Google 


SYNOPSIS
     ssh-keyscan [-t timeout] [-- | host | addrlist namelist] [-f
files ...]

DESCRIPTION
     ssh-keyscan  is  a utility for gathering the public ssh host
keys of a numM--
     ber of hosts.  It was designed to aid in building and  veri-
fying
     ssh_known_hosts  files.   ssh-keyscan provides a minimal in-
terface suitable
     for use by shell and perl scripts.

     ssh-keyscan uses non-blocking socket I/O to contact as  many
hosts as posM--
     sible in parallel, so it is very efficient.  The keys from a
domain of
     1,000 hosts can be collected in tens of seconds,  even  when
some of those
     hosts are down or do not run ssh.  You do not need login ac-
cess to the
     machines you are scanning, nor does the scanning process in-
volve any enM--
     cryption.

SECURITY
     If  you make an ssh_known_hosts file using ssh-keyscan with-
out verifying
     the keys, you will be vulnerable to attacks.  On  the  other
hand, if your
     security  model allows such a risk, ssh-keyscan can help you
detect tamM--
     pered keyfiles or man in the middle attacks which have begun
after you
     created your ssh_known_hosts file.

OPTIONS
     -t      Set the timeout for connection attempts.  If timeout
seconds have
             elapsed since a connection was initiated to  a  host
or since the
             last time anything was read from that host, then the
connection
             is closed and the host in  question  considered  un-
available.  DeM--
             fault is 5 seconds.

     -f       Read  hosts  or  addrlist  namelist pairs from this
file, one per
             line.  If - is supplied instead of a filename,  ssh-
keyscan will
             read hosts or addrlist namelist pairs from the stan-

FILES
     Input format: 1.2.3.4,1.2.4.4 name.my.domain,name,n.my.doM--
     main,n,1.2.3.4,1.2.4.4

     Output format: host-or-namelist bits exponent modulus

     /etc/ssh_known_hosts

BUGS
     It  generates "Connection closed by remote host" messages on
the consoles
     of all the machines it scans.  This is because  it  opens  a
connection to
     the ssh port, reads the public key, and drops the connection
as soon as
     it gets the key.

SEE ALSO
     ssh(1),  sshd(8)

AUTHOR
     David Mazieres <dm@lcs.mit.edu>

BSD     Experimental                    January      1,      1996
2
Man(1) output converted with man2html