Annotation of src/usr.bin/ssh/ssh-keyscan.1, Revision 1.5
1.5 ! ian 1: .\" $OpenBSD: ssh-keyscan.1,v 1.4 2001/03/01 03:38:33 deraadt Exp $
1.4 deraadt 2: .\"
3: .\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
4: .\"
5: .\" Modification and redistribution in source and binary forms is
6: .\" permitted provided that due credit is given to the author and the
7: .\" OpenBSD project (for instance by leaving this copyright notice
8: .\" intact).
1.3 niklas 9: .\"
1.1 markus 10: .Dd January 1, 1996
1.4 deraadt 11: .Dt SSH-KEYSCAN 1
1.1 markus 12: .Os
13: .Sh NAME
14: .Nm ssh-keyscan
15: .Nd gather ssh public keys
16: .Sh SYNOPSIS
17: .Nm ssh-keyscan
18: .Op Fl t Ar timeout
19: .Op Ar -- | host | addrlist namelist
20: .Op Fl f Ar files ...
21: .Sh DESCRIPTION
22: .Nm
23: is a utility for gathering the public ssh host keys of a number of
24: hosts. It was designed to aid in building and verifying
25: .Pa ssh_known_hosts
26: files.
27: .Nm
28: provides a minimal interface suitable for use by shell and perl
29: scripts.
30: .Pp
31: .Nm
32: uses non-blocking socket I/O to contact as many hosts as possible in
33: parallel, so it is very efficient. The keys from a domain of 1,000
34: hosts can be collected in tens of seconds, even when some of those
35: hosts are down or do not run ssh. You do not need login access to the
1.5 ! ian 36: machines you are scanning, nor does the scanning process involve
1.1 markus 37: any encryption.
38: .Sh SECURITY
39: If you make an ssh_known_hosts file using
40: .Nm
41: without verifying the keys, you will be vulnerable to
42: .I man in the middle
43: attacks.
44: On the other hand, if your security model allows such a risk,
45: .Nm
46: can help you detect tampered keyfiles or man in the middle attacks which
47: have begun after you created your ssh_known_hosts file.
48: .Sh OPTIONS
49: .Bl -tag -width Ds
50: .It Fl t
51: Set the timeout for connection attempts. If
52: .Pa timeout
53: seconds have elapsed since a connection was initiated to a host or since the
54: last time anything was read from that host, then the connection is
55: closed and the host in question considered unavailable. Default is 5
56: seconds.
57: .It Fl f
58: Read hosts or
59: .Pa addrlist namelist
60: pairs from this file, one per line.
61: If
62: .Pa -
63: is supplied instead of a filename,
64: .Nm
65: will read hosts or
66: .Pa addrlist namelist
67: pairs from the standard input.
1.2 itojun 68: .El
1.1 markus 69: .Sh EXAMPLES
70: .Pp
71: Print the host key for machine
72: .Pa hostname :
73: .Bd -literal
74: ssh-keyscan hostname
75: .Ed
76: .Pp
77: Find all hosts from the file
78: .Pa ssh_hosts
79: which have new or different keys from those in the sorted file
80: .Pa ssh_known_hosts :
81: .Bd -literal
1.4 deraadt 82: $ ssh-keyscan -f ssh_hosts | sort -u - ssh_known_hosts | \e\
1.1 markus 83: diff ssh_known_hosts -
84: .Ed
85: .Pp
86: .Sh FILES
87: .Pp
88: .Pa Input format:
89: 1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4
90: .Pp
91: .Pa Output format:
92: host-or-namelist bits exponent modulus
93: .Pp
94: .Pa /etc/ssh_known_hosts
95: .Sh BUGS
96: It generates "Connection closed by remote host" messages on the consoles
97: of all the machines it scans.
98: This is because it opens a connection to the ssh port, reads the public
99: key, and drops the connection as soon as it gets the key.
100: .Sh SEE ALSO
1.4 deraadt 101: .Xr ssh 1 ,
1.1 markus 102: .Xr sshd 8
103: .Sh AUTHOR
104: David Mazieres <dm@lcs.mit.edu>