summaryrefslogtreecommitdiff
path: root/tools
diff options
context:
space:
mode:
authorJan Dittberner <jandd@cacert.org>2019-07-30 19:05:20 +0200
committerJan Dittberner <jandd@cacert.org>2019-07-30 19:07:53 +0200
commit89029c7b5ee92f37e23cf4822c32214beeda8609 (patch)
treec544592011447d0519868e7934bec656d106d249 /tools
parente27c17430797e8ea26a4ab36841c89f649fb7d0a (diff)
downloadcacert-infradocs-89029c7b5ee92f37e23cf4822c32214beeda8609.tar.gz
cacert-infradocs-89029c7b5ee92f37e23cf4822c32214beeda8609.tar.xz
cacert-infradocs-89029c7b5ee92f37e23cf4822c32214beeda8609.zip
Add support for SHA256 and MD5 host keys
Diffstat (limited to 'tools')
-rw-r--r--tools/Pipfile.lock1
-rwxr-xr-xtools/ssh_host_keys.py50
2 files changed, 32 insertions, 19 deletions
diff --git a/tools/Pipfile.lock b/tools/Pipfile.lock
index 3f6324f..4736511 100644
--- a/tools/Pipfile.lock
+++ b/tools/Pipfile.lock
@@ -80,7 +80,6 @@
},
"pycparser": {
"hashes": [
- "sha256:4a831916f8b9b204a9363868a7d75172bbb13010db1c6e2ffb11ef3161b1db7d",
"sha256:a988718abfad80b6b157acce7bf130a30876d27603738ac39f140993246b25b3"
],
"version": "==2.19"
diff --git a/tools/ssh_host_keys.py b/tools/ssh_host_keys.py
index ecc125e..9fa9d7f 100755
--- a/tools/ssh_host_keys.py
+++ b/tools/ssh_host_keys.py
@@ -5,33 +5,47 @@ import os.path
import subprocess
from glob import glob
-SUPPORTED_SSH_KEY_TYPES = ('RSA', 'DSA', 'ECDSA', 'ED25519')
+SUPPORTED_SSH_KEY_TYPES = ("RSA", "DSA", "ECDSA", "ED25519")
+HASH_ALGORITHMS = ("SHA256", "MD5")
-if __name__ == '__main__':
+if __name__ == "__main__":
parser = argparse.ArgumentParser(
description=(
- 'Convert a set of ssh host keys to the syntax expected by the '
- 'sshkeys directive of the CAcert infrastructure documentation'))
- parser.add_argument(
- 'root', metavar='ROOT', type=str, help='root directory'
+ "Convert a set of ssh host keys to the syntax expected by the "
+ "sshkeys directive of the CAcert infrastructure documentation"
+ )
)
+ parser.add_argument("root", metavar="ROOT", type=str, help="root directory")
args = parser.parse_args()
keys = {}
- for host_key in glob(os.path.join(
- args.root, 'etc/ssh', 'ssh_host_*key.pub')
- ):
- fp = subprocess.check_output(
- ['ssh-keygen', '-l', '-f', host_key]).strip().split()
- keys[fp[3][1:-1].decode('ascii')] = fp[1].decode('ascii')
+ for host_key in glob(os.path.join(args.root, "etc/ssh", "ssh_host_*key.pub")):
+ for algorithm in HASH_ALGORITHMS:
+ fp = (
+ subprocess.check_output(
+ ["ssh-keygen", "-l", "-E", algorithm, "-f", host_key]
+ )
+ .decode("ascii")
+ .strip()
+ .split()
+ )
+ key_type = fp[3][1:-1]
+ keys.setdefault(key_type, {})
+ keys[key_type][algorithm] = fp[1]
- max_length = max([len(key) for key in keys.keys()
- if key in SUPPORTED_SSH_KEY_TYPES])
+ max_length = max(
+ [len(key) for key in keys.keys() if key in SUPPORTED_SSH_KEY_TYPES]
+ )
print(".. sshkeys::")
- for typ, key in [
- (typ, keys[typ]) for typ in SUPPORTED_SSH_KEY_TYPES
- if typ in keys
+ for typ, key_dict in [
+ (typ, keys[typ]) for typ in SUPPORTED_SSH_KEY_TYPES if typ in keys
]:
- print(" :{}:{} {}".format(typ, ' ' * (max_length - len(typ)), key))
+ print(
+ " :{}:{} {}".format(
+ typ,
+ " " * (max_length - len(typ)),
+ " ".join([key_dict[algorithm] for algorithm in HASH_ALGORITHMS]),
+ )
+ )