ssh-keyscan man page on AIX

Man page or keyword search:  
man Server   4752 pages
apropos Keyword Search (all sections)
Output format
AIX logo
[printable version]

SSH-KEYSCAN(1)							SSH-KEYSCAN(1)

NAME
       ssh-keyscan - gather ssh public keys

SYNOPSIS
       ssh-keyscan  [-46Hv] [-f file] [-p port] [-T timeout] [-t type] [host |
       addrlist namelist] ...

DESCRIPTION
       ssh-keyscan is a utility for gathering the public ssh host  keys	 of  a
       number  of  hosts.   It	was  designed to aid in building and verifying
       ssh_known_hosts files.  ssh-keyscan provides a minimal interface	 suit‐
       able for use by shell and perl scripts.

       ssh-keyscan  uses  non-blocking	socket I/O to contact as many hosts as
       possible in parallel, so it is very efficient.  The keys from a	domain
       of  1,000  hosts can be collected in tens of seconds, even when some of
       those hosts are down or do not run ssh.	For  scanning,	one  does  not
       need  login access to the machines that are being scanned, nor does the
       scanning process involve any encryption.

       The options are as follows:

       -4     Forces ssh-keyscan to use IPv4 addresses only.

       -6     Forces ssh-keyscan to use IPv6 addresses only.

       -f file
	      Read hosts or addrlist namelist pairs from this  file,  one  per
	      line.   If - is supplied instead of a filename, ssh-keyscan will
	      read hosts or addrlist namelist pairs from the standard input.

       -H     Hash all hostnames and addresses in the  output.	 Hashed	 names
	      may  be  used  normally  by ssh and sshd, but they do not reveal
	      identifying information should the file's contents be disclosed.

       -p port
	      Port to connect to on the remote host.

       -T timeout
	      Set the timeout for connection  attempts.	  If  timeout  seconds
	      have elapsed since a connection was initiated to a host or since
	      the last time anything was read from that host, then the connec‐
	      tion  is closed and the host in question considered unavailable.
	      Default is 5 seconds.

       -t type
	      Specifies the type of the key to fetch from the  scanned	hosts.
	      The  possible  values  are  ``rsa1''  for protocol version 1 and
	      ``dsa'', ``ecdsa'' or ``rsa'' for protocol version 2.   Multiple
	      values  may  be  specified  by separating them with commas.  The
	      default is ``rsa''.

       -v     Verbose mode.  Causes ssh-keyscan to  print  debugging  messages
	      about its progress.

SECURITY
       If  an  ssh_known_hosts	file  is constructed using ssh-keyscan without
       verifying the keys, users will be vulnerable to maninthemiddle attacks.
       On  the	other  hand,  if  the  security model allows such a risk, ssh-
       keyscan can help in the detection of tampered keyfiles or  man  in  the
       middle attacks which have begun after the ssh_known_hosts file was cre‐
       ated.

FILES
       Input format:

       1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4

       Output format for rsa1 keys:

       host-or-namelist bits exponent modulus

       Output format for rsa, dsa and ecdsa keys:

       host-or-namelist keytype base64-encoded-key

       Where   keytype	  is	either	  ``ecdsa-sha2-nistp256'',    ``ecdsa-
       sha2-nistp384'', ``ecdsa-sha2-nistp521'', ``ssh-dss'' or ``ssh-rsa''.

       /etc/ssh/ssh_known_hosts

EXAMPLES
       Print the rsa host key for machine hostname:

       $ ssh-keyscan hostname

       Find all hosts from the file ssh_hosts which have new or different keys
       from those in the sorted file ssh_known_hosts:

       $ ssh-keyscan -t rsa,dsa,ecdsa -f ssh_hosts | \
	    sort -u - ssh_known_hosts | diff ssh_known_hosts -

SEE ALSO
       ssh(1), sshd(8)

AUTHORS
       -nosplit

       David Mazieres <dm@lcs.mit.edu> wrote the initial version, and

       Wayne Davison <wayned@users.sourceforge.net> added support for protocol
       version 2.

BUGS
       It  generates  "Connection  closed by remote host" messages on the con‐
       soles of all the machines it scans if the server is older than  version
       2.9.   This is because it opens a connection to the ssh port, reads the
       public key, and drops the connection as soon as it gets the key.

				August 31 2010			SSH-KEYSCAN(1)
[top]
                             _         _         _ 
                            | |       | |       | |     
                            | |       | |       | |     
                         __ | | __ __ | | __ __ | | __  
                         \ \| |/ / \ \| |/ / \ \| |/ /  
                          \ \ / /   \ \ / /   \ \ / /   
                           \   /     \   /     \   /    
                            \_/       \_/       \_/ 
More information is available in HTML format for server AIX

List of man pages available for AIX

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net