
+-	 pty_recv_buf->Put("yes\n");
+-	 pty_send_buf->Put("yes\n");
++	 const char *answer=QueryBool("auto-confirm",hostname)?"yes\n":"no\n";
++	 pty_recv_buf->Put(answer);
++	 pty_send_buf->Put(answer);
+ 	 return m;
+       }
+       if(!received_greeting && recv_buf->Size()>0)
+diff --git a/src/resource.cc b/src/resource.cc
+index 91b2e60..3a5e8b9 100644
+--- a/src/resource.cc
++++ b/src/resource.cc
+@@ -339,6 +339,7 @@ static ResType lftp_vars[] = {
+    {"mirror:no-empty-dirs",	 "no",	  ResMgr::BoolValidate,ResMgr::NoClosure},
+    {"mirror:require-source",	 "no",	  ResMgr::BoolValidate,ResMgr::NoClosure},
+ 
++   {"sftp:auto-confirm",	 "no",	  ResMgr::BoolValidate,0},
+    {"sftp:max-packets-in-flight","16",	  ResMgr::UNumberValidate,0},
+    {"sftp:protocol-version",	 "6",	  ResMgr::UNumberValidate,0},
+    {"sftp:size-read",		 "32k",	  ResMgr::UNumberValidate,0},
+@@ -367,6 +368,7 @@ static ResType lftp_vars[] = {
+    {"dns:strict-dnssec",	 "no",	  ResMgr::BoolValidate,0},
+ #endif
+ 
++   {"fish:auto-confirm",	 "no",	  ResMgr::BoolValidate,0},
+    {"fish:shell",		 "/bin/sh",0,0},
+    {"fish:connect-program",	 "ssh -a -x",0,0},
+    {"fish:charset",		 "",	  ResMgr::CharsetValidate,0},