How to Use the Command 'ssh-keyscan' (with Examples)

How to Use the Command 'ssh-keyscan' (with Examples)

SSH, or Secure Shell, is a widely-used protocol for securely accessing and managing networked devices. The ssh-keyscan command-line utility is a valuable tool that retrieves public SSH keys from remote hosts. It helps administrators gather and verify public keys before establishing SSH connections, ensuring secure communication. This command is particularly useful for automating the gathering of host keys for SSH clients, enabling seamless and secure connections across diverse network environments.

Use Case 1: Retrieve All Public SSH Keys of a Remote Host

Code:

ssh-keyscan host

Motivation:

The primary motivation for using this command is to obtain the public SSH keys of a remote host quickly. This is particularly useful in environments where administrators need to verify or confirm the keys of a host before establishing an SSH session. It aids in ensuring that the connections are made to the intended devices and helps prevent man-in-the-middle attacks by verifying that the host’s key is as expected.

Explanation:

  • ssh-keyscan: This initiates the execution of the key scanning command.
  • host: This is the target remote host from which you want to retrieve the public SSH keys. This can be specified with a domain name or an IP address.

Example Output:

# 192.168.1.1 SSH-2.0-OpenSSH_7.9
192.168.1.1 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA7Q...
192.168.1.1 ssh-dss AAAAB3NzaC1kc3MAAACBAP1rgzd0e...

Use Case 2: Retrieve All Public SSH Keys of a Remote Host Listening on a Specific Port

Code:

ssh-keyscan -p port host

Motivation:

In situations where an SSH server runs on a non-standard port, it becomes necessary to specify the port to accurately query and retrieve the host’s public SSH keys. This use case is essential for environments that implement custom port configurations to enhance security through obscurity or to avoid port conflicts.

Explanation:

  • ssh-keyscan: Command to retrieve the SSH keys.
  • -p port: This option specifies the port number on which the SSH server is listening. It’s crucial when the server is not on the default port (22).
  • host: The remote host whose public keys are to be retrieved.

Example Output:

# 192.168.1.1:2222 SSH-2.0-OpenSSH_7.9
192.168.1.1:2222 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA7Q...

Use Case 3: Retrieve Certain Types of Public SSH Keys of a Remote Host

Code:

ssh-keyscan -t rsa,dsa,ecdsa,ed25519 host

Motivation:

This use case is particularly beneficial when there is a need to filter or prioritize specific types of public SSH keys. Different environments or applications might prefer different key types due to security policies, performance considerations, or compliance requirements. By specifying key types, administrators can ensure that they only retrieve and use keys that are applicable to their context.

Explanation:

  • ssh-keyscan: Runs the command to gather SSH keys.
  • -t rsa,dsa,ecdsa,ed25519: This option filters the output by specified key types. It ensures that only the desired types of keys (such as RSA, DSA, ECDSA, ED25519) are retrieved.
  • host: The host from which the specific types of keys are desired.

Example Output:

# 192.168.1.1 SSH-2.0-OpenSSH_7.9
192.168.1.1 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA7Q...
192.168.1.1 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAI...

Use Case 4: Manually Update the SSH known_hosts File with the Fingerprint of a Given Host

Code:

ssh-keyscan -H host >> ~/.ssh/known_hosts

Motivation:

A key motivation for this use case is the manual updating of the known_hosts file. The known_hosts file in SSH clients stores the fingerprints of known hosts to prevent MITM (Man-In-The-Middle) attacks. Automatically appending the host’s public key to this file ensures that future SSH connections can verify the fingerprint against those stored, adding a layer of security by maintaining a reliable list of trusted hosts.

Explanation:

  • ssh-keyscan: Executes the command to gather public keys.
  • -H: Hashes all hostnames and addresses in the output to ensure privacy.
  • host: Specifies the target host for which the keys should be obtained and stored.
  • >> ~/.ssh/known_hosts: Appends the retrieved host key into the SSH client’s known_hosts file, ensuring it is included without overwriting existing entries.

Example Output:

On running the command, there is no direct output to the console. Instead, the known_hosts file is updated with an entry similar to:

|1|wK2ljsj7Ju7ASdHD...|eN6Mz2OVDP0... ssh-rsa AAAAB3Nza...

Conclusion:

The ssh-keyscan command serves as a powerful tool to simplify and secure the process of retrieving, verifying, and managing SSH keys from remote hosts. By offering flexibility in terms of key types, ports, and automated updates to the known_hosts file, it plays an essential role in maintaining the integrity and security of SSH connections across different network setups.

Tags :

Related Posts

How to use the command 'clang++' (with examples)

How to use the command 'clang++' (with examples)

Clang++ is a compiler tool that is a part of the LLVM project, designed specifically for compiling C++ source files.

Read More
Managing Azure Resource Providers with 'az provider' (with examples)

Managing Azure Resource Providers with 'az provider' (with examples)

The az provider command is a powerful tool found within Azure’s command-line interface (CLI), commonly known as azure-cli or az.

Read More
How to use the command 'qm import disk' (with examples)

How to use the command 'qm import disk' (with examples)

The command qm import disk, which is an alias of qm disk import, is used in virtualization environments to attach or import a specific disk image file to a virtual machine (VM).

Read More