- djm@cvs.openbsd.org 2010/01/30 02:54:53

[openssh.git] / ssh-keyscan.1

diff --git a/ssh-keyscan.1 b/ssh-keyscan.1
index 572751f66a35211cb6faef4511f687d609d10a9a..01f3184621c235be08303a8701c014c95e0bd75f 100644 (file)
--- a/ssh-keyscan.1
+++ b/ssh-keyscan.1
@@ -1,4 +1,4 @@
-.\"    $OpenBSD: ssh-keyscan.1,v 1.17 2003/06/10 09:12:11 jmc Exp $
+.\"    $OpenBSD: ssh-keyscan.1,v 1.28 2010/01/09 23:04:13 dtucker Exp $
 .\"
 .\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
 .\"
@@ -6,7 +6,7 @@
 .\" permitted provided that due credit is given to the author and the
 .\" OpenBSD project by leaving this copyright notice intact.
 .\"
-.Dd January 1, 1996
+.Dd $Mdocdate$
 .Dt SSH-KEYSCAN 1
 .Os
 .Sh NAME
@@ -15,13 +15,13 @@
 .Sh SYNOPSIS
 .Nm ssh-keyscan
 .Bk -words
-.Op Fl v46
+.Op Fl 46Hv
+.Op Fl f Ar file
 .Op Fl p Ar port
 .Op Fl T Ar timeout
 .Op Fl t Ar type
-.Op Fl f Ar file
 .Op Ar host | addrlist namelist
-.Op Ar ...
+.Ar ...
 .Ek
 .Sh DESCRIPTION
 .Nm
@@ -46,6 +46,33 @@ scanning process involve any encryption.
 .Pp
 The options are as follows:
 .Bl -tag -width Ds
+.It Fl 4
+Forces
+.Nm
+to use IPv4 addresses only.
+.It Fl 6
+Forces
+.Nm
+to use IPv6 addresses only.
+.It Fl f Ar file
+Read hosts or
+.Pa addrlist namelist
+pairs from this file, one per line.
+If
+.Pa -
+is supplied instead of a filename,
+.Nm
+will read hosts or
+.Pa addrlist namelist
+pairs from the standard input.
+.It Fl H
+Hash all hostnames and addresses in the output.
+Hashed names may be used normally by
+.Nm ssh
+and
+.Nm sshd ,
+but they do not reveal identifying information should the file's contents
+be disclosed.
 .It Fl p Ar port
 Port to connect to on the remote host.
 .It Fl T Ar timeout
@@ -67,37 +94,18 @@ or
 for protocol version 2.
 Multiple values may be specified by separating them with commas.
 The default is
-.Dq rsa1 .
-.It Fl f Ar filename
-Read hosts or
-.Pa addrlist namelist
-pairs from this file, one per line.
-If
-.Pa -
-is supplied instead of a filename,
-.Nm
-will read hosts or
-.Pa addrlist namelist
-pairs from the standard input.
+.Dq rsa .
 .It Fl v
 Verbose mode.
 Causes
 .Nm
 to print debugging messages about its progress.
-.It Fl 4
-Forces
-.Nm
-to use IPv4 addresses only.
-.It Fl 6
-Forces
-.Nm
-to use IPv6 addresses only.
 .El
 .Sh SECURITY
-If a ssh_known_hosts file is constructed using
+If an ssh_known_hosts file is constructed using
 .Nm
 without verifying the keys, users will be vulnerable to
-.I man in the middle
+.Em man in the middle
 attacks.
 On the other hand, if the security model allows such a risk,
 .Nm
@@ -129,7 +137,7 @@ or
 .Pa /etc/ssh/ssh_known_hosts
 .Sh EXAMPLES
 Print the
-.Pa rsa1
+.Pa rsa
 host key for machine
 .Pa hostname :
 .Bd -literal
@@ -148,6 +156,7 @@ $ ssh-keyscan -t rsa,dsa -f ssh_hosts | \e
 .Xr ssh 1 ,
 .Xr sshd 8
 .Sh AUTHORS
+.An -nosplit
 .An David Mazieres Aq dm@lcs.mit.edu
 wrote the initial version, and
 .An Wayne Davison Aq wayned@users.sourceforge.net