Welcome to Linux Knowledge Base and Tutorial
"The place where you learn linux"
IndexSoft

 Create an AccountHome | Submit News | Your Account  

Tutorial Menu
Linux Tutorial Home
Table of Contents

· Introduction to Operating Systems
· Linux Basics
· Working with the System
· Shells and Utilities
· Editing Files
· Basic Administration
· The Operating System
· The X Windowing System
· The Computer Itself
· Networking
· System Monitoring
· Solving Problems
· Security
· Installing and Upgrading
· Linux and Windows

Glossary
MoreInfo
Man Pages
Linux Topics
Test Your Knowledge

Site Menu
Site Map
FAQ
Copyright Info
Terms of Use
Privacy Info
Disclaimer
WorkBoard
Thanks
Donations
Advertising
Masthead / Impressum
Your Account

Communication
Feedback
Forums
Private Messages
Surveys

Features
HOWTOs
News Archive
Submit News
Topics
User Articles
Web Links

Google
Google


The Web
linux-tutorial.info

Who's Online
There are currently, 173 guest(s) and 0 member(s) that are online.

You are an Anonymous user. You can register for free by clicking here

  

ssh-keyscan


                 [host | addrlist namelist] [...]


DESCRIPTION

     ssh-keyscan is a utility for gathering the public ssh host keys of a num­
     ber of hosts.  It was designed to aid in building and verifying
     ssh_known_hosts files.  ssh-keyscan provides a minimal interface suitable
     for use by shell and perl scripts.

     ssh-keyscan uses non-blocking socket I/O to contact as many hosts as pos­
     sible in parallel, so it is very efficient.  The keys from a domain of
     1,000 hosts can be collected in tens of seconds, even when some of those
     hosts are down or do not run ssh.  For scanning, one does not need login
     access to the machines that are being scanned, nor does the scanning pro­
     cess involve any encryption.

     The options are as follows:

     -p port
             Port to connect to on the remote host.

     -T timeout
             Set the timeout for connection attempts.  If timeout seconds have
             elapsed since a connection was initiated to a host or since the
             last time anything was read from that host, then the connection
             is closed and the host in question considered unavailable.
             Default is 5 seconds.

     -t type
             Specifies the type of the key to fetch from the scanned hosts.
             The possible values are ``rsa1'' for protocol version 1 and
             ``rsa'' or ``dsa'' for protocol version 2.  Multiple values may
             be specified by separating them with commas.  The default is
             ``rsa1''.

     -f filename
             Read hosts or addrlist namelist pairs from this file, one per
             line.  If - is supplied instead of a filename, ssh-keyscan will
             read hosts or addrlist namelist pairs from the standard input.

     -v      Verbose mode.  Causes ssh-keyscan to print debugging messages
             about its progress.

     -4      Forces ssh-keyscan to use IPv4 addresses only.

     -6      Forces ssh-keyscan to use IPv6 addresses only.


SECURITY

     If a ssh_known_hosts file is constructed using ssh-keyscan without veri­
     fying the keys, users will be vulnerable to attacks.  On the other hand,
     if the security model allows such a risk, ssh-keyscan can help in the
     detection of tampered keyfiles or man in the middle attacks which have
     begun after the ssh_known_hosts file was created.
     Where keytype is either ``ssh-rsa'' or ``ssh-dss''.

     /etc/ssh/ssh_known_hosts


EXAMPLES

     Print the rsa1 host key for machine hostname:

     $ ssh-keyscan hostname

     Find all hosts from the file ssh_hosts which have new or different keys
     from those in the sorted file ssh_known_hosts:

     $ ssh-keyscan -t rsa,dsa -f ssh_hosts | \
             sort -u - ssh_known_hosts | diff ssh_known_hosts -


SEE ALSO

     ssh(1), sshd(8)


AUTHORS

     David Mazieres <dm@lcs.mit.edu> wrote the initial version, and
     Wayne Davison <wayned@users.sourceforge.net> added support for protocol
     version 2.


BUGS

     It generates "Connection closed by remote host" messages on the consoles
     of all the machines it scans if the server is older than version 2.9.
     This is because it opens a connection to the ssh port, reads the public
     key, and drops the connection as soon as it gets the key.

BSD                             January 1, 1996                            BSD
  
Show your Support for the Linux Tutorial

Purchase one of the products from our new online shop. For each product you purchase, the Linux Tutorial gets a portion of the proceeds to help keep us going.


Login
Nickname

Password

Security Code
Security Code
Type Security Code


Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Help if you can!


Amazon Wish List

Did You Know?
The Linux Tutorial welcomes your suggestions and ideas.


Friends



Tell a Friend About Us

Bookmark and Share



Web site powered by PHP-Nuke

Is this information useful? At the very least you can help by spreading the word to your favorite newsgroups, mailing lists and forums.
All logos and trademarks in this site are property of their respective owner. The comments are property of their posters. Articles are the property of their respective owners. Unless otherwise stated in the body of the article, article content (C) 1994-2013 by James Mohr. All rights reserved. The stylized page/paper, as well as the terms "The Linux Tutorial", "The Linux Server Tutorial", "The Linux Knowledge Base and Tutorial" and "The place where you learn Linux" are service marks of James Mohr. All rights reserved.
The Linux Knowledge Base and Tutorial may contain links to sites on the Internet, which are owned and operated by third parties. The Linux Tutorial is not responsible for the content of any such third-party site. By viewing/utilizing this web site, you have agreed to our disclaimer, terms of use and privacy policy. Use of automated download software ("harvesters") such as wget, httrack, etc. causes the site to quickly exceed its bandwidth limitation and are therefore expressly prohibited. For more details on this, take a look here

PHP-Nuke Copyright © 2004 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 0.04 Seconds