diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2001-08-06 22:41:30 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2001-08-06 22:41:30 +0000 |
commit | 325e70c90f3896eff8df5676b500532ec8407789 (patch) | |
tree | a0c9cb9101c3a4b447321dc6ab667e39656a6241 /ssh-keyscan.1 | |
parent | ddfb1e3a892f450178093964f11cdc534340a56a (diff) |
- markus@cvs.openbsd.org 2001/08/05 23:18:20
[ssh-keyscan.1 ssh-keyscan.c]
ssh 2 support; from wayned@users.sourceforge.net
Diffstat (limited to 'ssh-keyscan.1')
-rw-r--r-- | ssh-keyscan.1 | 75 |
1 files changed, 64 insertions, 11 deletions
diff --git a/ssh-keyscan.1 b/ssh-keyscan.1 index 80119aa21..b348bc252 100644 --- a/ssh-keyscan.1 +++ b/ssh-keyscan.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keyscan.1,v 1.9 2001/08/02 18:37:35 mpech Exp $ +.\" $OpenBSD: ssh-keyscan.1,v 1.10 2001/08/05 23:18:20 markus Exp $ .\" .\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. .\" @@ -14,9 +14,13 @@ .Nd gather ssh public keys .Sh SYNOPSIS .Nm ssh-keyscan -.Op Fl t Ar timeout -.Op Ar -- | host | addrlist namelist -.Op Fl f Ar files ... +.Op Fl v46 +.Op Fl p Ar port +.Op Fl T Ar timeout +.Op Fl t Ar type +.Op Fl f Ar file +.Op Ar host | addrlist namelist +.Op Ar ... .Sh DESCRIPTION .Nm is a utility for gathering the public ssh host keys of a number of @@ -37,14 +41,28 @@ any encryption. .Pp The options are as follows: .Bl -tag -width Ds -.It Fl t +.It Fl p Ar port +Port to connect to on the remote host. +.It Fl T Set the timeout for connection attempts. If .Pa timeout seconds have elapsed since a connection was initiated to a host or since the last time anything was read from that host, then the connection is closed and the host in question considered unavailable. Default is 5 seconds. -.It Fl f +.It Fl t Ar type +Specifies the type of the key to fetch from the following hosts. +The possible values are +.Dq rsa1 +for protocol version 1 and +.Dq rsa +or +.Dq dsa +for protocol version 2. +Multiple values may be specified by separating them with commas. +The default is +.Dq rsa1 . +.It Fl f Ar filename Read hosts or .Pa addrlist namelist pairs from this file, one per line. @@ -55,6 +73,19 @@ is supplied instead of a filename, will read hosts or .Pa addrlist namelist pairs from the standard input. +.It Fl v +Verbose mode. +Causes +.Nm +to print debugging messages about its progress. +.It Fl 4 +Forces +.Nm +to use IPv4 addresses only. +.It Fl 6 +Forces +.Nm +to use IPv6 addresses only. .El .Sh SECURITY If you make an ssh_known_hosts file using @@ -67,7 +98,10 @@ On the other hand, if your security model allows such a risk, can help you detect tampered keyfiles or man in the middle attacks which have begun after you created your ssh_known_hosts file. .Sh EXAMPLES -Print the host key for machine +.Pp +Print the +.Pa rsa1 +host key for machine .Pa hostname : .Bd -literal ssh-keyscan hostname @@ -78,20 +112,36 @@ Find all hosts from the file which have new or different keys from those in the sorted file .Pa ssh_known_hosts : .Bd -literal -$ ssh-keyscan -f ssh_hosts | sort -u - ssh_known_hosts | \e\ - diff ssh_known_hosts - +ssh-keyscan -t rsa,dsa -f ssh_hosts | \e\ + sort -u - ssh_known_hosts | diff ssh_known_hosts - .Ed .Sh FILES .Pa Input format: +.Bd -literal 1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4 +.Ed .Pp -.Pa Output format: +.Pa Output format for rsa1 keys: +.Bd -literal host-or-namelist bits exponent modulus +.Ed +.Pp +.Pa Output format for rsa and dsa keys: +.Bd -literal +host-or-namelist keytype base64-encoded-key +.Ed +.Pp +Where +.Pa keytype +is either +.Dq ssh-rsa +or +.Dq ssh-dsa . .Pp .Pa /etc/ssh_known_hosts .Sh BUGS It generates "Connection closed by remote host" messages on the consoles -of all the machines it scans. +of all the machines it scans if the server is older than version 2.9. This is because it opens a connection to the ssh port, reads the public key, and drops the connection as soon as it gets the key. .Sh SEE ALSO @@ -99,3 +149,6 @@ key, and drops the connection as soon as it gets the key. .Xr sshd 8 .Sh AUTHORS David Mazieres <dm@lcs.mit.edu> +wrote the initial version, and +Wayne Davison <wayned@users.sourceforge.net> +added support for protocol version 2. |