diff options
| -rw-r--r-- | ChangeLog | 9 | ||||
| -rw-r--r-- | ssh-keyscan.1 | 25 |
2 files changed, 21 insertions, 13 deletions
| @@ -125,6 +125,13 @@ | |||
| 125 | - jakob@cvs.openbsd.org 2001/08/02 16:14:05 | 125 | - jakob@cvs.openbsd.org 2001/08/02 16:14:05 |
| 126 | [scard.c ssh-agent.c ssh.c ssh-keygen.c] | 126 | [scard.c ssh-agent.c ssh.c ssh-keygen.c] |
| 127 | clean up some /* SMARTCARD */. ok markus@ | 127 | clean up some /* SMARTCARD */. ok markus@ |
| 128 | - mpech@cvs.openbsd.org 2001/08/02 18:37:35 | ||
| 129 | [ssh-keyscan.1] | ||
| 130 | o) .Sh AUTHOR -> .Sh AUTHORS; | ||
| 131 | o) .Sh EXAMPLE -> .Sh EXAMPLES; | ||
| 132 | o) Delete .Sh OPTIONS. Text moved to .Sh DESCRIPTION; | ||
| 133 | |||
| 134 | millert@ ok | ||
| 128 | 135 | ||
| 129 | 20010803 | 136 | 20010803 |
| 130 | - (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on | 137 | - (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on |
| @@ -6235,4 +6242,4 @@ | |||
| 6235 | - Wrote replacements for strlcpy and mkdtemp | 6242 | - Wrote replacements for strlcpy and mkdtemp |
| 6236 | - Released 1.0pre1 | 6243 | - Released 1.0pre1 |
| 6237 | 6244 | ||
| 6238 | $Id: ChangeLog,v 1.1459 2001/08/06 21:59:25 mouring Exp $ | 6245 | $Id: ChangeLog,v 1.1460 2001/08/06 22:01:29 mouring Exp $ |
diff --git a/ssh-keyscan.1 b/ssh-keyscan.1 index 328d95ab1..80119aa21 100644 --- a/ssh-keyscan.1 +++ b/ssh-keyscan.1 | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | .\" $OpenBSD: ssh-keyscan.1,v 1.8 2001/06/23 17:48:18 itojun Exp $ | 1 | .\" $OpenBSD: ssh-keyscan.1,v 1.9 2001/08/02 18:37:35 mpech Exp $ |
| 2 | .\" | 2 | .\" |
| 3 | .\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. | 3 | .\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. |
| 4 | .\" | 4 | .\" |
| @@ -34,17 +34,8 @@ hosts can be collected in tens of seconds, even when some of those | |||
| 34 | hosts are down or do not run ssh. You do not need login access to the | 34 | hosts are down or do not run ssh. You do not need login access to the |
| 35 | machines you are scanning, nor does the scanning process involve | 35 | machines you are scanning, nor does the scanning process involve |
| 36 | any encryption. | 36 | any encryption. |
| 37 | .Sh SECURITY | 37 | .Pp |
| 38 | If you make an ssh_known_hosts file using | 38 | The options are as follows: |
| 39 | .Nm | ||
| 40 | without verifying the keys, you will be vulnerable to | ||
| 41 | .I man in the middle | ||
| 42 | attacks. | ||
| 43 | On the other hand, if your security model allows such a risk, | ||
| 44 | .Nm | ||
| 45 | can help you detect tampered keyfiles or man in the middle attacks which | ||
| 46 | have begun after you created your ssh_known_hosts file. | ||
| 47 | .Sh OPTIONS | ||
| 48 | .Bl -tag -width Ds | 39 | .Bl -tag -width Ds |
| 49 | .It Fl t | 40 | .It Fl t |
| 50 | Set the timeout for connection attempts. If | 41 | Set the timeout for connection attempts. If |
| @@ -65,6 +56,16 @@ will read hosts or | |||
| 65 | .Pa addrlist namelist | 56 | .Pa addrlist namelist |
| 66 | pairs from the standard input. | 57 | pairs from the standard input. |
| 67 | .El | 58 | .El |
| 59 | .Sh SECURITY | ||
| 60 | If you make an ssh_known_hosts file using | ||
| 61 | .Nm | ||
| 62 | without verifying the keys, you will be vulnerable to | ||
| 63 | .I man in the middle | ||
| 64 | attacks. | ||
| 65 | On the other hand, if your security model allows such a risk, | ||
| 66 | .Nm | ||
| 67 | can help you detect tampered keyfiles or man in the middle attacks which | ||
| 68 | have begun after you created your ssh_known_hosts file. | ||
| 68 | .Sh EXAMPLES | 69 | .Sh EXAMPLES |
| 69 | Print the host key for machine | 70 | Print the host key for machine |
| 70 | .Pa hostname : | 71 | .Pa hostname : |