Description

ssh-keyscan is a command for gathering the public host keys for a number of hosts. It aids in building and verifying ssh_known_hosts files. ssh-keyscan provides a minimal interface suitable for use by shell and Perl scripts.

ssh-keyscan uses non-blocking socket I/O to contact as many hosts as possible in parallel, so it is very efficient. For successful host key collection, you do not need login access to the machines that are being scanned, nor does the scanning process involve any encryption.

If a machine being scanned is down or is not running sshd, the public key information cannot be collected for that machine. The return value is not altered and a warning message might be displayed.

ssh-keyscan hostname1 hostname2  
hostname1: exception!  
(hostname2’s rsa key displayed here)