From 5cb9bb25504443db84ea4b33ebcda7fe0b60bb2b Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 1 Mar 2005 10:42:50 +0000 Subject: add tools for managing known_hosts files with hashed hostnames, including hashing existing files and deleting hosts by name; ok markus@ deraadt@ --- usr.bin/ssh/ssh-keygen.1 | 43 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 42 insertions(+), 1 deletion(-) (limited to 'usr.bin/ssh/ssh-keygen.1') diff --git a/usr.bin/ssh/ssh-keygen.1 b/usr.bin/ssh/ssh-keygen.1 index c0f24dcd0be..f4c5ebcb89f 100644 --- a/usr.bin/ssh/ssh-keygen.1 +++ b/usr.bin/ssh/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.63 2004/08/13 00:01:43 jmc Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.64 2005/03/01 10:42:49 djm Exp $ .\" .\" -*- nroff -*- .\" @@ -81,6 +81,15 @@ .Nm ssh-keygen .Fl D Ar reader .Nm ssh-keygen +.Fl F Ar hostname +.Op Fl f Ar known_hosts_file +.Nm ssh-keygen +.Fl H +.Op Fl f Ar known_hosts_file +.Nm ssh-keygen +.Fl R Ar hostname +.Op Fl f Ar known_hosts_file +.Nm ssh-keygen .Fl U Ar reader .Op Fl f Ar input_keyfile .Nm ssh-keygen @@ -243,6 +252,38 @@ Provides the new comment. .It Fl D Ar reader Download the RSA public key stored in the smartcard in .Ar reader . +.It Fl F Ar hostname +Search for the specified +.Ar hostname +in a +.Pa known_hosts +file, listing any occurances found. +This option is useful to find hashed host names or addresses and may also be +used in conjunction with the +.Fl H +option to print found keys in a hashed format. +.It Fl H +Hash a +.Pa known_hosts +file, printing the result to standard output. +This replaces all hostnames and addresses with hashed representations. +These hashes may be used normally by +.Nm ssh +and +.Nm sshd , +but they do not reveal identifying information should the file's contents +be disclosed. +This option will not modify existing hashed hostnames and is therefore safe +to use on files that mix hashed and non-hashed names. +.It Fl R Ar hostname +Removes all keys belonging to +.Ar hostname +from a +.Pa known_hosts +file. +This option is useful to delete hashed hosts (see the +.Fl H +option above). .It Fl G Ar output_file Generate candidate primes for DH-GEX. These primes must be screened for -- cgit v1.2.3