The ssh-keyscan command is a utility for collecting public host keys from a number of hosts. It is typically used for adding public keys to a known_hosts file, which is used to verify the identity of hosts that a user connects to via SSH. This command is also used to gather public keys for use in other applications, such as automated deployment scripts.
Overview
The basic syntax for the ssh-keyscan command is as follows:
ssh-keyscan [options] hostname
The command will connect to the specified hostname and retrieve the public host key. By default, the public key is printed to standard output. If you want to add the key to your known_hosts file, you can redirect the output to the file using the >> operator.
Here is an example of using ssh-keyscan to retrieve the public key for a host:
ssh-keyscan example.com
This will output the public key for example.com to the terminal.
You can also specify multiple hostnames on the command line to retrieve public keys for multiple hosts:
ssh-keyscan example.com example.net example.org
This will output the public keys for example.com, example.net, and example.org to the terminal.
If you want to retrieve the public key for a host on a non-standard port, you can specify the port number using the -p option:
ssh-keyscan -p 2222 example.com
This will retrieve the public key for example.com on port 2222.
Options
The following table lists the available options for the ssh-keyscan command:
| Option | Description |
|---|---|
-4 |
Forces ssh-keyscan to use IPv4 addresses only. |
-6 |
Forces ssh-keyscan to use IPv6 addresses only. |
-p port |
Specifies the port number to use when connecting to the host. |
-T timeout |
Sets the timeout for the connection attempt. |
-t type |
Specifies the type of key to retrieve. Valid types are rsa1, rsa, dsa, ecdsa, and ed25519. |
-v |
Verbose mode. Prints debugging information to standard error. |
Troubleshooting tips
- If you are having trouble retrieving the public key for a host, make sure that the host is running an SSH server and that it is configured to allow connections from your machine.
- If you are having trouble adding the public key to your known_hosts file, make sure that the file exists and that you have permission to write to it.
- If you are having trouble with the syntax of the command, refer to the
manpage forssh-keyscanfor more information.
Notes
- The
ssh-keyscancommand is typically used in scripts and other automated processes to retrieve public keys for multiple hosts. - The
ssh-keyscancommand does not perform any authentication or encryption. It simply retrieves the public key for a host and prints it to standard output.