From 1192588546c29ceec10775125f396555ea71850f Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 28 Oct 2022 02:29:34 +0000 Subject: upstream: allow ssh-keyscan(1) to accept CIDR address ranges, e.g. ssh-keyscan 192.168.0.0/24 If a CIDR range is passed, then it will be expanded to all possible addresses in the range including the all-0s and all-1s addresses. bz#976 feedback/ok markus@ OpenBSD-Commit-ID: ce6c5211f936ac0053fd4a2ddb415277931e6c4b --- ssh-keyscan.1 | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) (limited to 'ssh-keyscan.1') diff --git a/ssh-keyscan.1 b/ssh-keyscan.1 index 4eb0bea0..ca4feea2 100644 --- a/ssh-keyscan.1 +++ b/ssh-keyscan.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keyscan.1,v 1.46 2022/06/03 04:00:15 dtucker Exp $ +.\" $OpenBSD: ssh-keyscan.1,v 1.47 2022/10/28 02:29:34 djm Exp $ .\" .\" Copyright 1995, 1996 by David Mazieres . .\" @@ -6,7 +6,7 @@ .\" permitted provided that due credit is given to the author and the .\" OpenBSD project by leaving this copyright notice intact. .\" -.Dd $Mdocdate: June 3 2022 $ +.Dd $Mdocdate: October 28 2022 $ .Dt SSH-KEYSCAN 1 .Os .Sh NAME @@ -44,6 +44,11 @@ For scanning, one does not need login access to the machines that are being scanned, nor does the scanning process involve any encryption. .Pp +Hosts to be scanned may be specified by hostname, address or by CIDR +network range (e.g. 192.168.16/28). +If a network range is specified, then all addresses in that range will +be scanned. +.Pp The options are as follows: .Bl -tag -width Ds .It Fl 4 @@ -73,9 +78,16 @@ If is supplied instead of a filename, .Nm will read from the standard input. -Input is expected in the format: +Names read from a file must start with an address, hostname or CIDR network +range to be scanned. +Addresses and hostnames may optionally be followed by comma-separated name +or address aliases that will be copied to the output. +For example: .Bd -literal -1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4 +192.168.11.0/24 +10.20.1.1 +happy.example.org +10.0.0.1,sad.example.org .Ed .It Fl H Hash all hostnames and addresses in the output. @@ -138,6 +150,10 @@ Print the RSA host key for machine .Pp .Dl $ ssh-keyscan -t rsa hostname .Pp +Search a network range, printing all supported key types: +.Pp +.Dl $ ssh-keyscan 192.168.0.64/25 +.Pp Find all hosts from the file .Pa ssh_hosts which have new or different keys from those in the sorted file -- cgit v1.2.1