| version 1.16, 2003/05/12 18:35:18 |
version 1.17, 2003/06/10 09:12:11 |
|
|
| .Nm |
.Nm |
| can help in the detection of tampered keyfiles or man in the middle |
can help in the detection of tampered keyfiles or man in the middle |
| attacks which have begun after the ssh_known_hosts file was created. |
attacks which have begun after the ssh_known_hosts file was created. |
| .Sh EXAMPLES |
|
| .Pp |
|
| Print the |
|
| .Pa rsa1 |
|
| host key for machine |
|
| .Pa hostname : |
|
| .Bd -literal |
|
| $ ssh-keyscan hostname |
|
| .Ed |
|
| .Pp |
|
| Find all hosts from the file |
|
| .Pa ssh_hosts |
|
| which have new or different keys from those in the sorted file |
|
| .Pa ssh_known_hosts : |
|
| .Bd -literal |
|
| $ ssh-keyscan -t rsa,dsa -f ssh_hosts | \e\ |
|
| sort -u - ssh_known_hosts | diff ssh_known_hosts - |
|
| .Ed |
|
| .Sh FILES |
.Sh FILES |
| .Pa Input format: |
.Pa Input format: |
| .Bd -literal |
.Bd -literal |
|
|
| .Dq ssh-dss . |
.Dq ssh-dss . |
| .Pp |
.Pp |
| .Pa /etc/ssh/ssh_known_hosts |
.Pa /etc/ssh/ssh_known_hosts |
| .Sh BUGS |
.Sh EXAMPLES |
| It generates "Connection closed by remote host" messages on the consoles |
Print the |
| of all the machines it scans if the server is older than version 2.9. |
.Pa rsa1 |
| This is because it opens a connection to the ssh port, reads the public |
host key for machine |
| key, and drops the connection as soon as it gets the key. |
.Pa hostname : |
| |
.Bd -literal |
| |
$ ssh-keyscan hostname |
| |
.Ed |
| |
.Pp |
| |
Find all hosts from the file |
| |
.Pa ssh_hosts |
| |
which have new or different keys from those in the sorted file |
| |
.Pa ssh_known_hosts : |
| |
.Bd -literal |
| |
$ ssh-keyscan -t rsa,dsa -f ssh_hosts | \e |
| |
sort -u - ssh_known_hosts | diff ssh_known_hosts - |
| |
.Ed |
| .Sh SEE ALSO |
.Sh SEE ALSO |
| .Xr ssh 1 , |
.Xr ssh 1 , |
| .Xr sshd 8 |
.Xr sshd 8 |
| .Sh AUTHORS |
.Sh AUTHORS |
| David Mazieres <dm@lcs.mit.edu> |
.An David Mazieres Aq dm@lcs.mit.edu |
| wrote the initial version, and |
wrote the initial version, and |
| Wayne Davison <wayned@users.sourceforge.net> |
.An Wayne Davison Aq wayned@users.sourceforge.net |
| added support for protocol version 2. |
added support for protocol version 2. |
| |
.Sh BUGS |
| |
It generates "Connection closed by remote host" messages on the consoles |
| |
of all the machines it scans if the server is older than version 2.9. |
| |
This is because it opens a connection to the ssh port, reads the public |
| |
key, and drops the connection as soon as it gets the key. |
![[BACK]](/icons/back.gif){kind=icon}
Return to ssh-keyscan.1 CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / ssh