| ssh-keyscan.0 (214979) | ssh-keyscan.0 (218767) |
|---|---|
| 1SSH-KEYSCAN(1) OpenBSD Reference Manual SSH-KEYSCAN(1) 2 3NAME 4 ssh-keyscan - gather ssh public keys 5 6SYNOPSIS 7 ssh-keyscan [-46Hv] [-f file] [-p port] [-T timeout] [-t type] 8 [host | addrlist namelist] ... --- 34 unchanged lines hidden (view full) --- 43 elapsed since a connection was initiated to a host or since the 44 last time anything was read from that host, then the connection 45 is closed and the host in question considered unavailable. 46 Default is 5 seconds. 47 48 -t type 49 Specifies the type of the key to fetch from the scanned hosts. 50 The possible values are ``rsa1'' for protocol version 1 and | 1SSH-KEYSCAN(1) OpenBSD Reference Manual SSH-KEYSCAN(1) 2 3NAME 4 ssh-keyscan - gather ssh public keys 5 6SYNOPSIS 7 ssh-keyscan [-46Hv] [-f file] [-p port] [-T timeout] [-t type] 8 [host | addrlist namelist] ... --- 34 unchanged lines hidden (view full) --- 43 elapsed since a connection was initiated to a host or since the 44 last time anything was read from that host, then the connection 45 is closed and the host in question considered unavailable. 46 Default is 5 seconds. 47 48 -t type 49 Specifies the type of the key to fetch from the scanned hosts. 50 The possible values are ``rsa1'' for protocol version 1 and |
| 51 ``rsa'' or ``dsa'' for protocol version 2. Multiple values may 52 be specified by separating them with commas. The default is 53 ``rsa''. | 51 ``dsa'', ``ecdsa'' or ``rsa'' for protocol version 2. Multiple 52 values may be specified by separating them with commas. The 53 default is ``rsa''. |
| 54 55 -v Verbose mode. Causes ssh-keyscan to print debugging messages 56 about its progress. 57 58SECURITY 59 If an ssh_known_hosts file is constructed using ssh-keyscan without 60 verifying the keys, users will be vulnerable to man in the middle 61 attacks. On the other hand, if the security model allows such a risk, --- 5 unchanged lines hidden (view full) --- 67 Input format: 68 69 1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4 70 71 Output format for rsa1 keys: 72 73 host-or-namelist bits exponent modulus 74 | 54 55 -v Verbose mode. Causes ssh-keyscan to print debugging messages 56 about its progress. 57 58SECURITY 59 If an ssh_known_hosts file is constructed using ssh-keyscan without 60 verifying the keys, users will be vulnerable to man in the middle 61 attacks. On the other hand, if the security model allows such a risk, --- 5 unchanged lines hidden (view full) --- 67 Input format: 68 69 1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4 70 71 Output format for rsa1 keys: 72 73 host-or-namelist bits exponent modulus 74 |
| 75 Output format for rsa and dsa keys: | 75 Output format for rsa, dsa and ecdsa keys: |
| 76 77 host-or-namelist keytype base64-encoded-key 78 | 76 77 host-or-namelist keytype base64-encoded-key 78 |
| 79 Where keytype is either ``ssh-rsa'' or ``ssh-dss''. | 79 Where keytype is either ``ecdsa-sha2-nistp256'', ``ecdsa-sha2-nistp384'', 80 ``ecdsa-sha2-nistp521'', ``ssh-dss'' or ``ssh-rsa''. |
| 80 81 /etc/ssh/ssh_known_hosts 82 83EXAMPLES 84 Print the rsa host key for machine hostname: 85 86 $ ssh-keyscan hostname 87 88 Find all hosts from the file ssh_hosts which have new or different keys 89 from those in the sorted file ssh_known_hosts: 90 | 81 82 /etc/ssh/ssh_known_hosts 83 84EXAMPLES 85 Print the rsa host key for machine hostname: 86 87 $ ssh-keyscan hostname 88 89 Find all hosts from the file ssh_hosts which have new or different keys 90 from those in the sorted file ssh_known_hosts: 91 |
| 91 $ ssh-keyscan -t rsa,dsa -f ssh_hosts | \ | 92 $ ssh-keyscan -t rsa,dsa,ecdsa -f ssh_hosts | \ |
| 92 sort -u - ssh_known_hosts | diff ssh_known_hosts - 93 94SEE ALSO 95 ssh(1), sshd(8) 96 97AUTHORS 98 David Mazieres <dm@lcs.mit.edu> wrote the initial version, and Wayne 99 Davison <wayned@users.sourceforge.net> added support for protocol version 100 2. 101 102BUGS 103 It generates "Connection closed by remote host" messages on the consoles 104 of all the machines it scans if the server is older than version 2.9. 105 This is because it opens a connection to the ssh port, reads the public 106 key, and drops the connection as soon as it gets the key. 107 | 93 sort -u - ssh_known_hosts | diff ssh_known_hosts - 94 95SEE ALSO 96 ssh(1), sshd(8) 97 98AUTHORS 99 David Mazieres <dm@lcs.mit.edu> wrote the initial version, and Wayne 100 Davison <wayned@users.sourceforge.net> added support for protocol version 101 2. 102 103BUGS 104 It generates "Connection closed by remote host" messages on the consoles 105 of all the machines it scans if the server is older than version 2.9. 106 This is because it opens a connection to the ssh port, reads the public 107 key, and drops the connection as soon as it gets the key. 108 |
| 108OpenBSD 4.8 January 9, 2010 OpenBSD 4.8 | 109OpenBSD 4.8 August 31, 2010 OpenBSD 4.8 |