jmc@openbsd.org | f493d2b | 2018-03-02 21:40:15 +0000 | [diff] [blame^] | 1 | .\" $OpenBSD: ssh-keyscan.1,v 1.43 2018/03/02 21:40:15 jmc Exp $ |
Ben Lindstrom | b22c2b8 | 2001-03-05 06:50:47 +0000 | [diff] [blame] | 2 | .\" |
| 3 | .\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. |
| 4 | .\" |
| 5 | .\" Modification and redistribution in source and binary forms is |
| 6 | .\" permitted provided that due credit is given to the author and the |
Ben Lindstrom | a238f6e | 2001-06-09 01:30:39 +0000 | [diff] [blame] | 7 | .\" OpenBSD project by leaving this copyright notice intact. |
Ben Lindstrom | 36579d3 | 2001-01-29 07:39:26 +0000 | [diff] [blame] | 8 | .\" |
jmc@openbsd.org | f493d2b | 2018-03-02 21:40:15 +0000 | [diff] [blame^] | 9 | .Dd $Mdocdate: March 2 2018 $ |
Ben Lindstrom | b22c2b8 | 2001-03-05 06:50:47 +0000 | [diff] [blame] | 10 | .Dt SSH-KEYSCAN 1 |
Ben Lindstrom | b6434ae | 2000-12-05 01:15:09 +0000 | [diff] [blame] | 11 | .Os |
| 12 | .Sh NAME |
| 13 | .Nm ssh-keyscan |
jmc@openbsd.org | f493d2b | 2018-03-02 21:40:15 +0000 | [diff] [blame^] | 14 | .Nd gather SSH public keys |
Ben Lindstrom | b6434ae | 2000-12-05 01:15:09 +0000 | [diff] [blame] | 15 | .Sh SYNOPSIS |
| 16 | .Nm ssh-keyscan |
djm@openbsd.org | 1a34835 | 2018-02-23 05:14:05 +0000 | [diff] [blame] | 17 | .Op Fl 46cDHv |
Damien Miller | 9a2fdbd | 2005-03-02 12:04:01 +1100 | [diff] [blame] | 18 | .Op Fl f Ar file |
Ben Lindstrom | 325e70c | 2001-08-06 22:41:30 +0000 | [diff] [blame] | 19 | .Op Fl p Ar port |
| 20 | .Op Fl T Ar timeout |
| 21 | .Op Fl t Ar type |
Ben Lindstrom | 325e70c | 2001-08-06 22:41:30 +0000 | [diff] [blame] | 22 | .Op Ar host | addrlist namelist |
Ben Lindstrom | b6434ae | 2000-12-05 01:15:09 +0000 | [diff] [blame] | 23 | .Sh DESCRIPTION |
| 24 | .Nm |
jmc@openbsd.org | f493d2b | 2018-03-02 21:40:15 +0000 | [diff] [blame^] | 25 | is a utility for gathering the public SSH host keys of a number of |
Damien Miller | 495dca3 | 2003-04-01 21:42:14 +1000 | [diff] [blame] | 26 | hosts. |
| 27 | It was designed to aid in building and verifying |
Ben Lindstrom | b6434ae | 2000-12-05 01:15:09 +0000 | [diff] [blame] | 28 | .Pa ssh_known_hosts |
| 29 | files. |
| 30 | .Nm |
| 31 | provides a minimal interface suitable for use by shell and perl |
| 32 | scripts. |
| 33 | .Pp |
| 34 | .Nm |
| 35 | uses non-blocking socket I/O to contact as many hosts as possible in |
Damien Miller | 495dca3 | 2003-04-01 21:42:14 +1000 | [diff] [blame] | 36 | parallel, so it is very efficient. |
| 37 | The keys from a domain of 1,000 |
Ben Lindstrom | b6434ae | 2000-12-05 01:15:09 +0000 | [diff] [blame] | 38 | hosts can be collected in tens of seconds, even when some of those |
jmc@openbsd.org | f493d2b | 2018-03-02 21:40:15 +0000 | [diff] [blame^] | 39 | hosts are down or do not run |
| 40 | .Xr sshd 8 . |
Damien Miller | 495dca3 | 2003-04-01 21:42:14 +1000 | [diff] [blame] | 41 | For scanning, one does not need |
Ben Lindstrom | 594e203 | 2001-09-12 18:35:30 +0000 | [diff] [blame] | 42 | login access to the machines that are being scanned, nor does the |
| 43 | scanning process involve any encryption. |
Ben Lindstrom | 0b5afb9 | 2001-08-06 22:01:29 +0000 | [diff] [blame] | 44 | .Pp |
jmc@openbsd.org | f493d2b | 2018-03-02 21:40:15 +0000 | [diff] [blame^] | 45 | Input is expected in the format: |
| 46 | .Bd -literal -offset 3n |
| 47 | 1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4 |
| 48 | .Ed |
| 49 | .Pp |
| 50 | The output format is: |
| 51 | .Bd -literal -offset 3n |
| 52 | host-or-namelist keytype base64-encoded-key |
| 53 | .Ed |
| 54 | .Pp |
| 55 | Where |
| 56 | .Ar keytype |
| 57 | is either |
| 58 | .Dq ecdsa-sha2-nistp256 , |
| 59 | .Dq ecdsa-sha2-nistp384 , |
| 60 | .Dq ecdsa-sha2-nistp521 , |
| 61 | .Dq ssh-ed25519 , |
| 62 | .Dq ssh-dss |
| 63 | or |
| 64 | .Dq ssh-rsa . |
| 65 | .Pp |
Ben Lindstrom | 0b5afb9 | 2001-08-06 22:01:29 +0000 | [diff] [blame] | 66 | The options are as follows: |
Ben Lindstrom | b6434ae | 2000-12-05 01:15:09 +0000 | [diff] [blame] | 67 | .Bl -tag -width Ds |
Damien Miller | 9a2fdbd | 2005-03-02 12:04:01 +1100 | [diff] [blame] | 68 | .It Fl 4 |
jmc@openbsd.org | f493d2b | 2018-03-02 21:40:15 +0000 | [diff] [blame^] | 69 | Force |
Damien Miller | 9a2fdbd | 2005-03-02 12:04:01 +1100 | [diff] [blame] | 70 | .Nm |
| 71 | to use IPv4 addresses only. |
| 72 | .It Fl 6 |
jmc@openbsd.org | f493d2b | 2018-03-02 21:40:15 +0000 | [diff] [blame^] | 73 | Force |
Damien Miller | 9a2fdbd | 2005-03-02 12:04:01 +1100 | [diff] [blame] | 74 | .Nm |
| 75 | to use IPv6 addresses only. |
djm@openbsd.org | 3a424cd | 2015-11-08 22:30:20 +0000 | [diff] [blame] | 76 | .It Fl c |
| 77 | Request certificates from target hosts instead of plain keys. |
djm@openbsd.org | 1a34835 | 2018-02-23 05:14:05 +0000 | [diff] [blame] | 78 | .It Fl D |
| 79 | Print keys found as SSHFP DNS records. |
| 80 | The default is to print keys in a format usable as a |
| 81 | .Xr ssh 1 |
| 82 | .Pa known_hosts |
| 83 | file. |
Damien Miller | 9a2fdbd | 2005-03-02 12:04:01 +1100 | [diff] [blame] | 84 | .It Fl f Ar file |
| 85 | Read hosts or |
Damien Miller | f8f35bc | 2014-02-04 11:09:12 +1100 | [diff] [blame] | 86 | .Dq addrlist namelist |
| 87 | pairs from |
| 88 | .Ar file , |
| 89 | one per line. |
Damien Miller | 9a2fdbd | 2005-03-02 12:04:01 +1100 | [diff] [blame] | 90 | If |
jmc@openbsd.org | f493d2b | 2018-03-02 21:40:15 +0000 | [diff] [blame^] | 91 | .Sq - |
Damien Miller | 9a2fdbd | 2005-03-02 12:04:01 +1100 | [diff] [blame] | 92 | is supplied instead of a filename, |
| 93 | .Nm |
jmc@openbsd.org | f493d2b | 2018-03-02 21:40:15 +0000 | [diff] [blame^] | 94 | will read from the standard input. |
Damien Miller | db7b817 | 2005-03-01 21:48:03 +1100 | [diff] [blame] | 95 | .It Fl H |
| 96 | Hash all hostnames and addresses in the output. |
| 97 | Hashed names may be used normally by |
jmc@openbsd.org | f493d2b | 2018-03-02 21:40:15 +0000 | [diff] [blame^] | 98 | .Xr ssh 1 |
Damien Miller | db7b817 | 2005-03-01 21:48:03 +1100 | [diff] [blame] | 99 | and |
jmc@openbsd.org | f493d2b | 2018-03-02 21:40:15 +0000 | [diff] [blame^] | 100 | .Xr sshd 8 , |
Damien Miller | db7b817 | 2005-03-01 21:48:03 +1100 | [diff] [blame] | 101 | but they do not reveal identifying information should the file's contents |
| 102 | be disclosed. |
Ben Lindstrom | 325e70c | 2001-08-06 22:41:30 +0000 | [diff] [blame] | 103 | .It Fl p Ar port |
jmc@openbsd.org | f493d2b | 2018-03-02 21:40:15 +0000 | [diff] [blame^] | 104 | Connect to |
| 105 | .Ar port |
| 106 | on the remote host. |
Ben Lindstrom | 8d066fb | 2001-09-12 17:06:13 +0000 | [diff] [blame] | 107 | .It Fl T Ar timeout |
Damien Miller | 495dca3 | 2003-04-01 21:42:14 +1000 | [diff] [blame] | 108 | Set the timeout for connection attempts. |
| 109 | If |
Damien Miller | f8f35bc | 2014-02-04 11:09:12 +1100 | [diff] [blame] | 110 | .Ar timeout |
Ben Lindstrom | b6434ae | 2000-12-05 01:15:09 +0000 | [diff] [blame] | 111 | seconds have elapsed since a connection was initiated to a host or since the |
jmc@openbsd.org | f493d2b | 2018-03-02 21:40:15 +0000 | [diff] [blame^] | 112 | last time anything was read from that host, the connection is |
Damien Miller | 495dca3 | 2003-04-01 21:42:14 +1000 | [diff] [blame] | 113 | closed and the host in question considered unavailable. |
jmc@openbsd.org | f493d2b | 2018-03-02 21:40:15 +0000 | [diff] [blame^] | 114 | The default is 5 seconds. |
Ben Lindstrom | 325e70c | 2001-08-06 22:41:30 +0000 | [diff] [blame] | 115 | .It Fl t Ar type |
jmc@openbsd.org | f493d2b | 2018-03-02 21:40:15 +0000 | [diff] [blame^] | 116 | Specify the type of the key to fetch from the scanned hosts. |
Ben Lindstrom | 325e70c | 2001-08-06 22:41:30 +0000 | [diff] [blame] | 117 | The possible values are |
Damien Miller | eb8b60e | 2010-08-31 22:41:14 +1000 | [diff] [blame] | 118 | .Dq dsa , |
Damien Miller | 8ba0ead | 2013-12-18 17:46:27 +1100 | [diff] [blame] | 119 | .Dq ecdsa , |
| 120 | .Dq ed25519 , |
Ben Lindstrom | 325e70c | 2001-08-06 22:41:30 +0000 | [diff] [blame] | 121 | or |
jmc@openbsd.org | f10c0d3 | 2017-05-02 17:04:09 +0000 | [diff] [blame] | 122 | .Dq rsa . |
Ben Lindstrom | 325e70c | 2001-08-06 22:41:30 +0000 | [diff] [blame] | 123 | Multiple values may be specified by separating them with commas. |
Damien Miller | 839f743 | 2012-04-22 11:24:21 +1000 | [diff] [blame] | 124 | The default is to fetch |
Damien Miller | 94bfe0f | 2014-04-20 13:00:51 +1000 | [diff] [blame] | 125 | .Dq rsa , |
| 126 | .Dq ecdsa , |
Damien Miller | 839f743 | 2012-04-22 11:24:21 +1000 | [diff] [blame] | 127 | and |
Damien Miller | 94bfe0f | 2014-04-20 13:00:51 +1000 | [diff] [blame] | 128 | .Dq ed25519 |
Damien Miller | 839f743 | 2012-04-22 11:24:21 +1000 | [diff] [blame] | 129 | keys. |
Ben Lindstrom | 325e70c | 2001-08-06 22:41:30 +0000 | [diff] [blame] | 130 | .It Fl v |
jmc@openbsd.org | f493d2b | 2018-03-02 21:40:15 +0000 | [diff] [blame^] | 131 | Verbose mode: |
| 132 | print debugging messages about progress. |
Ben Lindstrom | d26dcf3 | 2001-01-06 15:18:16 +0000 | [diff] [blame] | 133 | .El |
jmc@openbsd.org | f493d2b | 2018-03-02 21:40:15 +0000 | [diff] [blame^] | 134 | .Pp |
Darren Tucker | ffe88e1 | 2006-10-18 07:53:06 +1000 | [diff] [blame] | 135 | If an ssh_known_hosts file is constructed using |
Ben Lindstrom | 0b5afb9 | 2001-08-06 22:01:29 +0000 | [diff] [blame] | 136 | .Nm |
Ben Lindstrom | 594e203 | 2001-09-12 18:35:30 +0000 | [diff] [blame] | 137 | without verifying the keys, users will be vulnerable to |
Darren Tucker | 3ca4508 | 2004-07-17 16:13:15 +1000 | [diff] [blame] | 138 | .Em man in the middle |
Ben Lindstrom | 0b5afb9 | 2001-08-06 22:01:29 +0000 | [diff] [blame] | 139 | attacks. |
Ben Lindstrom | 594e203 | 2001-09-12 18:35:30 +0000 | [diff] [blame] | 140 | On the other hand, if the security model allows such a risk, |
Ben Lindstrom | 0b5afb9 | 2001-08-06 22:01:29 +0000 | [diff] [blame] | 141 | .Nm |
Ben Lindstrom | 594e203 | 2001-09-12 18:35:30 +0000 | [diff] [blame] | 142 | can help in the detection of tampered keyfiles or man in the middle |
| 143 | attacks which have begun after the ssh_known_hosts file was created. |
Ben Lindstrom | b6434ae | 2000-12-05 01:15:09 +0000 | [diff] [blame] | 144 | .Sh FILES |
Damien Miller | 05eda43 | 2002-02-10 18:32:28 +1100 | [diff] [blame] | 145 | .Pa /etc/ssh/ssh_known_hosts |
Damien Miller | f1ce505 | 2003-06-11 22:04:39 +1000 | [diff] [blame] | 146 | .Sh EXAMPLES |
jmc@openbsd.org | f493d2b | 2018-03-02 21:40:15 +0000 | [diff] [blame^] | 147 | Print the RSA host key for machine |
Damien Miller | f8f35bc | 2014-02-04 11:09:12 +1100 | [diff] [blame] | 148 | .Ar hostname : |
jmc@openbsd.org | f493d2b | 2018-03-02 21:40:15 +0000 | [diff] [blame^] | 149 | .Pp |
| 150 | .Dl $ ssh-keyscan -t rsa hostname |
Damien Miller | f1ce505 | 2003-06-11 22:04:39 +1000 | [diff] [blame] | 151 | .Pp |
| 152 | Find all hosts from the file |
| 153 | .Pa ssh_hosts |
| 154 | which have new or different keys from those in the sorted file |
| 155 | .Pa ssh_known_hosts : |
jmc@openbsd.org | f493d2b | 2018-03-02 21:40:15 +0000 | [diff] [blame^] | 156 | .Bd -literal -offset indent |
Damien Miller | 94bfe0f | 2014-04-20 13:00:51 +1000 | [diff] [blame] | 157 | $ ssh-keyscan -t rsa,dsa,ecdsa,ed25519 -f ssh_hosts | \e |
Damien Miller | f1ce505 | 2003-06-11 22:04:39 +1000 | [diff] [blame] | 158 | sort -u - ssh_known_hosts | diff ssh_known_hosts - |
| 159 | .Ed |
| 160 | .Sh SEE ALSO |
| 161 | .Xr ssh 1 , |
| 162 | .Xr sshd 8 |
jmc@openbsd.org | 7d330a1 | 2018-02-23 07:38:09 +0000 | [diff] [blame] | 163 | .Rs |
djm@openbsd.org | 1a34835 | 2018-02-23 05:14:05 +0000 | [diff] [blame] | 164 | .%D 2006 |
jmc@openbsd.org | 7d330a1 | 2018-02-23 07:38:09 +0000 | [diff] [blame] | 165 | .%R RFC 4255 |
| 166 | .%T Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints |
djm@openbsd.org | 1a34835 | 2018-02-23 05:14:05 +0000 | [diff] [blame] | 167 | .Re |
Damien Miller | f1ce505 | 2003-06-11 22:04:39 +1000 | [diff] [blame] | 168 | .Sh AUTHORS |
Darren Tucker | 28e8e59 | 2005-10-03 18:20:28 +1000 | [diff] [blame] | 169 | .An -nosplit |
Damien Miller | bf836e5 | 2013-07-18 16:14:13 +1000 | [diff] [blame] | 170 | .An David Mazieres Aq Mt dm@lcs.mit.edu |
Damien Miller | f1ce505 | 2003-06-11 22:04:39 +1000 | [diff] [blame] | 171 | wrote the initial version, and |
Damien Miller | bf836e5 | 2013-07-18 16:14:13 +1000 | [diff] [blame] | 172 | .An Wayne Davison Aq Mt wayned@users.sourceforge.net |
Damien Miller | f1ce505 | 2003-06-11 22:04:39 +1000 | [diff] [blame] | 173 | added support for protocol version 2. |