-.\" $OpenBSD: ssh-keyscan.1,v 1.17 2003/06/10 09:12:11 jmc Exp $
+.\" $OpenBSD: ssh-keyscan.1,v 1.23 2007/05/31 19:20:16 jmc Exp $
.\"
.\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
.\"
.\" permitted provided that due credit is given to the author and the
.\" OpenBSD project by leaving this copyright notice intact.
.\"
-.Dd January 1, 1996
+.Dd $Mdocdate$
.Dt SSH-KEYSCAN 1
.Os
.Sh NAME
.Sh SYNOPSIS
.Nm ssh-keyscan
.Bk -words
-.Op Fl v46
+.Op Fl 46Hv
+.Op Fl f Ar file
.Op Fl p Ar port
.Op Fl T Ar timeout
.Op Fl t Ar type
-.Op Fl f Ar file
.Op Ar host | addrlist namelist
.Op Ar ...
.Ek
.Pp
The options are as follows:
.Bl -tag -width Ds
+.It Fl 4
+Forces
+.Nm
+to use IPv4 addresses only.
+.It Fl 6
+Forces
+.Nm
+to use IPv6 addresses only.
+.It Fl f Ar file
+Read hosts or
+.Pa addrlist namelist
+pairs from this file, one per line.
+If
+.Pa -
+is supplied instead of a filename,
+.Nm
+will read hosts or
+.Pa addrlist namelist
+pairs from the standard input.
+.It Fl H
+Hash all hostnames and addresses in the output.
+Hashed names may be used normally by
+.Nm ssh
+and
+.Nm sshd ,
+but they do not reveal identifying information should the file's contents
+be disclosed.
.It Fl p Ar port
Port to connect to on the remote host.
.It Fl T Ar timeout
Multiple values may be specified by separating them with commas.
The default is
.Dq rsa1 .
-.It Fl f Ar filename
-Read hosts or
-.Pa addrlist namelist
-pairs from this file, one per line.
-If
-.Pa -
-is supplied instead of a filename,
-.Nm
-will read hosts or
-.Pa addrlist namelist
-pairs from the standard input.
.It Fl v
Verbose mode.
Causes
.Nm
to print debugging messages about its progress.
-.It Fl 4
-Forces
-.Nm
-to use IPv4 addresses only.
-.It Fl 6
-Forces
-.Nm
-to use IPv6 addresses only.
.El
.Sh SECURITY
-If a ssh_known_hosts file is constructed using
+If an ssh_known_hosts file is constructed using
.Nm
without verifying the keys, users will be vulnerable to
-.I man in the middle
+.Em man in the middle
attacks.
On the other hand, if the security model allows such a risk,
.Nm
.Xr ssh 1 ,
.Xr sshd 8
.Sh AUTHORS
+.An -nosplit
.An David Mazieres Aq dm@lcs.mit.edu
wrote the initial version, and
.An Wayne Davison Aq wayned@users.sourceforge.net