Put ssh back into the repository
Change-Id: I23324372188fa6ed3f93a32b84365f5df6367590
diff --git a/ssh-keyscan.0 b/ssh-keyscan.0
new file mode 100644
index 0000000..d9db0d4
--- /dev/null
+++ b/ssh-keyscan.0
@@ -0,0 +1,109 @@
+SSH-KEYSCAN(1) OpenBSD Reference Manual SSH-KEYSCAN(1)
+
+NAME
+ ssh-keyscan - gather ssh public keys
+
+SYNOPSIS
+ ssh-keyscan [-46Hv] [-f file] [-p port] [-T timeout] [-t type]
+ [host | addrlist namelist] ...
+
+DESCRIPTION
+ ssh-keyscan is a utility for gathering the public ssh host keys of a
+ number of hosts. It was designed to aid in building and verifying
+ ssh_known_hosts files. ssh-keyscan provides a minimal interface suitable
+ for use by shell and perl scripts.
+
+ ssh-keyscan uses non-blocking socket I/O to contact as many hosts as
+ possible in parallel, so it is very efficient. The keys from a domain of
+ 1,000 hosts can be collected in tens of seconds, even when some of those
+ hosts are down or do not run ssh. For scanning, one does not need login
+ access to the machines that are being scanned, nor does the scanning
+ process involve any encryption.
+
+ The options are as follows:
+
+ -4 Forces ssh-keyscan to use IPv4 addresses only.
+
+ -6 Forces ssh-keyscan to use IPv6 addresses only.
+
+ -f file
+ Read hosts or addrlist namelist pairs from this file, one per
+ line. If - is supplied instead of a filename, ssh-keyscan will
+ read hosts or addrlist namelist pairs from the standard input.
+
+ -H Hash all hostnames and addresses in the output. Hashed names may
+ be used normally by ssh and sshd, but they do not reveal
+ identifying information should the file's contents be disclosed.
+
+ -p port
+ Port to connect to on the remote host.
+
+ -T timeout
+ Set the timeout for connection attempts. If timeout seconds have
+ elapsed since a connection was initiated to a host or since the
+ last time anything was read from that host, then the connection
+ is closed and the host in question considered unavailable.
+ Default is 5 seconds.
+
+ -t type
+ Specifies the type of the key to fetch from the scanned hosts.
+ The possible values are ``rsa1'' for protocol version 1 and
+ ``dsa'', ``ecdsa'' or ``rsa'' for protocol version 2. Multiple
+ values may be specified by separating them with commas. The
+ default is ``rsa''.
+
+ -v Verbose mode. Causes ssh-keyscan to print debugging messages
+ about its progress.
+
+SECURITY
+ If an ssh_known_hosts file is constructed using ssh-keyscan without
+ verifying the keys, users will be vulnerable to man in the middle
+ attacks. On the other hand, if the security model allows such a risk,
+ ssh-keyscan can help in the detection of tampered keyfiles or man in the
+ middle attacks which have begun after the ssh_known_hosts file was
+ created.
+
+FILES
+ Input format:
+
+ 1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4
+
+ Output format for rsa1 keys:
+
+ host-or-namelist bits exponent modulus
+
+ Output format for rsa, dsa and ecdsa keys:
+
+ host-or-namelist keytype base64-encoded-key
+
+ Where keytype is either ``ecdsa-sha2-nistp256'', ``ecdsa-sha2-nistp384'',
+ ``ecdsa-sha2-nistp521'', ``ssh-dss'' or ``ssh-rsa''.
+
+ /etc/ssh/ssh_known_hosts
+
+EXAMPLES
+ Print the rsa host key for machine hostname:
+
+ $ ssh-keyscan hostname
+
+ Find all hosts from the file ssh_hosts which have new or different keys
+ from those in the sorted file ssh_known_hosts:
+
+ $ ssh-keyscan -t rsa,dsa,ecdsa -f ssh_hosts | \
+ sort -u - ssh_known_hosts | diff ssh_known_hosts -
+
+SEE ALSO
+ ssh(1), sshd(8)
+
+AUTHORS
+ David Mazieres <dm@lcs.mit.edu> wrote the initial version, and Wayne
+ Davison <wayned@users.sourceforge.net> added support for protocol version
+ 2.
+
+BUGS
+ It generates "Connection closed by remote host" messages on the consoles
+ of all the machines it scans if the server is older than version 2.9.
+ This is because it opens a connection to the ssh port, reads the public
+ key, and drops the connection as soon as it gets the key.
+
+OpenBSD 5.0 August 31, 2010 OpenBSD 5.0