diff options
| author | SkyperTHC | 2026-03-03 06:28:55 +0000 |
|---|---|---|
| committer | SkyperTHC | 2026-03-03 06:28:55 +0000 |
| commit | 5d3573ef7a109ee70416fe94db098fe6a769a798 (patch) | |
| tree | dc2d5b294c9db8ab2db7433511f94e1c4bb8b698 /other/ssharp/ssh-keyscan.0 | |
| parent | c6c59dc73cc4586357f93ab38ecf459e98675cc5 (diff) | |
packetstorm sync
Diffstat (limited to 'other/ssharp/ssh-keyscan.0')
| -rw-r--r-- | other/ssharp/ssh-keyscan.0 | 72 |
1 files changed, 72 insertions, 0 deletions
diff --git a/other/ssharp/ssh-keyscan.0 b/other/ssharp/ssh-keyscan.0 new file mode 100644 index 0000000..b972eed --- /dev/null +++ b/other/ssharp/ssh-keyscan.0 | |||
| @@ -0,0 +1,72 @@ | |||
| 1 | |||
| 2 | SSH-KEYSCAN(1) System Reference Manual SSH-KEYSCAN(1) | ||
| 3 | |||
| 4 | NAME | ||
| 5 | ssh-keyscan - gather ssh public keys | ||
| 6 | |||
| 7 | SYNOPSIS | ||
| 8 | ssh-keyscan [-t timeout] [-- | host | addrlist namelist] [-f files ...] | ||
| 9 | |||
| 10 | DESCRIPTION | ||
| 11 | ssh-keyscan is a utility for gathering the public ssh host keys of a numM-- | ||
| 12 | ber of hosts. It was designed to aid in building and verifying | ||
| 13 | ssh_known_hosts files. ssh-keyscan provides a minimal interface suitable | ||
| 14 | for use by shell and perl scripts. | ||
| 15 | |||
| 16 | ssh-keyscan uses non-blocking socket I/O to contact as many hosts as posM-- | ||
| 17 | sible in parallel, so it is very efficient. The keys from a domain of | ||
| 18 | 1,000 hosts can be collected in tens of seconds, even when some of those | ||
| 19 | hosts are down or do not run ssh. You do not need login access to the | ||
| 20 | machines you are scanning, nor does the scanning process involve any enM-- | ||
| 21 | cryption. | ||
| 22 | |||
| 23 | SECURITY | ||
| 24 | If you make an ssh_known_hosts file using ssh-keyscan without verifying | ||
| 25 | the keys, you will be vulnerable to attacks. On the other hand, if your | ||
| 26 | security model allows such a risk, ssh-keyscan can help you detect tamM-- | ||
| 27 | pered keyfiles or man in the middle attacks which have begun after you | ||
| 28 | created your ssh_known_hosts file. | ||
| 29 | |||
| 30 | OPTIONS | ||
| 31 | -t Set the timeout for connection attempts. If timeout seconds have | ||
| 32 | elapsed since a connection was initiated to a host or since the | ||
| 33 | last time anything was read from that host, then the connection | ||
| 34 | is closed and the host in question considered unavailable. DeM-- | ||
| 35 | fault is 5 seconds. | ||
| 36 | |||
| 37 | -f Read hosts or addrlist namelist pairs from this file, one per | ||
| 38 | line. If - is supplied instead of a filename, ssh-keyscan will | ||
| 39 | read hosts or addrlist namelist pairs from the standard input. | ||
| 40 | |||
| 41 | EXAMPLES | ||
| 42 | Print the host key for machine hostname: | ||
| 43 | |||
| 44 | ssh-keyscan hostname | ||
| 45 | |||
| 46 | Find all hosts from the file ssh_hosts which have new or different keys | ||
| 47 | from those in the sorted file ssh_known_hosts: | ||
| 48 | |||
| 49 | $ ssh-keyscan -f ssh_hosts | sort -u - ssh_known_hosts | \ | ||
| 50 | diff ssh_known_hosts - | ||
| 51 | |||
| 52 | FILES | ||
| 53 | Input format: 1.2.3.4,1.2.4.4 name.my.domain,name,n.my.doM-- | ||
| 54 | main,n,1.2.3.4,1.2.4.4 | ||
| 55 | |||
| 56 | Output format: host-or-namelist bits exponent modulus | ||
| 57 | |||
| 58 | /etc/ssh_known_hosts | ||
| 59 | |||
| 60 | BUGS | ||
| 61 | It generates "Connection closed by remote host" messages on the consoles | ||
| 62 | of all the machines it scans. This is because it opens a connection to | ||
| 63 | the ssh port, reads the public key, and drops the connection as soon as | ||
| 64 | it gets the key. | ||
| 65 | |||
| 66 | SEE ALSO | ||
| 67 | ssh(1), sshd(8) | ||
| 68 | |||
| 69 | AUTHOR | ||
| 70 | David Mazieres <dm@lcs.mit.edu> | ||
| 71 | |||
| 72 | BSD Experimental January 1, 1996 2 | ||