SSH

 

ssh-keyscan - gather ssh public keys from servers

/etc/ssh/ssh_config => HostKey 有系统内置的key

 

 

 

options

-c Request certificates from target hosts instead of plain keys

-D Print keys found as SSHFP DNS records. The default is to print keys in a format usable as a ssh known_hosts file

-H Hash all hostnames and addresses in the output. Hashed names may be used normally by ssh and sshd

 

 

-t type Specify the type of the key to fetch from the scanned hosts. The possible values are `dsa` `ecdsa` `ed25519` `rsa`. Multiple values may be specified by separating them with commas. The default is to fetch `rsa` `ecdsa` `ed25519`

 

 

 

 

ssh-keygen

-R Remove all public keys belonging to the specified hostname (with optional port number) from known_hosts (default ~/.ssh/known_hosts), this option is useful to delete hashed hosts

 

-H Hash a known_hosts file. This replaces all hostnames and addresses with hashed representation within the specified file

-l Show fingerprint of specified public key file. For RSA and DSA keys ssh-keygen tries to find the matching key file and prints its fingerprint. If combined with -v, a visual ASCII art representation of the key is supplied with the fingerprint

-E fingerprint_hash Specifies the hash algorithm used when displaying key fingerprints. Valid options are: `md5` AND `sha256`. The default is `sha256`

 

-r hostname Print the SSFP fingerprint resource record named hostname for the specified public key file, -f 不指定, 寻找/etc/ssh/ssh_host_*_key, hostname 随便

 

-e This option will read a private or public OpenSSH key file and print to stdout a public key in one of the formats specified by the -m option. The default export format is `RFC4716`. This option allows exporting OpenSSH keys for use by other programs, including several commercial SSH implementations 

-m key_format Specify a key format for key generation, the -i (import) -e (export) conversion options, and the -p change passphrase operation. The latter may be used to convert between OpenSSH private key and PEM private key formats

-y This option will read a private OpenSSH format file and print an OpenSSH public key to stdout

-p Requests changing the passphrase of a private key file instead of creating a new private key