ssh-keyscan for ssh2 (was Re: openssh-2.9p1)

Peter Breitenlohner peb at mppmu.mpg.de
Sat May 19 00:40:02 EST 2001 

On Thu, 17 May 2001, Wayne Davison wrote:

> Here's my first cut at modifying ssh-keyscan to output either/both ssh1
> and ssh2 keys.  It defaults to working as it did before (outputting just
> the ssh1 rsa keys), but you can ask for either or both by using the -1
> and -2 options.   .........
> I also added the flags -4 and -6 to allow people to set IPv4 and IPv6
> modes just like with ssh.

Hi Wayne,

I have applied your patch and tried things out; seems to work fine.
Thanks a lot.

Attached my attempt to update the ssh-keyscan man page accordingly
(I wanted to have that for my own use for future reference).

regards
Peter Breitenlohner <peb at mppmu.mpg.de>
-------------- next part --------------
diff -ur openssh-2.9p1.orig/ssh-keyscan.1 openssh-2.9p1/ssh-keyscan.1
--- openssh-2.9p1.orig/ssh-keyscan.1	Thu Apr 19 22:31:02 2001
+++ openssh-2.9p1/ssh-keyscan.1	Fri May 18 15:58:36 2001
@@ -16,6 +16,8 @@
 .Sh SYNOPSIS
 .Nm ssh-keyscan
 .Op Fl t Ar timeout
+.Op Fl 4 | 6
+.Op Fl 1 | 2 | 12
 .Op Ar -- | host | addrlist namelist
 .Op Fl f Ar files ...
 .Sh DESCRIPTION
@@ -23,6 +25,8 @@
 is a utility for gathering the public ssh host keys of a number of
 hosts.  It was designed to aid in building and verifying
 .Pa ssh_known_hosts
+and
+.Pa ssh_known_hosts2
 files.
 .Nm
 provides a minimal interface suitable for use by shell and perl
@@ -36,7 +40,7 @@
 machines you are scanning, nor does the scanning process involve
 any encryption.
 .Sh SECURITY
-If you make an ssh_known_hosts file using
+If you make an ssh_known_hosts or ssh_known_hosts2 file using
 .Nm
 without verifying the keys, you will be vulnerable to
 .I man in the middle
@@ -44,7 +48,7 @@
 On the other hand, if your security model allows such a risk,
 .Nm
 can help you detect tampered keyfiles or man in the middle attacks which
-have begun after you created your ssh_known_hosts file.
+have begun after you created your ssh_known_hosts or ssh_known_hosts2 file.
 .Sh OPTIONS
 .Bl -tag -width Ds
 .It Fl t
@@ -54,6 +58,28 @@
 last time anything was read from that host, then the connection is
 closed and the host in question considered unavailable.  Default is 5
 seconds.
+.It Fl 4
+Forces
+.Nm
+to use IPv4 addresses only.
+.It Fl 6
+Forces
+.Nm
+to use IPv6 addresses only.
+.It Fl 1
+Forces
+.Nm
+to try protocol version 1 (only).
+.It Fl 2
+Forces
+.Nm
+to try protocol version 2 (only).
+.It Fl 12
+Forces
+.Nm
+to try protocol versions 1 and 2. The protocol versions (1, 2, or both)
+remain in effect until one of these flags is specified again after some
+host specifications.
 .It Fl f
 Read hosts or 
 .Pa addrlist namelist
@@ -91,7 +117,7 @@
 .Pa Output format:
 host-or-namelist bits exponent modulus
 .Pp
-.Pa /etc/ssh_known_hosts
+.Pa /etc/ssh_known_hosts, /etc/ssh_known_hosts2
 .Sh BUGS
 It generates "Connection closed by remote host" messages on the consoles
 of all the machines it scans.

More information about the openssh-unix-dev mailing list