ssh-keyscan #

扫描远程主机ssh公钥。

bash
ssh-keyscan [-H] [-f file] [-p port] [host | addrlist namelist] ...

Options:
    -H    Hash all hostnames and addresses in the output.
    -f file    Read hosts or “addrlist namelist” pairs from file, one per line. “-” means reading from stdin.
    -p port    Port to connect to on the remote host.
    -T timeout    Set the timeout seconds for connection attempts.
    -t type    The possible values are “dsa”, “ecdsa”, “ed25519”, or “rsa”.

样例 1（使用22默认端口号）:

text
ssh-keyscan xxx.com

输出:
# xxx.com:22 SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.7
xxx.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABA....
# xxx.com:22 SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.7
xxx.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAy....
# xxx.com:22 SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.7
xxx.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAA....

样例 2（使用非默认端口号12345）:

text
ssh-keyscan -p 12345 xxx.com

输出同上。

样例 3（使用非默认端口12345、主机名哈希化、只输出ecdsa算法公钥）:

text
ssh-keyscan -p 12345 -H -t ecdsa xxx.com 2>/dev/null

输出:
|1|GJuNazV45jEWh7TxpQD3eCHAcsI=|mgnSant/m5YYEOdRnQA5vpsA8To= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAy....