xref: /freebsd/crypto/openssh/ssh-keyscan.1 (revision 41466b50c1d5bfd1cf6adaae547a579a75d7c04e)
1.\"	$OpenBSD: ssh-keyscan.1,v 1.5 2001/04/18 16:21:05 ian Exp $
2.\"
3.\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
4.\"
5.\" Modification and redistribution in source and binary forms is
6.\" permitted provided that due credit is given to the author and the
7.\" OpenBSD project (for instance by leaving this copyright notice
8.\" intact).
9.\"
10.Dd January 1, 1996
11.Dt SSH-KEYSCAN 1
12.Os
13.Sh NAME
14.Nm ssh-keyscan
15.Nd gather ssh public keys
16.Sh SYNOPSIS
17.Nm ssh-keyscan
18.Op Fl t Ar timeout
19.Op Ar -- | host | addrlist namelist
20.Op Fl f Ar files ...
21.Sh DESCRIPTION
22.Nm
23is a utility for gathering the public ssh host keys of a number of
24hosts.  It was designed to aid in building and verifying
25.Pa ssh_known_hosts
26files.
27.Nm
28provides a minimal interface suitable for use by shell and perl
29scripts.
30.Pp
31.Nm
32uses non-blocking socket I/O to contact as many hosts as possible in
33parallel, so it is very efficient.  The keys from a domain of 1,000
34hosts can be collected in tens of seconds, even when some of those
35hosts are down or do not run ssh.  You do not need login access to the
36machines you are scanning, nor does the scanning process involve
37any encryption.
38.Sh SECURITY
39If you make an ssh_known_hosts file using
40.Nm
41without verifying the keys, you will be vulnerable to
42.I man in the middle
43attacks.
44On the other hand, if your security model allows such a risk,
45.Nm
46can help you detect tampered keyfiles or man in the middle attacks which
47have begun after you created your ssh_known_hosts file.
48.Sh OPTIONS
49.Bl -tag -width Ds
50.It Fl t
51Set the timeout for connection attempts.  If
52.Pa timeout
53seconds have elapsed since a connection was initiated to a host or since the
54last time anything was read from that host, then the connection is
55closed and the host in question considered unavailable.  Default is 5
56seconds.
57.It Fl f
58Read hosts or
59.Pa addrlist namelist
60pairs from this file, one per line.
61If
62.Pa -
63is supplied instead of a filename,
64.Nm
65will read hosts or
66.Pa addrlist namelist
67pairs from the standard input.
68.El
69.Sh EXAMPLES
70.Pp
71Print the host key for machine
72.Pa hostname :
73.Bd -literal
74ssh-keyscan hostname
75.Ed
76.Pp
77Find all hosts from the file
78.Pa ssh_hosts
79which have new or different keys from those in the sorted file
80.Pa ssh_known_hosts :
81.Bd -literal
82$ ssh-keyscan -f ssh_hosts | sort -u - ssh_known_hosts | \e\
83	diff ssh_known_hosts -
84.Ed
85.Pp
86.Sh FILES
87.Pp
88.Pa Input format:
891.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4
90.Pp
91.Pa Output format:
92host-or-namelist bits exponent modulus
93.Pp
94.Pa /etc/ssh_known_hosts
95.Sh BUGS
96It generates "Connection closed by remote host" messages on the consoles
97of all the machines it scans.
98This is because it opens a connection to the ssh port, reads the public
99key, and drops the connection as soon as it gets the key.
100.Sh SEE ALSO
101.Xr ssh 1 ,
102.Xr sshd 8
103.Sh AUTHOR
104David Mazieres <dm@lcs.mit.edu>
105