repeat key exchanges, see \k{config-ssh-kex-rekey}.
}
+\b \I{host key cache}Cache new host key type
+
+\lcont{
+Only available in SSH-2. This submenu appears only if the server has
+host keys of a type that PuTTY doesn't already have cached, and so
+won't use. Selecting a key here will allow PuTTY to use that key now
+and in future: PuTTY will do key here will cause a fresh key-exchange
+with the selected key, and immediately add that key to PuTTY's
+permanent cache (relying on the host key used at the start of the
+connection to cross-certify the new key). That key will be used for
+the rest of the current session; it may not actually be used for
+future sessions.
+
+Normally, PuTTY will carry on using a host key it already knows, even
+if the server offers key formats that PuTTY would otherwise prefer,
+to avoid host key prompts. As a result, if you've been using a server
+for some years, you may still be using an older key than a new user
+would use, due to server upgrades in the meantime. The SSH protocol
+unfortunately does not have organised facilities for host key migration
+and rollover, but this allows you to manually upgrade.
+}
+
\b \I{Break, SSH special command}Break
\lcont{
\S2{using-cmdline-loghost} \i\c{-loghost}: specify a \i{logical host
name}
-This option overrides PuTTY's normal SSH host key caching policy by
+This option overrides PuTTY's normal SSH \i{host key caching policy} by
telling it the name of the host you expect your connection to end up
at (in cases where this differs from the location PuTTY thinks it's
connecting to). It can be a plain host name, or a host name followed
\S2{using-cmdline-hostkey} \i\c{-hostkey}: \I{manually configuring
host keys}manually specify an expected host key
-This option overrides PuTTY's normal SSH host key caching policy by
+This option overrides PuTTY's normal SSH \i{host key caching policy} by
telling it exactly what host key to expect, which can be useful if the
normal automatic host key store in the Registry is unavailable. The
argument to this option should be either a host key fingerprint, or an