Annotation of src/usr.bin/ssh/ssh-keyscan.1, Revision 1.14.4.2
1.14.4.2! brad 1: .\" $OpenBSD: ssh-keyscan.1,v 1.17 2003/06/10 09:12:11 jmc Exp $
1.4 deraadt 2: .\"
3: .\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
4: .\"
5: .\" Modification and redistribution in source and binary forms is
6: .\" permitted provided that due credit is given to the author and the
1.6 pvalchev 7: .\" OpenBSD project by leaving this copyright notice intact.
1.3 niklas 8: .\"
1.1 markus 9: .Dd January 1, 1996
1.4 deraadt 10: .Dt SSH-KEYSCAN 1
1.1 markus 11: .Os
12: .Sh NAME
13: .Nm ssh-keyscan
14: .Nd gather ssh public keys
15: .Sh SYNOPSIS
16: .Nm ssh-keyscan
1.14.4.1 margarid 17: .Bk -words
1.10 markus 18: .Op Fl v46
19: .Op Fl p Ar port
20: .Op Fl T Ar timeout
21: .Op Fl t Ar type
22: .Op Fl f Ar file
23: .Op Ar host | addrlist namelist
24: .Op Ar ...
1.14.4.1 margarid 25: .Ek
1.1 markus 26: .Sh DESCRIPTION
27: .Nm
28: is a utility for gathering the public ssh host keys of a number of
1.14.4.1 margarid 29: hosts.
30: It was designed to aid in building and verifying
1.1 markus 31: .Pa ssh_known_hosts
32: files.
33: .Nm
34: provides a minimal interface suitable for use by shell and perl
35: scripts.
36: .Pp
37: .Nm
38: uses non-blocking socket I/O to contact as many hosts as possible in
1.14.4.1 margarid 39: parallel, so it is very efficient.
40: The keys from a domain of 1,000
1.1 markus 41: hosts can be collected in tens of seconds, even when some of those
1.14.4.1 margarid 42: hosts are down or do not run ssh.
43: For scanning, one does not need
1.12 deraadt 44: login access to the machines that are being scanned, nor does the
45: scanning process involve any encryption.
1.9 mpech 46: .Pp
47: The options are as follows:
1.1 markus 48: .Bl -tag -width Ds
1.10 markus 49: .It Fl p Ar port
50: Port to connect to on the remote host.
1.11 stevesk 51: .It Fl T Ar timeout
1.14.4.1 margarid 52: Set the timeout for connection attempts.
53: If
1.1 markus 54: .Pa timeout
55: seconds have elapsed since a connection was initiated to a host or since the
56: last time anything was read from that host, then the connection is
1.14.4.1 margarid 57: closed and the host in question considered unavailable.
58: Default is 5 seconds.
1.10 markus 59: .It Fl t Ar type
1.11 stevesk 60: Specifies the type of the key to fetch from the scanned hosts.
1.10 markus 61: The possible values are
62: .Dq rsa1
63: for protocol version 1 and
64: .Dq rsa
65: or
66: .Dq dsa
67: for protocol version 2.
68: Multiple values may be specified by separating them with commas.
69: The default is
70: .Dq rsa1 .
71: .It Fl f Ar filename
1.8 itojun 72: Read hosts or
1.1 markus 73: .Pa addrlist namelist
74: pairs from this file, one per line.
75: If
76: .Pa -
77: is supplied instead of a filename,
78: .Nm
1.8 itojun 79: will read hosts or
1.1 markus 80: .Pa addrlist namelist
81: pairs from the standard input.
1.10 markus 82: .It Fl v
83: Verbose mode.
84: Causes
85: .Nm
86: to print debugging messages about its progress.
87: .It Fl 4
88: Forces
89: .Nm
90: to use IPv4 addresses only.
91: .It Fl 6
92: Forces
93: .Nm
94: to use IPv6 addresses only.
1.2 itojun 95: .El
1.9 mpech 96: .Sh SECURITY
1.12 deraadt 97: If a ssh_known_hosts file is constructed using
1.9 mpech 98: .Nm
1.12 deraadt 99: without verifying the keys, users will be vulnerable to
1.9 mpech 100: .I man in the middle
101: attacks.
1.12 deraadt 102: On the other hand, if the security model allows such a risk,
1.9 mpech 103: .Nm
1.12 deraadt 104: can help in the detection of tampered keyfiles or man in the middle
105: attacks which have begun after the ssh_known_hosts file was created.
1.1 markus 106: .Sh FILES
107: .Pa Input format:
1.10 markus 108: .Bd -literal
1.1 markus 109: 1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4
1.10 markus 110: .Ed
1.1 markus 111: .Pp
1.10 markus 112: .Pa Output format for rsa1 keys:
113: .Bd -literal
1.1 markus 114: host-or-namelist bits exponent modulus
1.10 markus 115: .Ed
116: .Pp
117: .Pa Output format for rsa and dsa keys:
118: .Bd -literal
119: host-or-namelist keytype base64-encoded-key
120: .Ed
121: .Pp
122: Where
123: .Pa keytype
124: is either
125: .Dq ssh-rsa
126: or
1.14.4.2! brad 127: .Dq ssh-dss .
1.1 markus 128: .Pp
1.13 deraadt 129: .Pa /etc/ssh/ssh_known_hosts
1.14.4.2! brad 130: .Sh EXAMPLES
! 131: Print the
! 132: .Pa rsa1
! 133: host key for machine
! 134: .Pa hostname :
! 135: .Bd -literal
! 136: $ ssh-keyscan hostname
! 137: .Ed
! 138: .Pp
! 139: Find all hosts from the file
! 140: .Pa ssh_hosts
! 141: which have new or different keys from those in the sorted file
! 142: .Pa ssh_known_hosts :
! 143: .Bd -literal
! 144: $ ssh-keyscan -t rsa,dsa -f ssh_hosts | \e
! 145: sort -u - ssh_known_hosts | diff ssh_known_hosts -
! 146: .Ed
1.1 markus 147: .Sh SEE ALSO
1.4 deraadt 148: .Xr ssh 1 ,
1.1 markus 149: .Xr sshd 8
1.7 mpech 150: .Sh AUTHORS
1.14.4.2! brad 151: .An David Mazieres Aq dm@lcs.mit.edu
1.10 markus 152: wrote the initial version, and
1.14.4.2! brad 153: .An Wayne Davison Aq wayned@users.sourceforge.net
1.10 markus 154: added support for protocol version 2.
1.14.4.2! brad 155: .Sh BUGS
! 156: It generates "Connection closed by remote host" messages on the consoles
! 157: of all the machines it scans if the server is older than version 2.9.
! 158: This is because it opens a connection to the ssh port, reads the public
! 159: key, and drops the connection as soon as it gets the key.