Your Browser is not longer supported

Please use Google Chrome, Mozilla Firefox or Microsoft Edge to view the page correctly
Loading...

{{viewport.spaceProperty.prod}}

ssh-keyscan

&pagelevel(4)&pagelevel

Syntax

ssh-keyscan [-v46H] [-p <port>] [-T <timeout>] [-t <type>] [-f <file>]

            [<host> | <addrlist> <namelist>] [...]

A detailed description of the operands is provided in the OpenSSH man pages.

Description

The ssh-keyscan utility enables you to inquire the public SSH host keys of different hosts from any OpenSSH client and to transfer it directly into the ssh_known_hosts files. In addition, ssh-keyscan supports you in verifying existing ssh_known_hosts files. ssh-keyscan provides a minimum interface which is equally suitable for shell and Perl scripts.

ssh-keyscan uses non-blocking socket input/output in order to connect simultaneously to as many computers as possible.

To scan the computers for host keys ssh-keyscan does not need a login authorization on these computers. Nor does the scanning process include any form of encryption.

Security aspects

If you create an ssh_known_hosts file with the aid of ssh-keyscan, you are vulnerable to “manin-the-middle” attacks. If, on the other hand, the basic security model allows such risks, sshkeyscan can support you in detecting counterfeited host key files. ssh-keyscan also assists you in detecting “man-in-the-middle” attacks which were started after the ssh_known_hosts file was created.

Powered by Atlassian Confluence and Scroll Viewport.