-SSH-KEYSCAN(1) OpenBSD Reference Manual SSH-KEYSCAN(1)
+SSH-KEYSCAN(1) BSD General Commands Manual SSH-KEYSCAN(1)
NAME
ssh-keyscan - gather ssh public keys
Set the timeout for connection attempts. If timeout seconds have
elapsed since a connection was initiated to a host or since the
last time anything was read from that host, then the connection
- is closed and the host in question considered unavailable. De-
- fault is 5 seconds.
+ is closed and the host in question considered unavailable.
+ Default is 5 seconds.
-t type
Specifies the type of the key to fetch from the scanned hosts.
If a ssh_known_hosts file is constructed using ssh-keyscan without veri-
fying the keys, users will be vulnerable to man in the middle attacks.
On the other hand, if the security model allows such a risk, ssh-keyscan
- can help in the detection of tampered keyfiles or man in the middle at-
- tacks which have begun after the ssh_known_hosts file was created.
+ can help in the detection of tampered keyfiles or man in the middle
+ attacks which have begun after the ssh_known_hosts file was created.
FILES
Input format:
This is because it opens a connection to the ssh port, reads the public
key, and drops the connection as soon as it gets the key.
-OpenBSD 4.0 January 1, 1996 2
+BSD January 1, 1996 BSD