cc47e6d005
In the previous commit to htis file I had wrapped the writing of 'BEGIN SSH HOST KEY KEYS' to go through logger. This would cause the keys to be prefixed with 'ec2:' which, previously they were not. That would break existing users *and* make it more difficult to consume that data, which was explicitly added to be easy to consume.
30 lines
879 B
Bash
Executable File
30 lines
879 B
Bash
Executable File
#!/bin/sh
|
|
exec 2>&1
|
|
fp_blist=",${1},"
|
|
key_blist=",${2},"
|
|
{
|
|
echo
|
|
echo "#############################################################"
|
|
echo "-----BEGIN SSH HOST KEY FINGERPRINTS-----"
|
|
for f in /etc/ssh/ssh_host_*key.pub; do
|
|
[ -f "$f" ] || continue
|
|
read ktype line < "$f"
|
|
# skip the key if its type is in the blacklist
|
|
[ "${fp_blist#*,$ktype,}" = "${fp_blist}" ] || continue
|
|
ssh-keygen -l -f "$f"
|
|
done
|
|
echo "-----END SSH HOST KEY FINGERPRINTS-----"
|
|
echo "#############################################################"
|
|
|
|
} | logger -p user.info --stderr -t "ec2"
|
|
|
|
echo -----BEGIN SSH HOST KEY KEYS-----
|
|
for f in /etc/ssh/ssh_host_*key.pub; do
|
|
[ -f "$f" ] || continue
|
|
read ktype line < "$f"
|
|
# skip the key if its type is in the blacklist
|
|
[ "${key_blist#*,$ktype,}" = "${key_blist}" ] || continue
|
|
cat $f
|
|
done
|
|
echo -----END SSH HOST KEY KEYS-----
|