summaryrefslogtreecommitdiff
path: root/tools/ssh_host_keys.py
blob: 9fa9d7f51f3beb932d06a2b0302ba7b66ba5017e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
#!/usr/bin/env python3

import argparse
import os.path
import subprocess
from glob import glob

SUPPORTED_SSH_KEY_TYPES = ("RSA", "DSA", "ECDSA", "ED25519")
HASH_ALGORITHMS = ("SHA256", "MD5")


if __name__ == "__main__":
    parser = argparse.ArgumentParser(
        description=(
            "Convert a set of ssh host keys to the syntax expected by the "
            "sshkeys directive of the CAcert infrastructure documentation"
        )
    )
    parser.add_argument("root", metavar="ROOT", type=str, help="root directory")
    args = parser.parse_args()

    keys = {}
    for host_key in glob(os.path.join(args.root, "etc/ssh", "ssh_host_*key.pub")):
        for algorithm in HASH_ALGORITHMS:
            fp = (
                subprocess.check_output(
                    ["ssh-keygen", "-l", "-E", algorithm, "-f", host_key]
                )
                .decode("ascii")
                .strip()
                .split()
            )
            key_type = fp[3][1:-1]
            keys.setdefault(key_type, {})
            keys[key_type][algorithm] = fp[1]

    max_length = max(
        [len(key) for key in keys.keys() if key in SUPPORTED_SSH_KEY_TYPES]
    )

    print(".. sshkeys::")
    for typ, key_dict in [
        (typ, keys[typ]) for typ in SUPPORTED_SSH_KEY_TYPES if typ in keys
    ]:
        print(
            "   :{}:{} {}".format(
                typ,
                " " * (max_length - len(typ)),
                " ".join([key_dict[algorithm] for algorithm in HASH_ALGORITHMS]),
            )
        )