X-Git-Url: http://andersk.mit.edu/gitweb/gssapi-openssh.git/blobdiff_plain/0fff78ff85eabb96f2600c7996ab2a6ffd21e706..76d45d2f37f58d1a9703830d75ce8b56feae38c6:/openssh/ssh-keyscan.1 diff --git a/openssh/ssh-keyscan.1 b/openssh/ssh-keyscan.1 index 572751f..4a58645 100644 --- a/openssh/ssh-keyscan.1 +++ b/openssh/ssh-keyscan.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keyscan.1,v 1.17 2003/06/10 09:12:11 jmc Exp $ +.\" $OpenBSD: ssh-keyscan.1,v 1.26 2008/12/29 01:12:36 stevesk Exp $ .\" .\" Copyright 1995, 1996 by David Mazieres . .\" @@ -6,7 +6,7 @@ .\" permitted provided that due credit is given to the author and the .\" OpenBSD project by leaving this copyright notice intact. .\" -.Dd January 1, 1996 +.Dd $Mdocdate: December 29 2008 $ .Dt SSH-KEYSCAN 1 .Os .Sh NAME @@ -15,13 +15,13 @@ .Sh SYNOPSIS .Nm ssh-keyscan .Bk -words -.Op Fl v46 +.Op Fl 46Hv +.Op Fl f Ar file .Op Fl p Ar port .Op Fl T Ar timeout .Op Fl t Ar type -.Op Fl f Ar file .Op Ar host | addrlist namelist -.Op Ar ... +.Ar ... .Ek .Sh DESCRIPTION .Nm @@ -46,6 +46,33 @@ scanning process involve any encryption. .Pp The options are as follows: .Bl -tag -width Ds +.It Fl 4 +Forces +.Nm +to use IPv4 addresses only. +.It Fl 6 +Forces +.Nm +to use IPv6 addresses only. +.It Fl f Ar file +Read hosts or +.Pa addrlist namelist +pairs from this file, one per line. +If +.Pa - +is supplied instead of a filename, +.Nm +will read hosts or +.Pa addrlist namelist +pairs from the standard input. +.It Fl H +Hash all hostnames and addresses in the output. +Hashed names may be used normally by +.Nm ssh +and +.Nm sshd , +but they do not reveal identifying information should the file's contents +be disclosed. .It Fl p Ar port Port to connect to on the remote host. .It Fl T Ar timeout @@ -67,37 +94,18 @@ or for protocol version 2. Multiple values may be specified by separating them with commas. The default is -.Dq rsa1 . -.It Fl f Ar filename -Read hosts or -.Pa addrlist namelist -pairs from this file, one per line. -If -.Pa - -is supplied instead of a filename, -.Nm -will read hosts or -.Pa addrlist namelist -pairs from the standard input. +.Dq rsa . .It Fl v Verbose mode. Causes .Nm to print debugging messages about its progress. -.It Fl 4 -Forces -.Nm -to use IPv4 addresses only. -.It Fl 6 -Forces -.Nm -to use IPv6 addresses only. .El .Sh SECURITY -If a ssh_known_hosts file is constructed using +If an ssh_known_hosts file is constructed using .Nm without verifying the keys, users will be vulnerable to -.I man in the middle +.Em man in the middle attacks. On the other hand, if the security model allows such a risk, .Nm @@ -129,7 +137,7 @@ or .Pa /etc/ssh/ssh_known_hosts .Sh EXAMPLES Print the -.Pa rsa1 +.Pa rsa host key for machine .Pa hostname : .Bd -literal @@ -148,6 +156,7 @@ $ ssh-keyscan -t rsa,dsa -f ssh_hosts | \e .Xr ssh 1 , .Xr sshd 8 .Sh AUTHORS +.An -nosplit .An David Mazieres Aq dm@lcs.mit.edu wrote the initial version, and .An Wayne Davison Aq wayned@users.sourceforge.net