1 files changed, 64 insertions, 11 deletions
diff --git a/ssh-keyscan.1 b/ssh-keyscan.1
index 80119aa21..b348bc252 100644
--- a/ssh-keyscan.1
+++ b/ssh-keyscan.1
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: ssh-keyscan.1,v 1.9 2001/08/02 18:37:35 mpech Exp $
+.\"     $OpenBSD: ssh-keyscan.1,v 1.10 2001/08/05 23:18:20 markus Exp $
 .\"
 .\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
 .\"
@@ -14,9 +14,13 @@
 .Nd gather ssh public keys
 .Sh SYNOPSIS
 .Nm ssh-keyscan
-.Op Fl t Ar timeout
+.Op Fl v46
-.Op Ar -- | host | addrlist namelist
+.Op Fl p Ar port
-.Op Fl f Ar files ...
+.Op Fl T Ar timeout
+.Op Fl t Ar type
+.Op Fl f Ar file
+.Op Ar host | addrlist namelist
+.Op Ar ...
 .Sh DESCRIPTION
 .Nm
 is a utility for gathering the public ssh host keys of a number of
@@ -37,14 +41,28 @@ any encryption.
 .Pp
 The options are as follows:
 .Bl -tag -width Ds
-.It Fl t
+.It Fl p Ar port
+Port to connect to on the remote host.
+.It Fl T
 Set the timeout for connection attempts.  If
 .Pa timeout
 seconds have elapsed since a connection was initiated to a host or since the
 last time anything was read from that host, then the connection is
 closed and the host in question considered unavailable.  Default is 5
 seconds.
-.It Fl f
+.It Fl t Ar type
+Specifies the type of the key to fetch from the following hosts.
+The possible values are
+.Dq rsa1
+for protocol version 1 and
+.Dq rsa
+or
+.Dq dsa
+for protocol version 2.
+Multiple values may be specified by separating them with commas.
+The default is
+.Dq rsa1 .
+.It Fl f Ar filename
 Read hosts or
 .Pa addrlist namelist
 pairs from this file, one per line.
@@ -55,6 +73,19 @@ is supplied instead of a filename,
 will read hosts or
 .Pa addrlist namelist
 pairs from the standard input.
+.It Fl v
+Verbose mode.
+Causes
+.Nm
+to print debugging messages about its progress.
+.It Fl 4
+Forces
+.Nm
+to use IPv4 addresses only.
+.It Fl 6
+Forces
+.Nm
+to use IPv6 addresses only.
 .El
 .Sh SECURITY
 If you make an ssh_known_hosts file using
@@ -67,7 +98,10 @@ On the other hand, if your security model allows such a risk,
 can help you detect tampered keyfiles or man in the middle attacks which
 have begun after you created your ssh_known_hosts file.
 .Sh EXAMPLES
-Print the host key for machine
+.Pp
+Print the
+.Pa rsa1
+host key for machine
 .Pa hostname :
 .Bd -literal
 ssh-keyscan hostname
@@ -78,20 +112,36 @@ Find all hosts from the file
 which have new or different keys from those in the sorted file
 .Pa ssh_known_hosts :
 .Bd -literal
-$ ssh-keyscan -f ssh_hosts | sort -u - ssh_known_hosts | \e\ 
+ssh-keyscan -t rsa,dsa -f ssh_hosts | \e\ 
-        diff ssh_known_hosts -
+        sort -u - ssh_known_hosts | diff ssh_known_hosts -
 .Ed
 .Sh FILES
 .Pa Input format:
+.Bd -literal
 1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4
+.Ed
 .Pp
-.Pa Output format:
+.Pa Output format for rsa1 keys:
+.Bd -literal
 host-or-namelist bits exponent modulus
+.Ed
+.Pp
+.Pa Output format for rsa and dsa keys:
+.Bd -literal
+host-or-namelist keytype base64-encoded-key
+.Ed
+.Pp
+Where
+.Pa keytype
+is either
+.Dq ssh-rsa
+or
+.Dq ssh-dsa .
 .Pp
 .Pa /etc/ssh_known_hosts
 .Sh BUGS
 It generates "Connection closed by remote host" messages on the consoles
-of all the machines it scans.
+of all the machines it scans if the server is older than version 2.9.
 This is because it opens a connection to the ssh port, reads the public
 key, and drops the connection as soon as it gets the key.
 .Sh SEE ALSO
@@ -99,3 +149,6 @@ key, and drops the connection as soon as it gets the key.
 .Xr sshd 8
 .Sh AUTHORS
 David Mazieres <dm@lcs.mit.edu>
+wrote the initial version, and
+Wayne Davison <wayned@users.sourceforge.net>
+added support for protocol version 2.

diff --git a/ssh-keyscan.1 b/ssh-keyscan.1 index 80119aa21..b348bc252 100644 --- a/ssh-keyscan.1 +++ b/ssh-keyscan.1
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: ssh-keyscan.1,v 1.9 2001/08/02 18:37:35 mpech Exp $	1	.\" $OpenBSD: ssh-keyscan.1,v 1.10 2001/08/05 23:18:20 markus Exp $
2	.\"	2	.\"
3	.\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.	3	.\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
4	.\"	4	.\"
@@ -14,9 +14,13 @@
14	.Nd gather ssh public keys	14	.Nd gather ssh public keys
15	.Sh SYNOPSIS	15	.Sh SYNOPSIS
16	.Nm ssh-keyscan	16	.Nm ssh-keyscan
17	.Op Fl t Ar timeout	17	.Op Fl v46
18	.Op Ar -- \| host \| addrlist namelist	18	.Op Fl p Ar port
19	.Op Fl f Ar files ...	19	.Op Fl T Ar timeout
		20	.Op Fl t Ar type
		21	.Op Fl f Ar file
		22	.Op Ar host \| addrlist namelist
		23	.Op Ar ...
20	.Sh DESCRIPTION	24	.Sh DESCRIPTION
21	.Nm	25	.Nm
22	is a utility for gathering the public ssh host keys of a number of	26	is a utility for gathering the public ssh host keys of a number of
@@ -37,14 +41,28 @@ any encryption.
37	.Pp	41	.Pp
38	The options are as follows:	42	The options are as follows:
39	.Bl -tag -width Ds	43	.Bl -tag -width Ds
40	.It Fl t	44	.It Fl p Ar port
		45	Port to connect to on the remote host.
		46	.It Fl T
41	Set the timeout for connection attempts. If	47	Set the timeout for connection attempts. If
42	.Pa timeout	48	.Pa timeout
43	seconds have elapsed since a connection was initiated to a host or since the	49	seconds have elapsed since a connection was initiated to a host or since the
44	last time anything was read from that host, then the connection is	50	last time anything was read from that host, then the connection is
45	closed and the host in question considered unavailable. Default is 5	51	closed and the host in question considered unavailable. Default is 5
46	seconds.	52	seconds.
47	.It Fl f	53	.It Fl t Ar type
		54	Specifies the type of the key to fetch from the following hosts.
		55	The possible values are
		56	.Dq rsa1
		57	for protocol version 1 and
		58	.Dq rsa
		59	or
		60	.Dq dsa
		61	for protocol version 2.
		62	Multiple values may be specified by separating them with commas.
		63	The default is
		64	.Dq rsa1 .
		65	.It Fl f Ar filename
48	Read hosts or	66	Read hosts or
49	.Pa addrlist namelist	67	.Pa addrlist namelist
50	pairs from this file, one per line.	68	pairs from this file, one per line.
@@ -55,6 +73,19 @@ is supplied instead of a filename,
55	will read hosts or	73	will read hosts or
56	.Pa addrlist namelist	74	.Pa addrlist namelist
57	pairs from the standard input.	75	pairs from the standard input.
		76	.It Fl v
		77	Verbose mode.
		78	Causes
		79	.Nm
		80	to print debugging messages about its progress.
		81	.It Fl 4
		82	Forces
		83	.Nm
		84	to use IPv4 addresses only.
		85	.It Fl 6
		86	Forces
		87	.Nm
		88	to use IPv6 addresses only.
58	.El	89	.El
59	.Sh SECURITY	90	.Sh SECURITY
60	If you make an ssh_known_hosts file using	91	If you make an ssh_known_hosts file using
@@ -67,7 +98,10 @@ On the other hand, if your security model allows such a risk,
67	can help you detect tampered keyfiles or man in the middle attacks which	98	can help you detect tampered keyfiles or man in the middle attacks which
68	have begun after you created your ssh_known_hosts file.	99	have begun after you created your ssh_known_hosts file.
69	.Sh EXAMPLES	100	.Sh EXAMPLES
70	Print the host key for machine	101	.Pp
		102	Print the
		103	.Pa rsa1
		104	host key for machine
71	.Pa hostname :	105	.Pa hostname :
72	.Bd -literal	106	.Bd -literal
73	ssh-keyscan hostname	107	ssh-keyscan hostname
@@ -78,20 +112,36 @@ Find all hosts from the file
78	which have new or different keys from those in the sorted file	112	which have new or different keys from those in the sorted file
79	.Pa ssh_known_hosts :	113	.Pa ssh_known_hosts :
80	.Bd -literal	114	.Bd -literal
81	$ ssh-keyscan -f ssh_hosts \| sort -u - ssh_known_hosts \| \e\	115	ssh-keyscan -t rsa,dsa -f ssh_hosts \| \e\
82	diff ssh_known_hosts -	116	sort -u - ssh_known_hosts \| diff ssh_known_hosts -
83	.Ed	117	.Ed
84	.Sh FILES	118	.Sh FILES
85	.Pa Input format:	119	.Pa Input format:
		120	.Bd -literal
86	1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4	121	1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4
		122	.Ed
87	.Pp	123	.Pp
88	.Pa Output format:	124	.Pa Output format for rsa1 keys:
		125	.Bd -literal
89	host-or-namelist bits exponent modulus	126	host-or-namelist bits exponent modulus
		127	.Ed
		128	.Pp
		129	.Pa Output format for rsa and dsa keys:
		130	.Bd -literal
		131	host-or-namelist keytype base64-encoded-key
		132	.Ed
		133	.Pp
		134	Where
		135	.Pa keytype
		136	is either
		137	.Dq ssh-rsa
		138	or
		139	.Dq ssh-dsa .
90	.Pp	140	.Pp
91	.Pa /etc/ssh_known_hosts	141	.Pa /etc/ssh_known_hosts
92	.Sh BUGS	142	.Sh BUGS
93	It generates "Connection closed by remote host" messages on the consoles	143	It generates "Connection closed by remote host" messages on the consoles
94	of all the machines it scans.	144	of all the machines it scans if the server is older than version 2.9.
95	This is because it opens a connection to the ssh port, reads the public	145	This is because it opens a connection to the ssh port, reads the public
96	key, and drops the connection as soon as it gets the key.	146	key, and drops the connection as soon as it gets the key.
97	.Sh SEE ALSO	147	.Sh SEE ALSO
@@ -99,3 +149,6 @@ key, and drops the connection as soon as it gets the key.
99	.Xr sshd 8	149	.Xr sshd 8
100	.Sh AUTHORS	150	.Sh AUTHORS
101	David Mazieres <dm@lcs.mit.edu>	151	David Mazieres <dm@lcs.mit.edu>
		152	wrote the initial version, and
		153	Wayne Davison <wayned@users.sourceforge.net>
		154	added support for protocol version 2.