| version 1.14.4.2, 2003/09/16 21:20:28 |
version 1.15, 2003/03/28 10:11:43 |
|
|
| .Nm |
.Nm |
| can help in the detection of tampered keyfiles or man in the middle |
can help in the detection of tampered keyfiles or man in the middle |
| attacks which have begun after the ssh_known_hosts file was created. |
attacks which have begun after the ssh_known_hosts file was created. |
| |
.Sh EXAMPLES |
| |
.Pp |
| |
Print the |
| |
.Pa rsa1 |
| |
host key for machine |
| |
.Pa hostname : |
| |
.Bd -literal |
| |
$ ssh-keyscan hostname |
| |
.Ed |
| |
.Pp |
| |
Find all hosts from the file |
| |
.Pa ssh_hosts |
| |
which have new or different keys from those in the sorted file |
| |
.Pa ssh_known_hosts : |
| |
.Bd -literal |
| |
$ ssh-keyscan -t rsa,dsa -f ssh_hosts | \e\ |
| |
sort -u - ssh_known_hosts | diff ssh_known_hosts - |
| |
.Ed |
| .Sh FILES |
.Sh FILES |
| .Pa Input format: |
.Pa Input format: |
| .Bd -literal |
.Bd -literal |
|
|
| is either |
is either |
| .Dq ssh-rsa |
.Dq ssh-rsa |
| or |
or |
| .Dq ssh-dss . |
.Dq ssh-dsa . |
| .Pp |
.Pp |
| .Pa /etc/ssh/ssh_known_hosts |
.Pa /etc/ssh/ssh_known_hosts |
| .Sh EXAMPLES |
.Sh BUGS |
| Print the |
It generates "Connection closed by remote host" messages on the consoles |
| .Pa rsa1 |
of all the machines it scans if the server is older than version 2.9. |
| host key for machine |
This is because it opens a connection to the ssh port, reads the public |
| .Pa hostname : |
key, and drops the connection as soon as it gets the key. |
| .Bd -literal |
|
| $ ssh-keyscan hostname |
|
| .Ed |
|
| .Pp |
|
| Find all hosts from the file |
|
| .Pa ssh_hosts |
|
| which have new or different keys from those in the sorted file |
|
| .Pa ssh_known_hosts : |
|
| .Bd -literal |
|
| $ ssh-keyscan -t rsa,dsa -f ssh_hosts | \e |
|
| sort -u - ssh_known_hosts | diff ssh_known_hosts - |
|
| .Ed |
|
| .Sh SEE ALSO |
.Sh SEE ALSO |
| .Xr ssh 1 , |
.Xr ssh 1 , |
| .Xr sshd 8 |
.Xr sshd 8 |
| .Sh AUTHORS |
.Sh AUTHORS |
| .An David Mazieres Aq dm@lcs.mit.edu |
David Mazieres <dm@lcs.mit.edu> |
| wrote the initial version, and |
wrote the initial version, and |
| .An Wayne Davison Aq wayned@users.sourceforge.net |
Wayne Davison <wayned@users.sourceforge.net> |
| added support for protocol version 2. |
added support for protocol version 2. |
| .Sh BUGS |
|
| It generates "Connection closed by remote host" messages on the consoles |
|
| of all the machines it scans if the server is older than version 2.9. |
|
| This is because it opens a connection to the ssh port, reads the public |
|
| key, and drops the connection as soon as it gets the key. |
|
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh-keyscan.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh