Add support for SHA256 and MD5 host keys
authorJan Dittberner <jandd@cacert.org>
Tue, 30 Jul 2019 17:05:20 +0000 (19:05 +0200)
committerJan Dittberner <jandd@cacert.org>
Tue, 30 Jul 2019 17:07:53 +0000 (19:07 +0200)
tools/Pipfile.lock
tools/ssh_host_keys.py

index 3f6324f..4736511 100644 (file)
@@ -80,7 +80,6 @@
         },
         "pycparser": {
             "hashes": [
-                "sha256:4a831916f8b9b204a9363868a7d75172bbb13010db1c6e2ffb11ef3161b1db7d",
                 "sha256:a988718abfad80b6b157acce7bf130a30876d27603738ac39f140993246b25b3"
             ],
             "version": "==2.19"
index ecc125e..9fa9d7f 100755 (executable)
@@ -5,33 +5,47 @@ import os.path
 import subprocess
 from glob import glob
 
-SUPPORTED_SSH_KEY_TYPES = ('RSA', 'DSA', 'ECDSA', 'ED25519')
+SUPPORTED_SSH_KEY_TYPES = ("RSA", "DSA", "ECDSA", "ED25519")
+HASH_ALGORITHMS = ("SHA256", "MD5")
 
 
-if __name__ == '__main__':
+if __name__ == "__main__":
     parser = argparse.ArgumentParser(
         description=(
-            'Convert a set of ssh host keys to the syntax expected by the '
-            'sshkeys directive of the CAcert infrastructure documentation'))
-    parser.add_argument(
-        'root', metavar='ROOT', type=str, help='root directory'
+            "Convert a set of ssh host keys to the syntax expected by the "
+            "sshkeys directive of the CAcert infrastructure documentation"
+        )
     )
+    parser.add_argument("root", metavar="ROOT", type=str, help="root directory")
     args = parser.parse_args()
 
     keys = {}
-    for host_key in glob(os.path.join(
-        args.root, 'etc/ssh', 'ssh_host_*key.pub')
-    ):
-        fp = subprocess.check_output(
-            ['ssh-keygen', '-l', '-f', host_key]).strip().split()
-        keys[fp[3][1:-1].decode('ascii')] = fp[1].decode('ascii')
+    for host_key in glob(os.path.join(args.root, "etc/ssh", "ssh_host_*key.pub")):
+        for algorithm in HASH_ALGORITHMS:
+            fp = (
+                subprocess.check_output(
+                    ["ssh-keygen", "-l", "-E", algorithm, "-f", host_key]
+                )
+                .decode("ascii")
+                .strip()
+                .split()
+            )
+            key_type = fp[3][1:-1]
+            keys.setdefault(key_type, {})
+            keys[key_type][algorithm] = fp[1]
 
-    max_length = max([len(key) for key in keys.keys()
-                      if key in SUPPORTED_SSH_KEY_TYPES])
+    max_length = max(
+        [len(key) for key in keys.keys() if key in SUPPORTED_SSH_KEY_TYPES]
+    )
 
     print(".. sshkeys::")
-    for typ, key in [
-        (typ, keys[typ]) for typ in SUPPORTED_SSH_KEY_TYPES
-        if typ in keys
+    for typ, key_dict in [
+        (typ, keys[typ]) for typ in SUPPORTED_SSH_KEY_TYPES if typ in keys
     ]:
-        print("   :{}:{} {}".format(typ, ' ' * (max_length - len(typ)), key))
+        print(
+            "   :{}:{} {}".format(
+                typ,
+                " " * (max_length - len(typ)),
+                " ".join([key_dict[algorithm] for algorithm in HASH_ALGORITHMS]),
+            )
+        )