Path: csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!goblin2!goblin3!goblin.stu.neva.ru!odin.sdf-eu.org!.POSTED!not-for-mail From: dagon@dagon.net (Dagon) Newsgroups: comp.security.ssh Subject: Re: ssh-keyscan output format lacks IP address, does not produce usable results Date: Thu, 5 May 2011 09:12:06 -0700 Organization: Dagon.net Lines: 22 Message-ID: References: <075d0a93-64bd-412e-9eeb-55161efa30ff@q21g2000vbs.googlegroups.com> NNTP-Posting-Host: sverige.freeshell.org X-Trace: odin.sdf-eu.org 1304625334 23021 192.94.73.4 (5 May 2011 19:55:34 GMT) X-Complaints-To: usenet@odin.sdf-eu.org NNTP-Posting-Date: Thu, 5 May 2011 19:55:34 +0000 (UTC) mail-copies-to: never x-fastest-land-animal: cheetah disclaimer: bears author this post for full responsibility X-Newsreader: trn 4.0-test77 (Sep 1, 2010) Originator: dagon@dagon.net (Dagon) Xref: x330-a1.tempe.blueboxinc.net comp.security.ssh:77 Nico Kadel-Garcia wrote: >It's trivial to use 'ssh-keyscan'' go get the hostkeys, but it's a bit >awkward to stuff the IP addresses into them so that they're actually >accepted as valid keys. Huh? the host key format has IP or hostname as the first thing in the line, and that's what ssh-keyscan gives as well. >Not having the IP address listed causes the >keys to be ignore. I'm working with this squeeze release today: >It's a few lines of perl or shell, and I'd written it in shell, but >the "$" and "/" characters in the fingerprints is confounding my >ordinary shell output, so I thought I'd ask if someone has a widget to >do that. If you want IP rather than name, you can use IP on the ssh-keyscan commandline and it's stored that way. Heck, if you want both, that works too: ssh-keyscan foop.dagon.net,127.0.0.1 -- Mark Rafn dagon@dagon.net