diff --git a/VerifyHostKeyDNS.org b/VerifyHostKeyDNS.org
index 6a99953..b251110 100644
--- a/VerifyHostKeyDNS.org
+++ b/VerifyHostKeyDNS.org
@@ -19,10 +19,10 @@ My ansible orchestration host needs to be able to talk to new machines
 over ssh. New machines need to talk to the backup server over ssh and
 submit passive check results over ssh to the monitoring server. The
 monitoring server needs to talk to new hosts over ssh[fn:: I don't
-trust nrpe. I have seen the code. Instead I use ~by_ssh~ to monitor
+trust nrpe. I have seen the code. Instead I use ~by​_ssh~ to monitor
 hosts. Ansible adds an ssh public-key to a monitoring user with a
 force-command. The force-command is a shell-script switching over
-~${SSH_ORIGINAL_COMMAND}~ to run specific check_commands. It does not
+~${SSH​_ORIGINAL​_COMMAND}~ to run specific check​_commands. It does not
 trust the remote ssh at all.].
 
 So we have the issue of existing infrastructure needing to verify
@@ -38,7 +38,7 @@ facilities to store host-keys in SSHFP resource records in DNS and we
 can secure those with DNSSEC.
 
 * VerifyHostKeyDNS
-[[https://man.openbsd.org/ssh_config.5#VerifyHostKeyDNS][ssh_config(5)]] explains how [[https://man.openbsd.org/ssh.1][ssh(1)]] can use SSHFP records to verify
+[[https://man.openbsd.org/ssh_config.5#VerifyHostKeyDNS][ssh​_config(5)]] explains how [[https://man.openbsd.org/ssh.1][ssh(1)]] can use SSHFP records to verify
 host-keys:
 #+begin_example
      VerifyHostKeyDNS