diff options
| author | Colin Watson <cjwatson@debian.org> | 2010-08-23 22:56:08 +0100 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2010-08-23 22:56:08 +0100 |
| commit | 31e30b835fd9695d3b6647cab4867001b092e28f (patch) | |
| tree | 138e715c25661825457c7280cd66e3f4853d474c /ssh-keyscan.0 | |
| parent | 78eedc2c60ff4718200f9271d8ee4f437da3a0c5 (diff) | |
| parent | 43094ebf14c9b16f1ea398bc5b65a7335e947288 (diff) | |
merge 5.6p1
Diffstat (limited to 'ssh-keyscan.0')
| -rw-r--r-- | ssh-keyscan.0 | 33 |
1 files changed, 17 insertions, 16 deletions
diff --git a/ssh-keyscan.0 b/ssh-keyscan.0 index 8a0ef60e4..9bf4cc252 100644 --- a/ssh-keyscan.0 +++ b/ssh-keyscan.0 | |||
| @@ -8,17 +8,17 @@ SYNOPSIS | |||
| 8 | [host | addrlist namelist] ... | 8 | [host | addrlist namelist] ... |
| 9 | 9 | ||
| 10 | DESCRIPTION | 10 | DESCRIPTION |
| 11 | ssh-keyscan is a utility for gathering the public ssh host keys of a num- | 11 | ssh-keyscan is a utility for gathering the public ssh host keys of a |
| 12 | ber of hosts. It was designed to aid in building and verifying | 12 | number of hosts. It was designed to aid in building and verifying |
| 13 | ssh_known_hosts files. ssh-keyscan provides a minimal interface suitable | 13 | ssh_known_hosts files. ssh-keyscan provides a minimal interface suitable |
| 14 | for use by shell and perl scripts. | 14 | for use by shell and perl scripts. |
| 15 | 15 | ||
| 16 | ssh-keyscan uses non-blocking socket I/O to contact as many hosts as pos- | 16 | ssh-keyscan uses non-blocking socket I/O to contact as many hosts as |
| 17 | sible in parallel, so it is very efficient. The keys from a domain of | 17 | possible in parallel, so it is very efficient. The keys from a domain of |
| 18 | 1,000 hosts can be collected in tens of seconds, even when some of those | 18 | 1,000 hosts can be collected in tens of seconds, even when some of those |
| 19 | hosts are down or do not run ssh. For scanning, one does not need login | 19 | hosts are down or do not run ssh. For scanning, one does not need login |
| 20 | access to the machines that are being scanned, nor does the scanning pro- | 20 | access to the machines that are being scanned, nor does the scanning |
| 21 | cess involve any encryption. | 21 | process involve any encryption. |
| 22 | 22 | ||
| 23 | The options are as follows: | 23 | The options are as follows: |
| 24 | 24 | ||
| @@ -32,8 +32,8 @@ DESCRIPTION | |||
| 32 | read hosts or addrlist namelist pairs from the standard input. | 32 | read hosts or addrlist namelist pairs from the standard input. |
| 33 | 33 | ||
| 34 | -H Hash all hostnames and addresses in the output. Hashed names may | 34 | -H Hash all hostnames and addresses in the output. Hashed names may |
| 35 | be used normally by ssh and sshd, but they do not reveal identi- | 35 | be used normally by ssh and sshd, but they do not reveal |
| 36 | fying information should the file's contents be disclosed. | 36 | identifying information should the file's contents be disclosed. |
| 37 | 37 | ||
| 38 | -p port | 38 | -p port |
| 39 | Port to connect to on the remote host. | 39 | Port to connect to on the remote host. |
| @@ -42,8 +42,8 @@ DESCRIPTION | |||
| 42 | Set the timeout for connection attempts. If timeout seconds have | 42 | Set the timeout for connection attempts. If timeout seconds have |
| 43 | elapsed since a connection was initiated to a host or since the | 43 | elapsed since a connection was initiated to a host or since the |
| 44 | last time anything was read from that host, then the connection | 44 | last time anything was read from that host, then the connection |
| 45 | is closed and the host in question considered unavailable. De- | 45 | is closed and the host in question considered unavailable. |
| 46 | fault is 5 seconds. | 46 | Default is 5 seconds. |
| 47 | 47 | ||
| 48 | -t type | 48 | -t type |
| 49 | Specifies the type of the key to fetch from the scanned hosts. | 49 | Specifies the type of the key to fetch from the scanned hosts. |
| @@ -56,11 +56,12 @@ DESCRIPTION | |||
| 56 | about its progress. | 56 | about its progress. |
| 57 | 57 | ||
| 58 | SECURITY | 58 | SECURITY |
| 59 | If an ssh_known_hosts file is constructed using ssh-keyscan without veri- | 59 | If an ssh_known_hosts file is constructed using ssh-keyscan without |
| 60 | fying the keys, users will be vulnerable to man in the middle attacks. | 60 | verifying the keys, users will be vulnerable to man in the middle |
| 61 | On the other hand, if the security model allows such a risk, ssh-keyscan | 61 | attacks. On the other hand, if the security model allows such a risk, |
| 62 | can help in the detection of tampered keyfiles or man in the middle at- | 62 | ssh-keyscan can help in the detection of tampered keyfiles or man in the |
| 63 | tacks which have begun after the ssh_known_hosts file was created. | 63 | middle attacks which have begun after the ssh_known_hosts file was |
| 64 | created. | ||
| 64 | 65 | ||
| 65 | FILES | 66 | FILES |
| 66 | Input format: | 67 | Input format: |
| @@ -104,4 +105,4 @@ BUGS | |||
| 104 | This is because it opens a connection to the ssh port, reads the public | 105 | This is because it opens a connection to the ssh port, reads the public |
| 105 | key, and drops the connection as soon as it gets the key. | 106 | key, and drops the connection as soon as it gets the key. |
| 106 | 107 | ||
| 107 | OpenBSD 4.7 January 9, 2010 2 | 108 | OpenBSD 4.8 January 9, 2010 OpenBSD 4.8 |