diff options
| author | Jan Dittberner <jandd@cacert.org> | 2019-07-30 19:05:20 +0200 |
|---|---|---|
| committer | Jan Dittberner <jandd@cacert.org> | 2019-07-30 19:07:53 +0200 |
| commit | 89029c7b5ee92f37e23cf4822c32214beeda8609 (patch) | |
| tree | c544592011447d0519868e7934bec656d106d249 /tools | |
| parent | e27c17430797e8ea26a4ab36841c89f649fb7d0a (diff) | |
| download | cacert-infradocs-89029c7b5ee92f37e23cf4822c32214beeda8609.tar.gz cacert-infradocs-89029c7b5ee92f37e23cf4822c32214beeda8609.tar.xz cacert-infradocs-89029c7b5ee92f37e23cf4822c32214beeda8609.zip | |
Add support for SHA256 and MD5 host keys
Diffstat (limited to 'tools')
| -rw-r--r-- | tools/Pipfile.lock | 1 | ||||
| -rwxr-xr-x | tools/ssh_host_keys.py | 50 |
2 files changed, 32 insertions, 19 deletions
diff --git a/tools/Pipfile.lock b/tools/Pipfile.lock index 3f6324f..4736511 100644 --- a/tools/Pipfile.lock +++ b/tools/Pipfile.lock @@ -80,7 +80,6 @@ }, "pycparser": { "hashes": [ - "sha256:4a831916f8b9b204a9363868a7d75172bbb13010db1c6e2ffb11ef3161b1db7d", "sha256:a988718abfad80b6b157acce7bf130a30876d27603738ac39f140993246b25b3" ], "version": "==2.19" diff --git a/tools/ssh_host_keys.py b/tools/ssh_host_keys.py index ecc125e..9fa9d7f 100755 --- a/tools/ssh_host_keys.py +++ b/tools/ssh_host_keys.py @@ -5,33 +5,47 @@ import os.path import subprocess from glob import glob -SUPPORTED_SSH_KEY_TYPES = ('RSA', 'DSA', 'ECDSA', 'ED25519') +SUPPORTED_SSH_KEY_TYPES = ("RSA", "DSA", "ECDSA", "ED25519") +HASH_ALGORITHMS = ("SHA256", "MD5") -if __name__ == '__main__': +if __name__ == "__main__": parser = argparse.ArgumentParser( description=( - 'Convert a set of ssh host keys to the syntax expected by the ' - 'sshkeys directive of the CAcert infrastructure documentation')) - parser.add_argument( - 'root', metavar='ROOT', type=str, help='root directory' + "Convert a set of ssh host keys to the syntax expected by the " + "sshkeys directive of the CAcert infrastructure documentation" + ) ) + parser.add_argument("root", metavar="ROOT", type=str, help="root directory") args = parser.parse_args() keys = {} - for host_key in glob(os.path.join( - args.root, 'etc/ssh', 'ssh_host_*key.pub') - ): - fp = subprocess.check_output( - ['ssh-keygen', '-l', '-f', host_key]).strip().split() - keys[fp[3][1:-1].decode('ascii')] = fp[1].decode('ascii') + for host_key in glob(os.path.join(args.root, "etc/ssh", "ssh_host_*key.pub")): + for algorithm in HASH_ALGORITHMS: + fp = ( + subprocess.check_output( + ["ssh-keygen", "-l", "-E", algorithm, "-f", host_key] + ) + .decode("ascii") + .strip() + .split() + ) + key_type = fp[3][1:-1] + keys.setdefault(key_type, {}) + keys[key_type][algorithm] = fp[1] - max_length = max([len(key) for key in keys.keys() - if key in SUPPORTED_SSH_KEY_TYPES]) + max_length = max( + [len(key) for key in keys.keys() if key in SUPPORTED_SSH_KEY_TYPES] + ) print(".. sshkeys::") - for typ, key in [ - (typ, keys[typ]) for typ in SUPPORTED_SSH_KEY_TYPES - if typ in keys + for typ, key_dict in [ + (typ, keys[typ]) for typ in SUPPORTED_SSH_KEY_TYPES if typ in keys ]: - print(" :{}:{} {}".format(typ, ' ' * (max_length - len(typ)), key)) + print( + " :{}:{} {}".format( + typ, + " " * (max_length - len(typ)), + " ".join([key_dict[algorithm] for algorithm in HASH_ALGORITHMS]), + ) + ) |