=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh-keyscan.1,v retrieving revision 1.17 retrieving revision 1.17.4.2 diff -u -r1.17 -r1.17.4.2 --- src/usr.bin/ssh/ssh-keyscan.1 2003/06/10 09:12:11 1.17 +++ src/usr.bin/ssh/ssh-keyscan.1 2005/03/10 17:15:05 1.17.4.2 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keyscan.1,v 1.17 2003/06/10 09:12:11 jmc Exp $ +.\" $OpenBSD: ssh-keyscan.1,v 1.17.4.2 2005/03/10 17:15:05 brad Exp $ .\" .\" Copyright 1995, 1996 by David Mazieres . .\" @@ -15,11 +15,11 @@ .Sh SYNOPSIS .Nm ssh-keyscan .Bk -words -.Op Fl v46 +.Op Fl 46Hv +.Op Fl f Ar file .Op Fl p Ar port .Op Fl T Ar timeout .Op Fl t Ar type -.Op Fl f Ar file .Op Ar host | addrlist namelist .Op Ar ... .Ek @@ -46,6 +46,33 @@ .Pp The options are as follows: .Bl -tag -width Ds +.It Fl 4 +Forces +.Nm +to use IPv4 addresses only. +.It Fl 6 +Forces +.Nm +to use IPv6 addresses only. +.It Fl f Ar file +Read hosts or +.Pa addrlist namelist +pairs from this file, one per line. +If +.Pa - +is supplied instead of a filename, +.Nm +will read hosts or +.Pa addrlist namelist +pairs from the standard input. +.It Fl H +Hash all hostnames and addresses in the output. +Hashed names may be used normally by +.Nm ssh +and +.Nm sshd , +but they do not reveal identifying information should the file's contents +be disclosed. .It Fl p Ar port Port to connect to on the remote host. .It Fl T Ar timeout @@ -68,36 +95,17 @@ Multiple values may be specified by separating them with commas. The default is .Dq rsa1 . -.It Fl f Ar filename -Read hosts or -.Pa addrlist namelist -pairs from this file, one per line. -If -.Pa - -is supplied instead of a filename, -.Nm -will read hosts or -.Pa addrlist namelist -pairs from the standard input. .It Fl v Verbose mode. Causes .Nm to print debugging messages about its progress. -.It Fl 4 -Forces -.Nm -to use IPv4 addresses only. -.It Fl 6 -Forces -.Nm -to use IPv6 addresses only. .El .Sh SECURITY If a ssh_known_hosts file is constructed using .Nm without verifying the keys, users will be vulnerable to -.I man in the middle +.Em man in the middle attacks. On the other hand, if the security model allows such a risk, .Nm