From 0b5afb98eba742712a30509778e3a1e73c16cea3 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Mon, 6 Aug 2001 22:01:29 +0000 Subject: [PATCH] - mpech@cvs.openbsd.org 2001/08/02 18:37:35 [ssh-keyscan.1] o) .Sh AUTHOR -> .Sh AUTHORS; o) .Sh EXAMPLE -> .Sh EXAMPLES; o) Delete .Sh OPTIONS. Text moved to .Sh DESCRIPTION; millert@ ok --- ChangeLog | 9 ++++++++- ssh-keyscan.1 | 25 +++++++++++++------------ 2 files changed, 21 insertions(+), 13 deletions(-) diff --git a/ChangeLog b/ChangeLog index ffcda8ce6..a40a47b4e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -125,6 +125,13 @@ - jakob@cvs.openbsd.org 2001/08/02 16:14:05 [scard.c ssh-agent.c ssh.c ssh-keygen.c] clean up some /* SMARTCARD */. ok markus@ + - mpech@cvs.openbsd.org 2001/08/02 18:37:35 + [ssh-keyscan.1] + o) .Sh AUTHOR -> .Sh AUTHORS; + o) .Sh EXAMPLE -> .Sh EXAMPLES; + o) Delete .Sh OPTIONS. Text moved to .Sh DESCRIPTION; + + millert@ ok 20010803 - (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on @@ -6235,4 +6242,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.1459 2001/08/06 21:59:25 mouring Exp $ +$Id: ChangeLog,v 1.1460 2001/08/06 22:01:29 mouring Exp $ diff --git a/ssh-keyscan.1 b/ssh-keyscan.1 index 328d95ab1..80119aa21 100644 --- a/ssh-keyscan.1 +++ b/ssh-keyscan.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keyscan.1,v 1.8 2001/06/23 17:48:18 itojun Exp $ +.\" $OpenBSD: ssh-keyscan.1,v 1.9 2001/08/02 18:37:35 mpech Exp $ .\" .\" Copyright 1995, 1996 by David Mazieres . .\" @@ -34,17 +34,8 @@ hosts can be collected in tens of seconds, even when some of those hosts are down or do not run ssh. You do not need login access to the machines you are scanning, nor does the scanning process involve any encryption. -.Sh SECURITY -If you make an ssh_known_hosts file using -.Nm -without verifying the keys, you will be vulnerable to -.I man in the middle -attacks. -On the other hand, if your security model allows such a risk, -.Nm -can help you detect tampered keyfiles or man in the middle attacks which -have begun after you created your ssh_known_hosts file. -.Sh OPTIONS +.Pp +The options are as follows: .Bl -tag -width Ds .It Fl t Set the timeout for connection attempts. If @@ -65,6 +56,16 @@ will read hosts or .Pa addrlist namelist pairs from the standard input. .El +.Sh SECURITY +If you make an ssh_known_hosts file using +.Nm +without verifying the keys, you will be vulnerable to +.I man in the middle +attacks. +On the other hand, if your security model allows such a risk, +.Nm +can help you detect tampered keyfiles or man in the middle attacks which +have begun after you created your ssh_known_hosts file. .Sh EXAMPLES Print the host key for machine .Pa hostname :