=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh-keyscan.1,v retrieving revision 1.14.6.3 retrieving revision 1.15 diff -u -r1.14.6.3 -r1.15 --- src/usr.bin/ssh/ssh-keyscan.1 2004/03/04 18:18:16 1.14.6.3 +++ src/usr.bin/ssh/ssh-keyscan.1 2003/03/28 10:11:43 1.15 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keyscan.1,v 1.14.6.3 2004/03/04 18:18:16 brad Exp $ +.\" $OpenBSD: ssh-keyscan.1,v 1.15 2003/03/28 10:11:43 jmc Exp $ .\" .\" Copyright 1995, 1996 by David Mazieres . .\" @@ -103,6 +103,24 @@ .Nm can help in the detection of tampered keyfiles or man in the middle attacks which have begun after the ssh_known_hosts file was created. +.Sh EXAMPLES +.Pp +Print the +.Pa rsa1 +host key for machine +.Pa hostname : +.Bd -literal +$ ssh-keyscan hostname +.Ed +.Pp +Find all hosts from the file +.Pa ssh_hosts +which have new or different keys from those in the sorted file +.Pa ssh_known_hosts : +.Bd -literal +$ ssh-keyscan -t rsa,dsa -f ssh_hosts | \e\ + sort -u - ssh_known_hosts | diff ssh_known_hosts - +.Ed .Sh FILES .Pa Input format: .Bd -literal @@ -124,36 +142,19 @@ is either .Dq ssh-rsa or -.Dq ssh-dss . +.Dq ssh-dsa . .Pp .Pa /etc/ssh/ssh_known_hosts -.Sh EXAMPLES -Print the -.Pa rsa1 -host key for machine -.Pa hostname : -.Bd -literal -$ ssh-keyscan hostname -.Ed -.Pp -Find all hosts from the file -.Pa ssh_hosts -which have new or different keys from those in the sorted file -.Pa ssh_known_hosts : -.Bd -literal -$ ssh-keyscan -t rsa,dsa -f ssh_hosts | \e - sort -u - ssh_known_hosts | diff ssh_known_hosts - -.Ed +.Sh BUGS +It generates "Connection closed by remote host" messages on the consoles +of all the machines it scans if the server is older than version 2.9. +This is because it opens a connection to the ssh port, reads the public +key, and drops the connection as soon as it gets the key. .Sh SEE ALSO .Xr ssh 1 , .Xr sshd 8 .Sh AUTHORS -.An David Mazieres Aq dm@lcs.mit.edu +David Mazieres wrote the initial version, and -.An Wayne Davison Aq wayned@users.sourceforge.net +Wayne Davison added support for protocol version 2. -.Sh BUGS -It generates "Connection closed by remote host" messages on the consoles -of all the machines it scans if the server is older than version 2.9. -This is because it opens a connection to the ssh port, reads the public -key, and drops the connection as soon as it gets the key.