summaryrefslogtreecommitdiffstats
path: root/crypto/openssh/ssh-keyscan.1
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/openssh/ssh-keyscan.1')
-rw-r--r--crypto/openssh/ssh-keyscan.1168
1 files changed, 0 insertions, 168 deletions
diff --git a/crypto/openssh/ssh-keyscan.1 b/crypto/openssh/ssh-keyscan.1
deleted file mode 100644
index a3656fc..0000000
--- a/crypto/openssh/ssh-keyscan.1
+++ /dev/null
@@ -1,168 +0,0 @@
-.\" $OpenBSD: ssh-keyscan.1,v 1.22 2006/09/25 04:55:38 ray Exp $
-.\"
-.\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
-.\"
-.\" Modification and redistribution in source and binary forms is
-.\" permitted provided that due credit is given to the author and the
-.\" OpenBSD project by leaving this copyright notice intact.
-.\"
-.Dd January 1, 1996
-.Dt SSH-KEYSCAN 1
-.Os
-.Sh NAME
-.Nm ssh-keyscan
-.Nd gather ssh public keys
-.Sh SYNOPSIS
-.Nm ssh-keyscan
-.Bk -words
-.Op Fl 46Hv
-.Op Fl f Ar file
-.Op Fl p Ar port
-.Op Fl T Ar timeout
-.Op Fl t Ar type
-.Op Ar host | addrlist namelist
-.Op Ar ...
-.Ek
-.Sh DESCRIPTION
-.Nm
-is a utility for gathering the public ssh host keys of a number of
-hosts.
-It was designed to aid in building and verifying
-.Pa ssh_known_hosts
-files.
-.Nm
-provides a minimal interface suitable for use by shell and perl
-scripts.
-.Pp
-.Nm
-uses non-blocking socket I/O to contact as many hosts as possible in
-parallel, so it is very efficient.
-The keys from a domain of 1,000
-hosts can be collected in tens of seconds, even when some of those
-hosts are down or do not run ssh.
-For scanning, one does not need
-login access to the machines that are being scanned, nor does the
-scanning process involve any encryption.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl 4
-Forces
-.Nm
-to use IPv4 addresses only.
-.It Fl 6
-Forces
-.Nm
-to use IPv6 addresses only.
-.It Fl f Ar file
-Read hosts or
-.Pa addrlist namelist
-pairs from this file, one per line.
-If
-.Pa -
-is supplied instead of a filename,
-.Nm
-will read hosts or
-.Pa addrlist namelist
-pairs from the standard input.
-.It Fl H
-Hash all hostnames and addresses in the output.
-Hashed names may be used normally by
-.Nm ssh
-and
-.Nm sshd ,
-but they do not reveal identifying information should the file's contents
-be disclosed.
-.It Fl p Ar port
-Port to connect to on the remote host.
-.It Fl T Ar timeout
-Set the timeout for connection attempts.
-If
-.Pa timeout
-seconds have elapsed since a connection was initiated to a host or since the
-last time anything was read from that host, then the connection is
-closed and the host in question considered unavailable.
-Default is 5 seconds.
-.It Fl t Ar type
-Specifies the type of the key to fetch from the scanned hosts.
-The possible values are
-.Dq rsa1
-for protocol version 1 and
-.Dq rsa
-or
-.Dq dsa
-for protocol version 2.
-Multiple values may be specified by separating them with commas.
-The default is
-.Dq rsa1 .
-.It Fl v
-Verbose mode.
-Causes
-.Nm
-to print debugging messages about its progress.
-.El
-.Sh SECURITY
-If an ssh_known_hosts file is constructed using
-.Nm
-without verifying the keys, users will be vulnerable to
-.Em man in the middle
-attacks.
-On the other hand, if the security model allows such a risk,
-.Nm
-can help in the detection of tampered keyfiles or man in the middle
-attacks which have begun after the ssh_known_hosts file was created.
-.Sh FILES
-.Pa Input format:
-.Bd -literal
-1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4
-.Ed
-.Pp
-.Pa Output format for rsa1 keys:
-.Bd -literal
-host-or-namelist bits exponent modulus
-.Ed
-.Pp
-.Pa Output format for rsa and dsa keys:
-.Bd -literal
-host-or-namelist keytype base64-encoded-key
-.Ed
-.Pp
-Where
-.Pa keytype
-is either
-.Dq ssh-rsa
-or
-.Dq ssh-dss .
-.Pp
-.Pa /etc/ssh/ssh_known_hosts
-.Sh EXAMPLES
-Print the
-.Pa rsa1
-host key for machine
-.Pa hostname :
-.Bd -literal
-$ ssh-keyscan hostname
-.Ed
-.Pp
-Find all hosts from the file
-.Pa ssh_hosts
-which have new or different keys from those in the sorted file
-.Pa ssh_known_hosts :
-.Bd -literal
-$ ssh-keyscan -t rsa,dsa -f ssh_hosts | \e
- sort -u - ssh_known_hosts | diff ssh_known_hosts -
-.Ed
-.Sh SEE ALSO
-.Xr ssh 1 ,
-.Xr sshd 8
-.Sh AUTHORS
-.An -nosplit
-.An David Mazieres Aq dm@lcs.mit.edu
-wrote the initial version, and
-.An Wayne Davison Aq wayned@users.sourceforge.net
-added support for protocol version 2.
-.Sh BUGS
-It generates "Connection closed by remote host" messages on the consoles
-of all the machines it scans if the server is older than version 2.9.
-This is because it opens a connection to the ssh port, reads the public
-key, and drops the connection as soon as it gets the key.
OpenPOWER on IntegriCloud