|author||Ben Lindstrom <email@example.com>||2001-08-06 22:41:30 +0000|
|committer||Ben Lindstrom <firstname.lastname@example.org>||2001-08-06 22:41:30 +0000|
- email@example.com 2001/08/05 23:18:20
[ssh-keyscan.1 ssh-keyscan.c] ssh 2 support; from firstname.lastname@example.org
Diffstat (limited to 'ssh-keyscan.1')
1 files changed, 64 insertions, 11 deletions
diff --git a/ssh-keyscan.1 b/ssh-keyscan.1
index 80119aa2..b348bc25 100644
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-keyscan.1,v 1.9 2001/08/02 18:37:35 mpech Exp $
+.\" $OpenBSD: ssh-keyscan.1,v 1.10 2001/08/05 23:18:20 markus Exp $
.\" Copyright 1995, 1996 by David Mazieres <email@example.com>.
@@ -14,9 +14,13 @@
.Nd gather ssh public keys
-.Op Fl t Ar timeout
-.Op Ar -- | host | addrlist namelist
-.Op Fl f Ar files ...
+.Op Fl v46
+.Op Fl p Ar port
+.Op Fl T Ar timeout
+.Op Fl t Ar type
+.Op Fl f Ar file
+.Op Ar host | addrlist namelist
+.Op Ar ...
is a utility for gathering the public ssh host keys of a number of
@@ -37,14 +41,28 @@ any encryption.
The options are as follows:
.Bl -tag -width Ds
-.It Fl t
+.It Fl p Ar port
+Port to connect to on the remote host.
+.It Fl T
Set the timeout for connection attempts. If
seconds have elapsed since a connection was initiated to a host or since the
last time anything was read from that host, then the connection is
closed and the host in question considered unavailable. Default is 5
-.It Fl f
+.It Fl t Ar type
+Specifies the type of the key to fetch from the following hosts.
+The possible values are
+for protocol version 1 and
+for protocol version 2.
+Multiple values may be specified by separating them with commas.
+The default is
+.Dq rsa1 .
+.It Fl f Ar filename
Read hosts or
.Pa addrlist namelist
pairs from this file, one per line.
@@ -55,6 +73,19 @@ is supplied instead of a filename,
will read hosts or
.Pa addrlist namelist
pairs from the standard input.
+.It Fl v
+to print debugging messages about its progress.
+.It Fl 4
+to use IPv4 addresses only.
+.It Fl 6
+to use IPv6 addresses only.
If you make an ssh_known_hosts file using
@@ -67,7 +98,10 @@ On the other hand, if your security model allows such a risk,
can help you detect tampered keyfiles or man in the middle attacks which
have begun after you created your ssh_known_hosts file.
-Print the host key for machine
+host key for machine
.Pa hostname :
@@ -78,20 +112,36 @@ Find all hosts from the file
which have new or different keys from those in the sorted file
.Pa ssh_known_hosts :
-$ ssh-keyscan -f ssh_hosts | sort -u - ssh_known_hosts | \e\
- diff ssh_known_hosts -
+ssh-keyscan -t rsa,dsa -f ssh_hosts | \e\
+ sort -u - ssh_known_hosts | diff ssh_known_hosts -
.Pa Input format:
-.Pa Output format:
+.Pa Output format for rsa1 keys:
host-or-namelist bits exponent modulus
+.Pa Output format for rsa and dsa keys:
+host-or-namelist keytype base64-encoded-key
+.Dq ssh-dsa .
It generates "Connection closed by remote host" messages on the consoles
-of all the machines it scans.
+of all the machines it scans if the server is older than version 2.9.
This is because it opens a connection to the ssh port, reads the public
key, and drops the connection as soon as it gets the key.
.Sh SEE ALSO
@@ -99,3 +149,6 @@ key, and drops the connection as soon as it gets the key.
.Xr sshd 8
David Mazieres <firstname.lastname@example.org>
+wrote the initial version, and
+Wayne Davison <email@example.com>
+added support for protocol version 2.