diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2022-10-28 02:29:34 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2022-10-28 13:39:35 +1100 |
| commit | 1192588546c29ceec10775125f396555ea71850f (patch) | |
| tree | 72e61525bc48f50d8854a5d65668e966cb1e8ab2 /ssh-keyscan.1 | |
| parent | 64af4209309461c79c39eda2d13f9d77816c6398 (diff) | |
| download | openssh-git-1192588546c29ceec10775125f396555ea71850f.tar.gz | |
upstream: allow ssh-keyscan(1) to accept CIDR address ranges, e.g.
ssh-keyscan 192.168.0.0/24
If a CIDR range is passed, then it will be expanded to all possible
addresses in the range including the all-0s and all-1s addresses.
bz#976 feedback/ok markus@
OpenBSD-Commit-ID: ce6c5211f936ac0053fd4a2ddb415277931e6c4b
Diffstat (limited to 'ssh-keyscan.1')
| -rw-r--r-- | ssh-keyscan.1 | 24 |
1 files changed, 20 insertions, 4 deletions
diff --git a/ssh-keyscan.1 b/ssh-keyscan.1 index 4eb0bea0..ca4feea2 100644 --- a/ssh-keyscan.1 +++ b/ssh-keyscan.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keyscan.1,v 1.46 2022/06/03 04:00:15 dtucker Exp $ +.\" $OpenBSD: ssh-keyscan.1,v 1.47 2022/10/28 02:29:34 djm Exp $ .\" .\" Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. .\" @@ -6,7 +6,7 @@ .\" permitted provided that due credit is given to the author and the .\" OpenBSD project by leaving this copyright notice intact. .\" -.Dd $Mdocdate: June 3 2022 $ +.Dd $Mdocdate: October 28 2022 $ .Dt SSH-KEYSCAN 1 .Os .Sh NAME @@ -44,6 +44,11 @@ For scanning, one does not need login access to the machines that are being scanned, nor does the scanning process involve any encryption. .Pp +Hosts to be scanned may be specified by hostname, address or by CIDR +network range (e.g. 192.168.16/28). +If a network range is specified, then all addresses in that range will +be scanned. +.Pp The options are as follows: .Bl -tag -width Ds .It Fl 4 @@ -73,9 +78,16 @@ If is supplied instead of a filename, .Nm will read from the standard input. -Input is expected in the format: +Names read from a file must start with an address, hostname or CIDR network +range to be scanned. +Addresses and hostnames may optionally be followed by comma-separated name +or address aliases that will be copied to the output. +For example: .Bd -literal -1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4 +192.168.11.0/24 +10.20.1.1 +happy.example.org +10.0.0.1,sad.example.org .Ed .It Fl H Hash all hostnames and addresses in the output. @@ -138,6 +150,10 @@ Print the RSA host key for machine .Pp .Dl $ ssh-keyscan -t rsa hostname .Pp +Search a network range, printing all supported key types: +.Pp +.Dl $ ssh-keyscan 192.168.0.64/25 +.Pp Find all hosts from the file .Pa ssh_hosts which have new or different keys from those in the sorted file |