2018-03-05 07:03:18 +00:00
|
|
|
.\" $OpenBSD: ssh-keyscan.1,v 1.44 2018/03/05 07:03:18 jmc Exp $
|
2001-03-05 06:50:47 +00:00
|
|
|
.\"
|
|
|
|
.\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>.
|
|
|
|
.\"
|
|
|
|
.\" Modification and redistribution in source and binary forms is
|
|
|
|
.\" permitted provided that due credit is given to the author and the
|
2001-06-09 01:30:39 +00:00
|
|
|
.\" OpenBSD project by leaving this copyright notice intact.
|
2001-01-29 07:39:26 +00:00
|
|
|
.\"
|
2018-03-05 07:03:18 +00:00
|
|
|
.Dd $Mdocdate: March 5 2018 $
|
2001-03-05 06:50:47 +00:00
|
|
|
.Dt SSH-KEYSCAN 1
|
2000-12-05 01:15:09 +00:00
|
|
|
.Os
|
|
|
|
.Sh NAME
|
|
|
|
.Nm ssh-keyscan
|
2018-03-02 21:40:15 +00:00
|
|
|
.Nd gather SSH public keys
|
2000-12-05 01:15:09 +00:00
|
|
|
.Sh SYNOPSIS
|
|
|
|
.Nm ssh-keyscan
|
2018-02-23 05:14:05 +00:00
|
|
|
.Op Fl 46cDHv
|
2005-03-02 01:04:01 +00:00
|
|
|
.Op Fl f Ar file
|
2001-08-06 22:41:30 +00:00
|
|
|
.Op Fl p Ar port
|
|
|
|
.Op Fl T Ar timeout
|
|
|
|
.Op Fl t Ar type
|
|
|
|
.Op Ar host | addrlist namelist
|
2000-12-05 01:15:09 +00:00
|
|
|
.Sh DESCRIPTION
|
|
|
|
.Nm
|
2018-03-02 21:40:15 +00:00
|
|
|
is a utility for gathering the public SSH host keys of a number of
|
2003-04-01 11:42:14 +00:00
|
|
|
hosts.
|
|
|
|
It was designed to aid in building and verifying
|
2000-12-05 01:15:09 +00:00
|
|
|
.Pa ssh_known_hosts
|
2018-03-05 07:03:18 +00:00
|
|
|
files,
|
|
|
|
the format of which is documented in
|
|
|
|
.Xr sshd 8 .
|
2000-12-05 01:15:09 +00:00
|
|
|
.Nm
|
|
|
|
provides a minimal interface suitable for use by shell and perl
|
|
|
|
scripts.
|
|
|
|
.Pp
|
|
|
|
.Nm
|
|
|
|
uses non-blocking socket I/O to contact as many hosts as possible in
|
2003-04-01 11:42:14 +00:00
|
|
|
parallel, so it is very efficient.
|
|
|
|
The keys from a domain of 1,000
|
2000-12-05 01:15:09 +00:00
|
|
|
hosts can be collected in tens of seconds, even when some of those
|
2018-03-02 21:40:15 +00:00
|
|
|
hosts are down or do not run
|
|
|
|
.Xr sshd 8 .
|
2003-04-01 11:42:14 +00:00
|
|
|
For scanning, one does not need
|
2001-09-12 18:35:30 +00:00
|
|
|
login access to the machines that are being scanned, nor does the
|
|
|
|
scanning process involve any encryption.
|
2001-08-06 22:01:29 +00:00
|
|
|
.Pp
|
|
|
|
The options are as follows:
|
2000-12-05 01:15:09 +00:00
|
|
|
.Bl -tag -width Ds
|
2005-03-02 01:04:01 +00:00
|
|
|
.It Fl 4
|
2018-03-02 21:40:15 +00:00
|
|
|
Force
|
2005-03-02 01:04:01 +00:00
|
|
|
.Nm
|
|
|
|
to use IPv4 addresses only.
|
|
|
|
.It Fl 6
|
2018-03-02 21:40:15 +00:00
|
|
|
Force
|
2005-03-02 01:04:01 +00:00
|
|
|
.Nm
|
|
|
|
to use IPv6 addresses only.
|
2015-11-08 22:30:20 +00:00
|
|
|
.It Fl c
|
|
|
|
Request certificates from target hosts instead of plain keys.
|
2018-02-23 05:14:05 +00:00
|
|
|
.It Fl D
|
|
|
|
Print keys found as SSHFP DNS records.
|
|
|
|
The default is to print keys in a format usable as a
|
|
|
|
.Xr ssh 1
|
|
|
|
.Pa known_hosts
|
|
|
|
file.
|
2005-03-02 01:04:01 +00:00
|
|
|
.It Fl f Ar file
|
|
|
|
Read hosts or
|
2014-02-04 00:09:12 +00:00
|
|
|
.Dq addrlist namelist
|
|
|
|
pairs from
|
|
|
|
.Ar file ,
|
|
|
|
one per line.
|
2005-03-02 01:04:01 +00:00
|
|
|
If
|
2018-03-02 21:40:15 +00:00
|
|
|
.Sq -
|
2005-03-02 01:04:01 +00:00
|
|
|
is supplied instead of a filename,
|
|
|
|
.Nm
|
2018-03-02 21:40:15 +00:00
|
|
|
will read from the standard input.
|
2018-03-05 07:03:18 +00:00
|
|
|
Input is expected in the format:
|
|
|
|
.Bd -literal
|
|
|
|
1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4
|
|
|
|
.Ed
|
2005-03-01 10:48:03 +00:00
|
|
|
.It Fl H
|
|
|
|
Hash all hostnames and addresses in the output.
|
|
|
|
Hashed names may be used normally by
|
2018-03-02 21:40:15 +00:00
|
|
|
.Xr ssh 1
|
2005-03-01 10:48:03 +00:00
|
|
|
and
|
2018-03-02 21:40:15 +00:00
|
|
|
.Xr sshd 8 ,
|
2005-03-01 10:48:03 +00:00
|
|
|
but they do not reveal identifying information should the file's contents
|
|
|
|
be disclosed.
|
2001-08-06 22:41:30 +00:00
|
|
|
.It Fl p Ar port
|
2018-03-02 21:40:15 +00:00
|
|
|
Connect to
|
|
|
|
.Ar port
|
|
|
|
on the remote host.
|
2001-09-12 17:06:13 +00:00
|
|
|
.It Fl T Ar timeout
|
2003-04-01 11:42:14 +00:00
|
|
|
Set the timeout for connection attempts.
|
|
|
|
If
|
2014-02-04 00:09:12 +00:00
|
|
|
.Ar timeout
|
2000-12-05 01:15:09 +00:00
|
|
|
seconds have elapsed since a connection was initiated to a host or since the
|
2018-03-02 21:40:15 +00:00
|
|
|
last time anything was read from that host, the connection is
|
2003-04-01 11:42:14 +00:00
|
|
|
closed and the host in question considered unavailable.
|
2018-03-02 21:40:15 +00:00
|
|
|
The default is 5 seconds.
|
2001-08-06 22:41:30 +00:00
|
|
|
.It Fl t Ar type
|
2018-03-02 21:40:15 +00:00
|
|
|
Specify the type of the key to fetch from the scanned hosts.
|
2001-08-06 22:41:30 +00:00
|
|
|
The possible values are
|
2010-08-31 12:41:14 +00:00
|
|
|
.Dq dsa ,
|
2013-12-18 06:46:27 +00:00
|
|
|
.Dq ecdsa ,
|
|
|
|
.Dq ed25519 ,
|
2001-08-06 22:41:30 +00:00
|
|
|
or
|
2017-05-02 17:04:09 +00:00
|
|
|
.Dq rsa .
|
2001-08-06 22:41:30 +00:00
|
|
|
Multiple values may be specified by separating them with commas.
|
2012-04-22 01:24:21 +00:00
|
|
|
The default is to fetch
|
2014-04-20 03:00:51 +00:00
|
|
|
.Dq rsa ,
|
|
|
|
.Dq ecdsa ,
|
2012-04-22 01:24:21 +00:00
|
|
|
and
|
2014-04-20 03:00:51 +00:00
|
|
|
.Dq ed25519
|
2012-04-22 01:24:21 +00:00
|
|
|
keys.
|
2001-08-06 22:41:30 +00:00
|
|
|
.It Fl v
|
2018-03-02 21:40:15 +00:00
|
|
|
Verbose mode:
|
|
|
|
print debugging messages about progress.
|
2001-01-06 15:18:16 +00:00
|
|
|
.El
|
2018-03-02 21:40:15 +00:00
|
|
|
.Pp
|
2006-10-17 21:53:06 +00:00
|
|
|
If an ssh_known_hosts file is constructed using
|
2001-08-06 22:01:29 +00:00
|
|
|
.Nm
|
2001-09-12 18:35:30 +00:00
|
|
|
without verifying the keys, users will be vulnerable to
|
2004-07-17 06:13:15 +00:00
|
|
|
.Em man in the middle
|
2001-08-06 22:01:29 +00:00
|
|
|
attacks.
|
2001-09-12 18:35:30 +00:00
|
|
|
On the other hand, if the security model allows such a risk,
|
2001-08-06 22:01:29 +00:00
|
|
|
.Nm
|
2001-09-12 18:35:30 +00:00
|
|
|
can help in the detection of tampered keyfiles or man in the middle
|
|
|
|
attacks which have begun after the ssh_known_hosts file was created.
|
2000-12-05 01:15:09 +00:00
|
|
|
.Sh FILES
|
2002-02-10 07:32:28 +00:00
|
|
|
.Pa /etc/ssh/ssh_known_hosts
|
2003-06-11 12:04:39 +00:00
|
|
|
.Sh EXAMPLES
|
2018-03-02 21:40:15 +00:00
|
|
|
Print the RSA host key for machine
|
2014-02-04 00:09:12 +00:00
|
|
|
.Ar hostname :
|
2018-03-02 21:40:15 +00:00
|
|
|
.Pp
|
|
|
|
.Dl $ ssh-keyscan -t rsa hostname
|
2003-06-11 12:04:39 +00:00
|
|
|
.Pp
|
|
|
|
Find all hosts from the file
|
|
|
|
.Pa ssh_hosts
|
|
|
|
which have new or different keys from those in the sorted file
|
|
|
|
.Pa ssh_known_hosts :
|
2018-03-02 21:40:15 +00:00
|
|
|
.Bd -literal -offset indent
|
2014-04-20 03:00:51 +00:00
|
|
|
$ ssh-keyscan -t rsa,dsa,ecdsa,ed25519 -f ssh_hosts | \e
|
2003-06-11 12:04:39 +00:00
|
|
|
sort -u - ssh_known_hosts | diff ssh_known_hosts -
|
|
|
|
.Ed
|
2000-12-05 01:15:09 +00:00
|
|
|
.Sh SEE ALSO
|
2001-03-05 06:50:47 +00:00
|
|
|
.Xr ssh 1 ,
|
2000-12-05 01:15:09 +00:00
|
|
|
.Xr sshd 8
|
2018-02-23 07:38:09 +00:00
|
|
|
.Rs
|
2018-02-23 05:14:05 +00:00
|
|
|
.%D 2006
|
2018-02-23 07:38:09 +00:00
|
|
|
.%R RFC 4255
|
|
|
|
.%T Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints
|
2018-02-23 05:14:05 +00:00
|
|
|
.Re
|
2001-06-25 04:10:54 +00:00
|
|
|
.Sh AUTHORS
|
2005-10-03 08:20:28 +00:00
|
|
|
.An -nosplit
|
2013-07-18 06:14:13 +00:00
|
|
|
.An David Mazieres Aq Mt dm@lcs.mit.edu
|
2001-08-06 22:41:30 +00:00
|
|
|
wrote the initial version, and
|
2013-07-18 06:14:13 +00:00
|
|
|
.An Wayne Davison Aq Mt wayned@users.sourceforge.net
|
2001-08-06 22:41:30 +00:00
|
|
|
added support for protocol version 2.
|