efda2350a9
Currently cloud-init writes something like this to console output: ec2: ############################################################# ec2: -----BEGIN SSH HOST KEY FINGERPRINTS----- ec2: 2048 78:ae:f3:91:04:6f:8d:ee:ef:e1:2d:72:83:6a:d0:82 root@h (RSA) ec2: 1024 d3:b6:32:64:22:d4:43:05:f9:25:b4:f3:65:4e:e2:51 root@h (DSA) ec2: -----END SSH HOST KEY FINGERPRINTS----- ec2: ############################################################# the key fingerprints are useful for humans to read, but not so useful for machines, as you cannot populate a KnownHostsFile (~/.ssh/known_hosts) from the data there. This change adds output like: -----BEGIN SSH HOST KEY KEYS----- ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdH......STI= root@h ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYRIQe6m......tWF3 root@h -----END SSH HOST KEY KEYS----- Those lines can easily be grabbed and appended to a known_hosts file.
29 lines
863 B
Bash
Executable File
29 lines
863 B
Bash
Executable File
#!/bin/sh
|
|
fp_blist=",${1},"
|
|
key_blist=",${2},"
|
|
{
|
|
echo
|
|
echo "#############################################################"
|
|
echo "-----BEGIN SSH HOST KEY FINGERPRINTS-----"
|
|
for f in /etc/ssh/ssh_host_*key.pub; do
|
|
[ -f "$f" ] || continue
|
|
read ktype line < "$f"
|
|
# skip the key if its type is in the blacklist
|
|
[ "${fp_blist#*,$ktype,}" = "${fp_blist}" ] || continue
|
|
ssh-keygen -l -f "$f"
|
|
done
|
|
echo "-----END SSH HOST KEY FINGERPRINTS-----"
|
|
echo "#############################################################"
|
|
|
|
} | logger -p user.info -s -t "ec2"
|
|
|
|
echo -----BEGIN SSH HOST KEY KEYS-----
|
|
for f in /etc/ssh/ssh_host_*key.pub; do
|
|
[ -f "$f" ] || continue
|
|
read ktype line < "$f"
|
|
# skip the key if its type is in the blacklist
|
|
[ "${key_blist#*,$ktype,}" = "${key_blist}" ] || continue
|
|
cat $f
|
|
done
|
|
echo -----END SSH HOST KEY KEYS-----
|