freebsd-dev/crypto/openssh/ssh-keyscan.1

159 lines
3.8 KiB
Groff
Raw Normal View History

2018-05-06 12:27:04 +00:00
.\" $OpenBSD: ssh-keyscan.1,v 1.44 2018/03/05 07:03:18 jmc Exp $
.\"
.\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
.\"
.\" Modification and redistribution in source and binary forms is
.\" permitted provided that due credit is given to the author and the
2002-03-18 09:55:03 +00:00
.\" OpenBSD project by leaving this copyright notice intact.
.\"
2018-05-06 12:27:04 +00:00
.Dd $Mdocdate: March 5 2018 $
.Dt SSH-KEYSCAN 1
.Os
.Sh NAME
.Nm ssh-keyscan
2018-05-06 12:27:04 +00:00
.Nd gather SSH public keys
.Sh SYNOPSIS
.Nm ssh-keyscan
2018-05-06 12:27:04 +00:00
.Op Fl 46cDHv
2005-06-05 15:40:50 +00:00
.Op Fl f Ar file
2002-03-18 09:55:03 +00:00
.Op Fl p Ar port
.Op Fl T Ar timeout
.Op Fl t Ar type
.Op Ar host | addrlist namelist
.Sh DESCRIPTION
.Nm
2018-05-06 12:27:04 +00:00
is a utility for gathering the public SSH host keys of a number of
hosts.
It was designed to aid in building and verifying
.Pa ssh_known_hosts
2018-05-06 12:27:04 +00:00
files,
the format of which is documented in
.Xr sshd 8 .
.Nm
provides a minimal interface suitable for use by shell and perl
scripts.
.Pp
.Nm
uses non-blocking socket I/O to contact as many hosts as possible in
parallel, so it is very efficient.
The keys from a domain of 1,000
hosts can be collected in tens of seconds, even when some of those
2018-05-06 12:27:04 +00:00
hosts are down or do not run
.Xr sshd 8 .
For scanning, one does not need
2002-03-18 09:55:03 +00:00
login access to the machines that are being scanned, nor does the
scanning process involve any encryption.
.Pp
The options are as follows:
.Bl -tag -width Ds
2005-06-05 15:40:50 +00:00
.It Fl 4
2018-05-06 12:27:04 +00:00
Force
2005-06-05 15:40:50 +00:00
.Nm
to use IPv4 addresses only.
.It Fl 6
2018-05-06 12:27:04 +00:00
Force
2005-06-05 15:40:50 +00:00
.Nm
to use IPv6 addresses only.
2016-03-10 20:10:25 +00:00
.It Fl c
Request certificates from target hosts instead of plain keys.
2018-05-06 12:27:04 +00:00
.It Fl D
Print keys found as SSHFP DNS records.
The default is to print keys in a format usable as a
.Xr ssh 1
.Pa known_hosts
file.
2005-06-05 15:40:50 +00:00
.It Fl f Ar file
Read hosts or
2014-03-22 15:23:38 +00:00
.Dq addrlist namelist
pairs from
.Ar file ,
one per line.
2005-06-05 15:40:50 +00:00
If
2018-05-06 12:27:04 +00:00
.Sq -
2005-06-05 15:40:50 +00:00
is supplied instead of a filename,
.Nm
2018-05-06 12:27:04 +00:00
will read from the standard input.
Input is expected in the format:
.Bd -literal
1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4
.Ed
2005-06-05 15:40:50 +00:00
.It Fl H
Hash all hostnames and addresses in the output.
Hashed names may be used normally by
2018-05-06 12:27:04 +00:00
.Xr ssh 1
2005-06-05 15:40:50 +00:00
and
2018-05-06 12:27:04 +00:00
.Xr sshd 8 ,
2005-06-05 15:40:50 +00:00
but they do not reveal identifying information should the file's contents
be disclosed.
2002-03-18 09:55:03 +00:00
.It Fl p Ar port
2018-05-06 12:27:04 +00:00
Connect to
.Ar port
on the remote host.
2002-03-18 09:55:03 +00:00
.It Fl T Ar timeout
Set the timeout for connection attempts.
If
2014-03-22 15:23:38 +00:00
.Ar timeout
seconds have elapsed since a connection was initiated to a host or since the
2018-05-06 12:27:04 +00:00
last time anything was read from that host, the connection is
closed and the host in question considered unavailable.
2018-05-06 12:27:04 +00:00
The default is 5 seconds.
2002-03-18 09:55:03 +00:00
.It Fl t Ar type
2018-05-06 12:27:04 +00:00
Specify the type of the key to fetch from the scanned hosts.
2002-03-18 09:55:03 +00:00
The possible values are
2011-02-17 11:47:40 +00:00
.Dq dsa ,
2014-01-30 10:56:49 +00:00
.Dq ecdsa ,
.Dq ed25519 ,
2002-03-18 09:55:03 +00:00
or
2018-05-06 12:24:45 +00:00
.Dq rsa .
2002-03-18 09:55:03 +00:00
Multiple values may be specified by separating them with commas.
2012-08-29 15:55:54 +00:00
The default is to fetch
2015-01-05 16:09:55 +00:00
.Dq rsa ,
.Dq ecdsa ,
2012-08-29 15:55:54 +00:00
and
2015-01-05 16:09:55 +00:00
.Dq ed25519
2012-08-29 15:55:54 +00:00
keys.
2002-03-18 09:55:03 +00:00
.It Fl v
2018-05-06 12:27:04 +00:00
Verbose mode:
print debugging messages about progress.
.El
2018-05-06 12:27:04 +00:00
.Pp
2006-11-10 16:39:21 +00:00
If an ssh_known_hosts file is constructed using
2002-03-18 09:55:03 +00:00
.Nm
without verifying the keys, users will be vulnerable to
2004-10-28 16:03:53 +00:00
.Em man in the middle
2002-03-18 09:55:03 +00:00
attacks.
On the other hand, if the security model allows such a risk,
.Nm
can help in the detection of tampered keyfiles or man in the middle
attacks which have begun after the ssh_known_hosts file was created.
.Sh FILES
2002-03-18 09:55:03 +00:00
.Pa /etc/ssh/ssh_known_hosts
2004-01-07 11:10:17 +00:00
.Sh EXAMPLES
2018-05-06 12:27:04 +00:00
Print the RSA host key for machine
2014-03-22 15:23:38 +00:00
.Ar hostname :
2018-05-06 12:27:04 +00:00
.Pp
.Dl $ ssh-keyscan -t rsa hostname
2004-01-07 11:10:17 +00:00
.Pp
Find all hosts from the file
.Pa ssh_hosts
which have new or different keys from those in the sorted file
.Pa ssh_known_hosts :
2018-05-06 12:27:04 +00:00
.Bd -literal -offset indent
2015-01-05 16:09:55 +00:00
$ ssh-keyscan -t rsa,dsa,ecdsa,ed25519 -f ssh_hosts | \e
2004-01-07 11:10:17 +00:00
sort -u - ssh_known_hosts | diff ssh_known_hosts -
.Ed
.Sh SEE ALSO
.Xr ssh 1 ,
.Xr sshd 8
2018-05-06 12:27:04 +00:00
.Rs
.%D 2006
.%R RFC 4255
.%T Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints
.Re
2002-03-18 09:55:03 +00:00
.Sh AUTHORS
2006-03-22 19:46:12 +00:00
.An -nosplit
2013-09-18 17:27:38 +00:00
.An David Mazieres Aq Mt dm@lcs.mit.edu
2002-03-18 09:55:03 +00:00
wrote the initial version, and
2013-09-18 17:27:38 +00:00
.An Wayne Davison Aq Mt wayned@users.sourceforge.net
2002-03-18 09:55:03 +00:00
added support for protocol version 2.