ssh-keyscan(1) 맨 페이지 - 윈디하나의 솔라나라

개요

섹션
맨페이지이름
검색(S)

ssh-keyscan

Name
     ssh-keyscan - gather public ssh host keys  of  a  number  of
     hosts

Synopsis
     ssh-keyscan [-v46] [-p port] [-T timeout] [-t type]
          [-f file] [-] [host... | addrlist namelist] [...]

Description
     ssh-keyscan is a utility for gathering the public  ssh  host
     keys  of a number of hosts. It was designed to aid in build-
     ing and verifying ssh_known_hosts  files.  ssh-keyscan  pro-
     vides a minimal interface suitable for use by shell and perl
     scripts. The output of ssh-keyscan is directed  to  standard
     output.


     ssh-keyscan uses non-blocking socket I/O to contact as  many
     hosts  as possible in parallel, so it is very efficient. The
     keys from a domain of 1,000 hosts can be collected  in  tens
     of seconds, even when some of those hosts are down or do not
     run ssh. For scanning, one does not need login access to the
     machines  that are being scanned, nor does the scanning pro-
     cess involve any encryption.

  File Format
     Input format:

       1.2.3.4,1.2.4.4
       name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4




     Output format for rsa1 keys:

       host-or-namelist bits exponent modulus




     Output format for rsa and dsa keys, where keytype is  either
     ssh-rsa or `ssh-dsa:

       host-or-namelist keytype base64-encoded-key

Options
     The following options are supported:
     -f filename
         Read hosts or addrlist namelist pairs  from  this  file,
         one  per  line.  If you specify - instead of a filename,
         ssh-keyscan reads hosts or addrlist namelist pairs  from
         the standard input.


     -p port
         Port to connect to on the remote host.


     -T timeout
         Set the timeout  for  connection  attempts.  If  timeout
         seconds have elapsed since a connection was initiated to
         a host or since the last time  anything  was  read  from
         that  host,  the  connection  is  closed and the host in
         question is considered unavailable. The default  is  for
         timeout is 5 seconds.


     -t type
         Specify the type of the key to fetch  from  the  scanned
         hosts.  The possible values for type are rsa1 for proto-
         col version 1 and rsa or dsa  for  protocol  version  2.
         Specify  multiple values by separating them with commas.
         The default is rsa1.


     -v
         Specify verbose mode.  Print  debugging  messages  about
         progress.


     -4
         Force to use IPv4 addresses only.


     -6
         Forces to use IPv6 addresses only.

Security
     If a ssh_known_hosts file is constructed  using  ssh-keyscan
     without  verifying the keys, users are vulnerable to man-in-
     the-middle attacks. If the  security  model  allows  such  a
     risk, ssh-keyscan can help in the detection of tampered key-
     files or man-in-the-middle attacks which  have  begun  after
     the ssh_known_hosts file was created.

Examples
     Example 1 Printing the rsa1 Host Key


     The following example prints the rsa1 host key  for  machine
     hostname:


       $ ssh-keyscan hostname



     Example 2 Finding All Hosts


     The  following  commands  finds  all  hosts  from  the  file
     ssh_hosts which have new or different keys from those in the
     sorted file ssh_known_hosts:


       $ ssh-keyscan -t rsa,dsa -f ssh_hosts | \
            sort -u - ssh_known_hosts | diff ssh_known_hosts -

Files
     /etc/ssh_known_hosts
         Contains list of public ssh host keys.

Exit Status
     The following exit values are returned:

     0
         No usage errors. ssh-keyscan might  or  might  not  have
         succeeded  or  failed  to  scan  one, more or all of the
         given hosts.


     1
         Usage error.

Attributes
     See attributes(5) for descriptions of the  following  attri-
     butes:



     tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i)  ATTRI-
     BUTE   TYPEATTRIBUTE   VALUE   _  Availabilitynetwork/ssh  _

     Interface StabilityCommitted

See Also
     ssh(1), sshd(1M), attributes(5)

Authors
     David Mazieres wrote the initial version, and Wayne  Davison
     added support for protocol version 2.

Bugs
     ssh-keyscan generates the following messages on the consoles
     of all machines it scans if the server is older than version
     2.9:

       Connection closed by remote host




     This is because ssh-keyscan opens a connection  to  the  ssh
     port, reads the public key, and drops the connection as soon
     as it gets the key.
맨 페이지 내용의 저작권은 맨 페이지 작성자에게 있습니다.
RSS ATOM XHTML 1.0 CSS3