summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog9
-rw-r--r--ssh-keyscan.125
2 files changed, 21 insertions, 13 deletions
diff --git a/ChangeLog b/ChangeLog
index ffcda8ce6..a40a47b4e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -125,6 +125,13 @@
125 - jakob@cvs.openbsd.org 2001/08/02 16:14:05 125 - jakob@cvs.openbsd.org 2001/08/02 16:14:05
126 [scard.c ssh-agent.c ssh.c ssh-keygen.c] 126 [scard.c ssh-agent.c ssh.c ssh-keygen.c]
127 clean up some /* SMARTCARD */. ok markus@ 127 clean up some /* SMARTCARD */. ok markus@
128 - mpech@cvs.openbsd.org 2001/08/02 18:37:35
129 [ssh-keyscan.1]
130 o) .Sh AUTHOR -> .Sh AUTHORS;
131 o) .Sh EXAMPLE -> .Sh EXAMPLES;
132 o) Delete .Sh OPTIONS. Text moved to .Sh DESCRIPTION;
133
134 millert@ ok
128 135
12920010803 13620010803
130 - (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on 137 - (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on
@@ -6235,4 +6242,4 @@
6235 - Wrote replacements for strlcpy and mkdtemp 6242 - Wrote replacements for strlcpy and mkdtemp
6236 - Released 1.0pre1 6243 - Released 1.0pre1
6237 6244
6238$Id: ChangeLog,v 1.1459 2001/08/06 21:59:25 mouring Exp $ 6245$Id: ChangeLog,v 1.1460 2001/08/06 22:01:29 mouring Exp $
diff --git a/ssh-keyscan.1 b/ssh-keyscan.1
index 328d95ab1..80119aa21 100644
--- a/ssh-keyscan.1
+++ b/ssh-keyscan.1
@@ -1,4 +1,4 @@
1.\" $OpenBSD: ssh-keyscan.1,v 1.8 2001/06/23 17:48:18 itojun Exp $ 1.\" $OpenBSD: ssh-keyscan.1,v 1.9 2001/08/02 18:37:35 mpech Exp $
2.\" 2.\"
3.\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. 3.\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
4.\" 4.\"
@@ -34,17 +34,8 @@ hosts can be collected in tens of seconds, even when some of those
34hosts are down or do not run ssh. You do not need login access to the 34hosts are down or do not run ssh. You do not need login access to the
35machines you are scanning, nor does the scanning process involve 35machines you are scanning, nor does the scanning process involve
36any encryption. 36any encryption.
37.Sh SECURITY 37.Pp
38If you make an ssh_known_hosts file using 38The options are as follows:
39.Nm
40without verifying the keys, you will be vulnerable to
41.I man in the middle
42attacks.
43On the other hand, if your security model allows such a risk,
44.Nm
45can help you detect tampered keyfiles or man in the middle attacks which
46have begun after you created your ssh_known_hosts file.
47.Sh OPTIONS
48.Bl -tag -width Ds 39.Bl -tag -width Ds
49.It Fl t 40.It Fl t
50Set the timeout for connection attempts. If 41Set the timeout for connection attempts. If
@@ -65,6 +56,16 @@ will read hosts or
65.Pa addrlist namelist 56.Pa addrlist namelist
66pairs from the standard input. 57pairs from the standard input.
67.El 58.El
59.Sh SECURITY
60If you make an ssh_known_hosts file using
61.Nm
62without verifying the keys, you will be vulnerable to
63.I man in the middle
64attacks.
65On the other hand, if your security model allows such a risk,
66.Nm
67can help you detect tampered keyfiles or man in the middle attacks which
68have begun after you created your ssh_known_hosts file.
68.Sh EXAMPLES 69.Sh EXAMPLES
69Print the host key for machine 70Print the host key for machine
70.Pa hostname : 71.Pa hostname :