summaryrefslogtreecommitdiff
path: root/ssh-keyscan.0
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2010-08-23 22:56:08 +0100
committerColin Watson <cjwatson@debian.org>2010-08-23 22:56:08 +0100
commit31e30b835fd9695d3b6647cab4867001b092e28f (patch)
tree138e715c25661825457c7280cd66e3f4853d474c /ssh-keyscan.0
parent78eedc2c60ff4718200f9271d8ee4f437da3a0c5 (diff)
parent43094ebf14c9b16f1ea398bc5b65a7335e947288 (diff)
merge 5.6p1
Diffstat (limited to 'ssh-keyscan.0')
-rw-r--r--ssh-keyscan.033
1 files changed, 17 insertions, 16 deletions
diff --git a/ssh-keyscan.0 b/ssh-keyscan.0
index 8a0ef60e4..9bf4cc252 100644
--- a/ssh-keyscan.0
+++ b/ssh-keyscan.0
@@ -8,17 +8,17 @@ SYNOPSIS
8 [host | addrlist namelist] ... 8 [host | addrlist namelist] ...
9 9
10DESCRIPTION 10DESCRIPTION
11 ssh-keyscan is a utility for gathering the public ssh host keys of a num- 11 ssh-keyscan is a utility for gathering the public ssh host keys of a
12 ber of hosts. It was designed to aid in building and verifying 12 number of hosts. It was designed to aid in building and verifying
13 ssh_known_hosts files. ssh-keyscan provides a minimal interface suitable 13 ssh_known_hosts files. ssh-keyscan provides a minimal interface suitable
14 for use by shell and perl scripts. 14 for use by shell and perl scripts.
15 15
16 ssh-keyscan uses non-blocking socket I/O to contact as many hosts as pos- 16 ssh-keyscan uses non-blocking socket I/O to contact as many hosts as
17 sible in parallel, so it is very efficient. The keys from a domain of 17 possible in parallel, so it is very efficient. The keys from a domain of
18 1,000 hosts can be collected in tens of seconds, even when some of those 18 1,000 hosts can be collected in tens of seconds, even when some of those
19 hosts are down or do not run ssh. For scanning, one does not need login 19 hosts are down or do not run ssh. For scanning, one does not need login
20 access to the machines that are being scanned, nor does the scanning pro- 20 access to the machines that are being scanned, nor does the scanning
21 cess involve any encryption. 21 process involve any encryption.
22 22
23 The options are as follows: 23 The options are as follows:
24 24
@@ -32,8 +32,8 @@ DESCRIPTION
32 read hosts or addrlist namelist pairs from the standard input. 32 read hosts or addrlist namelist pairs from the standard input.
33 33
34 -H Hash all hostnames and addresses in the output. Hashed names may 34 -H Hash all hostnames and addresses in the output. Hashed names may
35 be used normally by ssh and sshd, but they do not reveal identi- 35 be used normally by ssh and sshd, but they do not reveal
36 fying information should the file's contents be disclosed. 36 identifying information should the file's contents be disclosed.
37 37
38 -p port 38 -p port
39 Port to connect to on the remote host. 39 Port to connect to on the remote host.
@@ -42,8 +42,8 @@ DESCRIPTION
42 Set the timeout for connection attempts. If timeout seconds have 42 Set the timeout for connection attempts. If timeout seconds have
43 elapsed since a connection was initiated to a host or since the 43 elapsed since a connection was initiated to a host or since the
44 last time anything was read from that host, then the connection 44 last time anything was read from that host, then the connection
45 is closed and the host in question considered unavailable. De- 45 is closed and the host in question considered unavailable.
46 fault is 5 seconds. 46 Default is 5 seconds.
47 47
48 -t type 48 -t type
49 Specifies the type of the key to fetch from the scanned hosts. 49 Specifies the type of the key to fetch from the scanned hosts.
@@ -56,11 +56,12 @@ DESCRIPTION
56 about its progress. 56 about its progress.
57 57
58SECURITY 58SECURITY
59 If an ssh_known_hosts file is constructed using ssh-keyscan without veri- 59 If an ssh_known_hosts file is constructed using ssh-keyscan without
60 fying the keys, users will be vulnerable to man in the middle attacks. 60 verifying the keys, users will be vulnerable to man in the middle
61 On the other hand, if the security model allows such a risk, ssh-keyscan 61 attacks. On the other hand, if the security model allows such a risk,
62 can help in the detection of tampered keyfiles or man in the middle at- 62 ssh-keyscan can help in the detection of tampered keyfiles or man in the
63 tacks which have begun after the ssh_known_hosts file was created. 63 middle attacks which have begun after the ssh_known_hosts file was
64 created.
64 65
65FILES 66FILES
66 Input format: 67 Input format:
@@ -104,4 +105,4 @@ BUGS
104 This is because it opens a connection to the ssh port, reads the public 105 This is because it opens a connection to the ssh port, reads the public
105 key, and drops the connection as soon as it gets the key. 106 key, and drops the connection as soon as it gets the key.
106 107
107OpenBSD 4.7 January 9, 2010 2 108OpenBSD 4.8 January 9, 2010 OpenBSD 4.8