| | 1 | .\" $OpenBSD: ssh-keyscan.1,v 1.27 2009/10/28 16:38:18 reyk Exp $ |
| | 2 | .\" |
| | 3 | .\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. |
| | 4 | .\" |
| | 5 | .\" Modification and redistribution in source and binary forms is |
| | 6 | .\" permitted provided that due credit is given to the author and the |
| | 7 | .\" OpenBSD project by leaving this copyright notice intact. |
| | 8 | .\" |
| | 9 | .Dd $Mdocdate$ |
| | 10 | .Dt SSH-KEYSCAN 1 |
| | 11 | .Os |
| | 12 | .Sh NAME |
| | 13 | .Nm ssh-keyscan |
| | 14 | .Nd gather ssh public keys |
| | 15 | .Sh SYNOPSIS |
| | 16 | .Nm ssh-keyscan |
| | 17 | .Bk -words |
| | 18 | .Op Fl 46Hv |
| | 19 | .Op Fl f Ar file |
| | 20 | .Op Fl p Ar port |
| | 21 | .Op Fl T Ar timeout |
| | 22 | .Op Fl t Ar type |
| | 23 | .Op Fl V Ar rdomain |
| | 24 | .Op Ar host | addrlist namelist |
| | 25 | .Ar ... |
| | 26 | .Ek |
| | 27 | .Sh DESCRIPTION |
| | 28 | .Nm |
| | 29 | is a utility for gathering the public ssh host keys of a number of |
| | 30 | hosts. |
| | 31 | It was designed to aid in building and verifying |
| | 32 | .Pa ssh_known_hosts |
| | 33 | files. |
| | 34 | .Nm |
| | 35 | provides a minimal interface suitable for use by shell and perl |
| | 36 | scripts. |
| | 37 | .Pp |
| | 38 | .Nm |
| | 39 | uses non-blocking socket I/O to contact as many hosts as possible in |
| | 40 | parallel, so it is very efficient. |
| | 41 | The keys from a domain of 1,000 |
| | 42 | hosts can be collected in tens of seconds, even when some of those |
| | 43 | hosts are down or do not run ssh. |
| | 44 | For scanning, one does not need |
| | 45 | login access to the machines that are being scanned, nor does the |
| | 46 | scanning process involve any encryption. |
| | 47 | .Pp |
| | 48 | The options are as follows: |
| | 49 | .Bl -tag -width Ds |
| | 50 | .It Fl 4 |
| | 51 | Forces |
| | 52 | .Nm |
| | 53 | to use IPv4 addresses only. |
| | 54 | .It Fl 6 |
| | 55 | Forces |
| | 56 | .Nm |
| | 57 | to use IPv6 addresses only. |
| | 58 | .It Fl f Ar file |
| | 59 | Read hosts or |
| | 60 | .Pa addrlist namelist |
| | 61 | pairs from this file, one per line. |
| | 62 | If |
| | 63 | .Pa - |
| | 64 | is supplied instead of a filename, |
| | 65 | .Nm |
| | 66 | will read hosts or |
| | 67 | .Pa addrlist namelist |
| | 68 | pairs from the standard input. |
| | 69 | .It Fl H |
| | 70 | Hash all hostnames and addresses in the output. |
| | 71 | Hashed names may be used normally by |
| | 72 | .Nm ssh |
| | 73 | and |
| | 74 | .Nm sshd , |
| | 75 | but they do not reveal identifying information should the file's contents |
| | 76 | be disclosed. |
| | 77 | .It Fl p Ar port |
| | 78 | Port to connect to on the remote host. |
| | 79 | .It Fl T Ar timeout |
| | 80 | Set the timeout for connection attempts. |
| | 81 | If |
| | 82 | .Pa timeout |
| | 83 | seconds have elapsed since a connection was initiated to a host or since the |
| | 84 | last time anything was read from that host, then the connection is |
| | 85 | closed and the host in question considered unavailable. |
| | 86 | Default is 5 seconds. |
| | 87 | .It Fl t Ar type |
| | 88 | Specifies the type of the key to fetch from the scanned hosts. |
| | 89 | The possible values are |
| | 90 | .Dq rsa1 |
| | 91 | for protocol version 1 and |
| | 92 | .Dq rsa |
| | 93 | or |
| | 94 | .Dq dsa |
| | 95 | for protocol version 2. |
| | 96 | Multiple values may be specified by separating them with commas. |
| | 97 | The default is |
| | 98 | .Dq rsa . |
| | 99 | .It Fl V Ar rdomain |
| | 100 | Set the routing domain. |
| | 101 | .It Fl v |
| | 102 | Verbose mode. |
| | 103 | Causes |
| | 104 | .Nm |
| | 105 | to print debugging messages about its progress. |
| | 106 | .El |
| | 107 | .Sh SECURITY |
| | 108 | If an ssh_known_hosts file is constructed using |
| | 109 | .Nm |
| | 110 | without verifying the keys, users will be vulnerable to |
| | 111 | .Em man in the middle |
| | 112 | attacks. |
| | 113 | On the other hand, if the security model allows such a risk, |
| | 114 | .Nm |
| | 115 | can help in the detection of tampered keyfiles or man in the middle |
| | 116 | attacks which have begun after the ssh_known_hosts file was created. |
| | 117 | .Sh FILES |
| | 118 | .Pa Input format: |
| | 119 | .Bd -literal |
| | 120 | 1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4 |
| | 121 | .Ed |
| | 122 | .Pp |
| | 123 | .Pa Output format for rsa1 keys: |
| | 124 | .Bd -literal |
| | 125 | host-or-namelist bits exponent modulus |
| | 126 | .Ed |
| | 127 | .Pp |
| | 128 | .Pa Output format for rsa and dsa keys: |
| | 129 | .Bd -literal |
| | 130 | host-or-namelist keytype base64-encoded-key |
| | 131 | .Ed |
| | 132 | .Pp |
| | 133 | Where |
| | 134 | .Pa keytype |
| | 135 | is either |
| | 136 | .Dq ssh-rsa |
| | 137 | or |
| | 138 | .Dq ssh-dss . |
| | 139 | .Pp |
| | 140 | .Pa /etc/ssh/ssh_known_hosts |
| | 141 | .Sh EXAMPLES |
| | 142 | Print the |
| | 143 | .Pa rsa |
| | 144 | host key for machine |
| | 145 | .Pa hostname : |
| | 146 | .Bd -literal |
| | 147 | $ ssh-keyscan hostname |
| | 148 | .Ed |
| | 149 | .Pp |
| | 150 | Find all hosts from the file |
| | 151 | .Pa ssh_hosts |
| | 152 | which have new or different keys from those in the sorted file |
| | 153 | .Pa ssh_known_hosts : |
| | 154 | .Bd -literal |
| | 155 | $ ssh-keyscan -t rsa,dsa -f ssh_hosts | \e |
| | 156 | sort -u - ssh_known_hosts | diff ssh_known_hosts - |
| | 157 | .Ed |
| | 158 | .Sh SEE ALSO |
| | 159 | .Xr ssh 1 , |
| | 160 | .Xr sshd 8 |
| | 161 | .Sh AUTHORS |
| | 162 | .An -nosplit |
| | 163 | .An David Mazieres Aq dm@lcs.mit.edu |
| | 164 | wrote the initial version, and |
| | 165 | .An Wayne Davison Aq wayned@users.sourceforge.net |
| | 166 | added support for protocol version 2. |
| | 167 | .Sh BUGS |
| | 168 | It generates "Connection closed by remote host" messages on the consoles |
| | 169 | of all the machines it scans if the server is older than version 2.9. |
| | 170 | This is because it opens a connection to the ssh port, reads the public |
| | 171 | key, and drops the connection as soon as it gets the key. |
andersk / openssh.git / blame_incremental