From dd7a04b2d48b9be8203d52cbf8b84a57a8d4e258 Mon Sep 17 00:00:00 2001
From: Sheng <webmaster0115@gmail.com>
Date: Fri, 16 Mar 2018 16:42:03 +0800
Subject: [PATCH] Updated README.md

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 575b6a8..d142183 100644
--- a/README.md
+++ b/README.md
@@ -55,4 +55,4 @@ location / {
 
 ### Tips
 * Try to use Nginx as a front web server (see config example above) and enable SSL, this will prevent your ssh credentials from being uncovered. Also afterwards the communication between your browser and the web server will be encrypted as they use secured websockets.
-* Try to use reject policy for handling missing host key, this will prevent man-in-the-middle attacks.
+* Try to use reject policy as the missing host key policy, this will prevent man-in-the-middle attacks. The idea is that it checks the system host keys file("~/.ssh/known_hosts") and the application host keys file("./known_hosts") in order, if the ssh server's hostname is not found, the connection will be aborted.