add tools for managing known_hosts files with hashed hostnames, including

hashing existing files and deleting hosts by name; ok markus@ deraadt@

1 files changed, 42 insertions, 1 deletions

diff --git a/usr.bin/ssh/ssh-keygen.1 b/usr.bin/ssh/ssh-keygen.1
index c0f24dcd0be..f4c5ebcb89f 100644
--- a/usr.bin/ssh/ssh-keygen.1
+++ b/usr.bin/ssh/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: ssh-keygen.1,v 1.63 2004/08/13 00:01:43 jmc Exp $
+.\"	$OpenBSD: ssh-keygen.1,v 1.64 2005/03/01 10:42:49 djm Exp $
 .\"
 .\"  -*- nroff -*-
 .\"
@@ -81,6 +81,15 @@
 .Nm ssh-keygen
 .Fl D Ar reader
 .Nm ssh-keygen
+.Fl F Ar hostname
+.Op Fl f Ar known_hosts_file
+.Nm ssh-keygen
+.Fl H
+.Op Fl f Ar known_hosts_file
+.Nm ssh-keygen
+.Fl R Ar hostname
+.Op Fl f Ar known_hosts_file
+.Nm ssh-keygen
 .Fl U Ar reader
 .Op Fl f Ar input_keyfile
 .Nm ssh-keygen
@@ -243,6 +252,38 @@ Provides the new comment.
 .It Fl D Ar reader
 Download the RSA public key stored in the smartcard in
 .Ar reader .
+.It Fl F Ar hostname
+Search for the specified
+.Ar hostname
+in a
+.Pa known_hosts
+file, listing any occurances found.
+This option is useful to find hashed host names or addresses and may also be
+used in conjunction with the
+.Fl H
+option to print found keys in a hashed format.
+.It Fl H
+Hash a
+.Pa known_hosts
+file, printing the result to standard output.
+This replaces all hostnames and addresses with hashed representations.
+These hashes may be used normally by
+.Nm ssh
+and
+.Nm sshd ,
+but they do not reveal identifying information should the file's contents
+be disclosed.
+This option will not modify existing hashed hostnames and is therefore safe 
+to use on files that mix hashed and non-hashed names.
+.It Fl R Ar hostname
+Removes all keys belonging to
+.Ar hostname
+from a 
+.Pa known_hosts
+file.
+This option is useful to delete hashed hosts (see the 
+.Fl H
+option above).
 .It Fl G Ar output_file
 Generate candidate primes for DH-GEX.
 These primes must be screened for