Annotation of src/usr.bin/ssh/ssh-keyscan.1, Revision 1.43
1.43 ! jmc 1: .\" $OpenBSD: ssh-keyscan.1,v 1.42 2018/02/23 07:38:09 jmc Exp $
1.4 deraadt 2: .\"
3: .\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
4: .\"
5: .\" Modification and redistribution in source and binary forms is
6: .\" permitted provided that due credit is given to the author and the
1.6 pvalchev 7: .\" OpenBSD project by leaving this copyright notice intact.
1.3 niklas 8: .\"
1.42 jmc 9: .Dd $Mdocdate: February 23 2018 $
1.4 deraadt 10: .Dt SSH-KEYSCAN 1
1.1 markus 11: .Os
12: .Sh NAME
13: .Nm ssh-keyscan
1.43 ! jmc 14: .Nd gather SSH public keys
1.1 markus 15: .Sh SYNOPSIS
16: .Nm ssh-keyscan
1.41 djm 17: .Op Fl 46cDHv
1.20 jmc 18: .Op Fl f Ar file
1.10 markus 19: .Op Fl p Ar port
20: .Op Fl T Ar timeout
21: .Op Fl t Ar type
22: .Op Ar host | addrlist namelist
1.1 markus 23: .Sh DESCRIPTION
24: .Nm
1.43 ! jmc 25: is a utility for gathering the public SSH host keys of a number of
1.15 jmc 26: hosts.
27: It was designed to aid in building and verifying
1.1 markus 28: .Pa ssh_known_hosts
29: files.
30: .Nm
31: provides a minimal interface suitable for use by shell and perl
32: scripts.
33: .Pp
34: .Nm
35: uses non-blocking socket I/O to contact as many hosts as possible in
1.15 jmc 36: parallel, so it is very efficient.
37: The keys from a domain of 1,000
1.1 markus 38: hosts can be collected in tens of seconds, even when some of those
1.43 ! jmc 39: hosts are down or do not run
! 40: .Xr sshd 8 .
1.15 jmc 41: For scanning, one does not need
1.12 deraadt 42: login access to the machines that are being scanned, nor does the
43: scanning process involve any encryption.
1.9 mpech 44: .Pp
1.43 ! jmc 45: Input is expected in the format:
! 46: .Bd -literal -offset 3n
! 47: 1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4
! 48: .Ed
! 49: .Pp
! 50: The output format is:
! 51: .Bd -literal -offset 3n
! 52: host-or-namelist keytype base64-encoded-key
! 53: .Ed
! 54: .Pp
! 55: Where
! 56: .Ar keytype
! 57: is either
! 58: .Dq ecdsa-sha2-nistp256 ,
! 59: .Dq ecdsa-sha2-nistp384 ,
! 60: .Dq ecdsa-sha2-nistp521 ,
! 61: .Dq ssh-ed25519 ,
! 62: .Dq ssh-dss
! 63: or
! 64: .Dq ssh-rsa .
! 65: .Pp
1.9 mpech 66: The options are as follows:
1.1 markus 67: .Bl -tag -width Ds
1.20 jmc 68: .It Fl 4
1.43 ! jmc 69: Force
1.20 jmc 70: .Nm
71: to use IPv4 addresses only.
72: .It Fl 6
1.43 ! jmc 73: Force
1.20 jmc 74: .Nm
75: to use IPv6 addresses only.
1.37 djm 76: .It Fl c
77: Request certificates from target hosts instead of plain keys.
1.41 djm 78: .It Fl D
79: Print keys found as SSHFP DNS records.
80: The default is to print keys in a format usable as a
81: .Xr ssh 1
82: .Pa known_hosts
83: file.
1.20 jmc 84: .It Fl f Ar file
85: Read hosts or
1.34 jmc 86: .Dq addrlist namelist
87: pairs from
88: .Ar file ,
89: one per line.
1.20 jmc 90: If
1.43 ! jmc 91: .Sq -
1.20 jmc 92: is supplied instead of a filename,
93: .Nm
1.43 ! jmc 94: will read from the standard input.
1.19 djm 95: .It Fl H
96: Hash all hostnames and addresses in the output.
97: Hashed names may be used normally by
1.43 ! jmc 98: .Xr ssh 1
1.19 djm 99: and
1.43 ! jmc 100: .Xr sshd 8 ,
1.19 djm 101: but they do not reveal identifying information should the file's contents
102: be disclosed.
1.10 markus 103: .It Fl p Ar port
1.43 ! jmc 104: Connect to
! 105: .Ar port
! 106: on the remote host.
1.11 stevesk 107: .It Fl T Ar timeout
1.15 jmc 108: Set the timeout for connection attempts.
109: If
1.34 jmc 110: .Ar timeout
1.1 markus 111: seconds have elapsed since a connection was initiated to a host or since the
1.43 ! jmc 112: last time anything was read from that host, the connection is
1.15 jmc 113: closed and the host in question considered unavailable.
1.43 ! jmc 114: The default is 5 seconds.
1.10 markus 115: .It Fl t Ar type
1.43 ! jmc 116: Specify the type of the key to fetch from the scanned hosts.
1.10 markus 117: The possible values are
1.29 djm 118: .Dq dsa ,
1.33 naddy 119: .Dq ecdsa ,
120: .Dq ed25519 ,
1.29 djm 121: or
1.40 jmc 122: .Dq rsa .
1.10 markus 123: Multiple values may be specified by separating them with commas.
1.30 djm 124: The default is to fetch
1.35 naddy 125: .Dq rsa ,
126: .Dq ecdsa ,
1.30 djm 127: and
1.35 naddy 128: .Dq ed25519
1.30 djm 129: keys.
1.10 markus 130: .It Fl v
1.43 ! jmc 131: Verbose mode:
! 132: print debugging messages about progress.
1.2 itojun 133: .El
1.43 ! jmc 134: .Pp
1.22 ray 135: If an ssh_known_hosts file is constructed using
1.9 mpech 136: .Nm
1.12 deraadt 137: without verifying the keys, users will be vulnerable to
1.18 brad 138: .Em man in the middle
1.9 mpech 139: attacks.
1.12 deraadt 140: On the other hand, if the security model allows such a risk,
1.9 mpech 141: .Nm
1.12 deraadt 142: can help in the detection of tampered keyfiles or man in the middle
143: attacks which have begun after the ssh_known_hosts file was created.
1.1 markus 144: .Sh FILES
1.13 deraadt 145: .Pa /etc/ssh/ssh_known_hosts
1.17 jmc 146: .Sh EXAMPLES
1.43 ! jmc 147: Print the RSA host key for machine
1.34 jmc 148: .Ar hostname :
1.43 ! jmc 149: .Pp
! 150: .Dl $ ssh-keyscan -t rsa hostname
1.17 jmc 151: .Pp
152: Find all hosts from the file
153: .Pa ssh_hosts
154: which have new or different keys from those in the sorted file
155: .Pa ssh_known_hosts :
1.43 ! jmc 156: .Bd -literal -offset indent
1.35 naddy 157: $ ssh-keyscan -t rsa,dsa,ecdsa,ed25519 -f ssh_hosts | \e
1.17 jmc 158: sort -u - ssh_known_hosts | diff ssh_known_hosts -
159: .Ed
1.1 markus 160: .Sh SEE ALSO
1.4 deraadt 161: .Xr ssh 1 ,
1.1 markus 162: .Xr sshd 8
1.42 jmc 163: .Rs
164: .%D 2006
1.41 djm 165: .%R RFC 4255
1.42 jmc 166: .%T Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints
1.41 djm 167: .Re
1.7 mpech 168: .Sh AUTHORS
1.21 jaredy 169: .An -nosplit
1.31 schwarze 170: .An David Mazieres Aq Mt dm@lcs.mit.edu
1.10 markus 171: wrote the initial version, and
1.31 schwarze 172: .An Wayne Davison Aq Mt wayned@users.sourceforge.net
1.10 markus 173: added support for protocol version 2.