| version 1.11, 2001/08/23 18:08:59 |
version 1.12, 2001/09/05 06:23:07 |
|
|
| uses non-blocking socket I/O to contact as many hosts as possible in |
uses non-blocking socket I/O to contact as many hosts as possible in |
| parallel, so it is very efficient. The keys from a domain of 1,000 |
parallel, so it is very efficient. The keys from a domain of 1,000 |
| hosts can be collected in tens of seconds, even when some of those |
hosts can be collected in tens of seconds, even when some of those |
| hosts are down or do not run ssh. You do not need login access to the |
hosts are down or do not run ssh. For scanning, one does not need |
| machines you are scanning, nor does the scanning process involve |
login access to the machines that are being scanned, nor does the |
| any encryption. |
scanning process involve any encryption. |
| .Pp |
.Pp |
| The options are as follows: |
The options are as follows: |
| .Bl -tag -width Ds |
.Bl -tag -width Ds |
|
|
| to use IPv6 addresses only. |
to use IPv6 addresses only. |
| .El |
.El |
| .Sh SECURITY |
.Sh SECURITY |
| If you make an ssh_known_hosts file using |
If a ssh_known_hosts file is constructed using |
| .Nm |
.Nm |
| without verifying the keys, you will be vulnerable to |
without verifying the keys, users will be vulnerable to |
| .I man in the middle |
.I man in the middle |
| attacks. |
attacks. |
| On the other hand, if your security model allows such a risk, |
On the other hand, if the security model allows such a risk, |
| .Nm |
.Nm |
| can help you detect tampered keyfiles or man in the middle attacks which |
can help in the detection of tampered keyfiles or man in the middle |
| have begun after you created your ssh_known_hosts file. |
attacks which have begun after the ssh_known_hosts file was created. |
| .Sh EXAMPLES |
.Sh EXAMPLES |
| .Pp |
.Pp |
| Print the |
Print the |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh-keyscan.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh