- (dtucker) [sshd.c] Use privsep_pw if we have it, but only require it

[openssh.git] / ssh-keyscan.1

diff --git a/ssh-keyscan.1 b/ssh-keyscan.1
index 572751f66a35211cb6faef4511f687d609d10a9a..a3656fc779ff362c16bc2b728e5cd4fe67dcab71 100644 (file)
--- a/ssh-keyscan.1
+++ b/ssh-keyscan.1
@@ -1,4 +1,4 @@
-.\"    $OpenBSD: ssh-keyscan.1,v 1.17 2003/06/10 09:12:11 jmc Exp $
+.\"    $OpenBSD: ssh-keyscan.1,v 1.22 2006/09/25 04:55:38 ray Exp $
 .\"
 .\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
 .\"
@@ -15,11 +15,11 @@
 .Sh SYNOPSIS
 .Nm ssh-keyscan
 .Bk -words
-.Op Fl v46
+.Op Fl 46Hv
+.Op Fl f Ar file
 .Op Fl p Ar port
 .Op Fl T Ar timeout
 .Op Fl t Ar type
-.Op Fl f Ar file
 .Op Ar host | addrlist namelist
 .Op Ar ...
 .Ek
@@ -46,6 +46,33 @@ scanning process involve any encryption.
 .Pp
 The options are as follows:
 .Bl -tag -width Ds
+.It Fl 4
+Forces
+.Nm
+to use IPv4 addresses only.
+.It Fl 6
+Forces
+.Nm
+to use IPv6 addresses only.
+.It Fl f Ar file
+Read hosts or
+.Pa addrlist namelist
+pairs from this file, one per line.
+If
+.Pa -
+is supplied instead of a filename,
+.Nm
+will read hosts or
+.Pa addrlist namelist
+pairs from the standard input.
+.It Fl H
+Hash all hostnames and addresses in the output.
+Hashed names may be used normally by
+.Nm ssh
+and
+.Nm sshd ,
+but they do not reveal identifying information should the file's contents
+be disclosed.
 .It Fl p Ar port
 Port to connect to on the remote host.
 .It Fl T Ar timeout
@@ -68,36 +95,17 @@ for protocol version 2.
 Multiple values may be specified by separating them with commas.
 The default is
 .Dq rsa1 .
-.It Fl f Ar filename
-Read hosts or
-.Pa addrlist namelist
-pairs from this file, one per line.
-If
-.Pa -
-is supplied instead of a filename,
-.Nm
-will read hosts or
-.Pa addrlist namelist
-pairs from the standard input.
 .It Fl v
 Verbose mode.
 Causes
 .Nm
 to print debugging messages about its progress.
-.It Fl 4
-Forces
-.Nm
-to use IPv4 addresses only.
-.It Fl 6
-Forces
-.Nm
-to use IPv6 addresses only.
 .El
 .Sh SECURITY
-If a ssh_known_hosts file is constructed using
+If an ssh_known_hosts file is constructed using
 .Nm
 without verifying the keys, users will be vulnerable to
-.I man in the middle
+.Em man in the middle
 attacks.
 On the other hand, if the security model allows such a risk,
 .Nm
@@ -148,6 +156,7 @@ $ ssh-keyscan -t rsa,dsa -f ssh_hosts | \e
 .Xr ssh 1 ,
 .Xr sshd 8
 .Sh AUTHORS
+.An -nosplit
 .An David Mazieres Aq dm@lcs.mit.edu
 wrote the initial version, and
 .An Wayne Davison Aq wayned@users.sourceforge.net