diff options
Diffstat (limited to 'ssh-keyscan.1')
-rw-r--r-- | ssh-keyscan.1 | 25 |
1 files changed, 13 insertions, 12 deletions
diff --git a/ssh-keyscan.1 b/ssh-keyscan.1 index 328d95ab1..80119aa21 100644 --- a/ssh-keyscan.1 +++ b/ssh-keyscan.1 | |||
@@ -1,4 +1,4 @@ | |||
1 | .\" $OpenBSD: ssh-keyscan.1,v 1.8 2001/06/23 17:48:18 itojun Exp $ | 1 | .\" $OpenBSD: ssh-keyscan.1,v 1.9 2001/08/02 18:37:35 mpech Exp $ |
2 | .\" | 2 | .\" |
3 | .\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. | 3 | .\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. |
4 | .\" | 4 | .\" |
@@ -34,17 +34,8 @@ hosts can be collected in tens of seconds, even when some of those | |||
34 | hosts are down or do not run ssh. You do not need login access to the | 34 | hosts are down or do not run ssh. You do not need login access to the |
35 | machines you are scanning, nor does the scanning process involve | 35 | machines you are scanning, nor does the scanning process involve |
36 | any encryption. | 36 | any encryption. |
37 | .Sh SECURITY | 37 | .Pp |
38 | If you make an ssh_known_hosts file using | 38 | The options are as follows: |
39 | .Nm | ||
40 | without verifying the keys, you will be vulnerable to | ||
41 | .I man in the middle | ||
42 | attacks. | ||
43 | On the other hand, if your security model allows such a risk, | ||
44 | .Nm | ||
45 | can help you detect tampered keyfiles or man in the middle attacks which | ||
46 | have begun after you created your ssh_known_hosts file. | ||
47 | .Sh OPTIONS | ||
48 | .Bl -tag -width Ds | 39 | .Bl -tag -width Ds |
49 | .It Fl t | 40 | .It Fl t |
50 | Set the timeout for connection attempts. If | 41 | Set the timeout for connection attempts. If |
@@ -65,6 +56,16 @@ will read hosts or | |||
65 | .Pa addrlist namelist | 56 | .Pa addrlist namelist |
66 | pairs from the standard input. | 57 | pairs from the standard input. |
67 | .El | 58 | .El |
59 | .Sh SECURITY | ||
60 | If you make an ssh_known_hosts file using | ||
61 | .Nm | ||
62 | without verifying the keys, you will be vulnerable to | ||
63 | .I man in the middle | ||
64 | attacks. | ||
65 | On the other hand, if your security model allows such a risk, | ||
66 | .Nm | ||
67 | can help you detect tampered keyfiles or man in the middle attacks which | ||
68 | have begun after you created your ssh_known_hosts file. | ||
68 | .Sh EXAMPLES | 69 | .Sh EXAMPLES |
69 | Print the host key for machine | 70 | Print the host key for machine |
70 | .Pa hostname : | 71 | .Pa hostname : |