diff --git a/docs/manual/OptionalTasks/scp.html b/docs/manual/OptionalTasks/scp.html
index 2f37c032f..c248c5034 100644
--- a/docs/manual/OptionalTasks/scp.html
+++ b/docs/manual/OptionalTasks/scp.html
@@ -53,7 +53,10 @@ jsch-0.1.8.</p>
   </tr>
   <tr>
     <td valign="top">trust</td>
-    <td valign="top">This trusts all unknown hosts if set to yes/true.</td>
+    <td valign="top">This trusts all unknown hosts if set to yes/true.<br>
+      <strong>Note</strong> If you set this to false (the default), the
+      host you connect to must be listed in your knownhosts file, this
+      also implies that the file exists.</td>
     <td valian="top" align="center">No, defaults to No.</td>
   </tr>
   <tr>
diff --git a/docs/manual/OptionalTasks/sshexec.html b/docs/manual/OptionalTasks/sshexec.html
index b5a4d4d02..1f039f42e 100644
--- a/docs/manual/OptionalTasks/sshexec.html
+++ b/docs/manual/OptionalTasks/sshexec.html
@@ -46,7 +46,11 @@ jsch-0.1.8 and won't work with versions of jsch earlier than
   </tr>
   <tr>
     <td valign="top">trust</td>
-    <td valign="top">This trusts all unknown hosts if set to yes/true.</td>
+
+    <td valign="top">This trusts all unknown hosts if set to yes/true.<br>
+      <strong>Note</strong> If you set this to false (the default), the
+      host you connect to must be listed in your knownhosts file, this
+      also implies that the file exists.</td>
     <td valian="top" align="center">No, defaults to No.</td>
   </tr>
   <tr>
diff --git a/src/main/org/apache/tools/ant/taskdefs/optional/ssh/SSHBase.java b/src/main/org/apache/tools/ant/taskdefs/optional/ssh/SSHBase.java
index cbb97eaac..385f6a9b9 100644
--- a/src/main/org/apache/tools/ant/taskdefs/optional/ssh/SSHBase.java
+++ b/src/main/org/apache/tools/ant/taskdefs/optional/ssh/SSHBase.java
@@ -77,7 +77,6 @@ public abstract class SSHBase extends Task implements LogListener {
     private String host;
     private String keyfile;
     private String knownHosts;
-    private boolean trust = false;
     private int port = SSH_PORT;
     private boolean failOnError = true;
     private SSHUserInfo userInfo;
@@ -185,7 +184,6 @@ public abstract class SSHBase extends Task implements LogListener {
     public void init() throws BuildException {
         super.init();
         this.knownHosts = System.getProperty("user.home") + "/.ssh/known_hosts";
-        this.trust = false;
         this.port = SSH_PORT;
     }
 
@@ -195,7 +193,7 @@ public abstract class SSHBase extends Task implements LogListener {
             jsch.addIdentity(userInfo.getKeyfile());
         }
 
-        if (knownHosts != null) {
+        if (!userInfo.getTrust() && knownHosts != null) {
             log("Using known hosts: " + knownHosts, Project.MSG_DEBUG);
             jsch.setKnownHosts(knownHosts);
         }
diff --git a/src/main/org/apache/tools/ant/taskdefs/optional/ssh/SSHUserInfo.java b/src/main/org/apache/tools/ant/taskdefs/optional/ssh/SSHUserInfo.java
index b2ae766e4..4d002dcfd 100644
--- a/src/main/org/apache/tools/ant/taskdefs/optional/ssh/SSHUserInfo.java
+++ b/src/main/org/apache/tools/ant/taskdefs/optional/ssh/SSHUserInfo.java
@@ -70,7 +70,7 @@ public class SSHUserInfo implements UserInfo {
 
     public SSHUserInfo() {
         super();
-        this.trustAllCertificates = true;
+        this.trustAllCertificates = false;
     }
 
     public SSHUserInfo(String password, boolean trustAllCertificates) {
@@ -146,6 +146,13 @@ public class SSHUserInfo implements UserInfo {
         this.trustAllCertificates = trust;
     }
 
+    /**
+     * @return whether to trust or not.
+     */
+    public boolean getTrust() {
+        return this.trustAllCertificates;
+    }
+
     /**
      * Returns the passphrase.
      * @return String