-.\" $OpenBSD: ssh-keyscan.1,v 1.19 2005/03/01 10:41:28 djm Exp $
+.\" $OpenBSD: ssh-keyscan.1,v 1.24 2008/04/30 10:14:03 djm Exp $
.\"
.\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
.\"
.\" permitted provided that due credit is given to the author and the
.\" OpenBSD project by leaving this copyright notice intact.
.\"
-.Dd January 1, 1996
+.Dd $Mdocdate$
.Dt SSH-KEYSCAN 1
.Os
.Sh NAME
.Sh SYNOPSIS
.Nm ssh-keyscan
.Bk -words
-.Op Fl Hv46
+.Op Fl 46Hv
+.Op Fl f Ar file
.Op Fl p Ar port
.Op Fl T Ar timeout
.Op Fl t Ar type
-.Op Fl f Ar file
.Op Ar host | addrlist namelist
.Op Ar ...
.Ek
.Pp
The options are as follows:
.Bl -tag -width Ds
+.It Fl 4
+Forces
+.Nm
+to use IPv4 addresses only.
+.It Fl 6
+Forces
+.Nm
+to use IPv6 addresses only.
+.It Fl f Ar file
+Read hosts or
+.Pa addrlist namelist
+pairs from this file, one per line.
+If
+.Pa -
+is supplied instead of a filename,
+.Nm
+will read hosts or
+.Pa addrlist namelist
+pairs from the standard input.
.It Fl H
Hash all hostnames and addresses in the output.
Hashed names may be used normally by
for protocol version 2.
Multiple values may be specified by separating them with commas.
The default is
-.Dq rsa1 .
-.It Fl f Ar filename
-Read hosts or
-.Pa addrlist namelist
-pairs from this file, one per line.
-If
-.Pa -
-is supplied instead of a filename,
-.Nm
-will read hosts or
-.Pa addrlist namelist
-pairs from the standard input.
+.Dq rsa .
.It Fl v
Verbose mode.
Causes
.Nm
to print debugging messages about its progress.
-.It Fl 4
-Forces
-.Nm
-to use IPv4 addresses only.
-.It Fl 6
-Forces
-.Nm
-to use IPv6 addresses only.
.El
.Sh SECURITY
-If a ssh_known_hosts file is constructed using
+If an ssh_known_hosts file is constructed using
.Nm
without verifying the keys, users will be vulnerable to
.Em man in the middle
.Xr ssh 1 ,
.Xr sshd 8
.Sh AUTHORS
+.An -nosplit
.An David Mazieres Aq dm@lcs.mit.edu
wrote the initial version, and
.An Wayne Davison Aq wayned@users.sourceforge.net