summaryrefslogtreecommitdiff
path: root/src/share/m/ssh_proxycommand
diff options
context:
space:
mode:
authorDaniel Kahn Gillmor <dkg@fifthhorseman.net>2010-04-17 17:30:18 -0400
committerDaniel Kahn Gillmor <dkg@fifthhorseman.net>2010-04-17 17:30:18 -0400
commitb91c4d0c37daa741d45271fa7e961220bacbe91a (patch)
tree4c7c5cb03c8d51addfa93e35fed249d7a41927c1 /src/share/m/ssh_proxycommand
parentf4d3bc45faeb18bf89313fbb446b1eee77501797 (diff)
degrade gracefully in the absence of ssh
Diffstat (limited to 'src/share/m/ssh_proxycommand')
-rw-r--r--src/share/m/ssh_proxycommand27
1 files changed, 18 insertions, 9 deletions
diff --git a/src/share/m/ssh_proxycommand b/src/share/m/ssh_proxycommand
index 96326da..5f7a63b 100644
--- a/src/share/m/ssh_proxycommand
+++ b/src/share/m/ssh_proxycommand
@@ -24,11 +24,7 @@ show_key_info() {
local otherUids
# get the ssh key of the gpg key
- sshKeyGPGFile=$(msmktempfile)
- gpg2ssh "$keyid" >"$sshKeyGPGFile"
- sshFingerprint=$(ssh-keygen -l -f "$sshKeyGPGFile" | \
- awk '{ print $2 }')
- rm -f "$sshKeyGPGFile"
+ sshFingerprint=$(gpg2ssh "$keyid" | "$SYSSHAREDIR/keytrans" sshfpr)
# get the sigs for the matching key
gpgSigOut=$(gpg_user --check-sigs \
@@ -83,9 +79,12 @@ output_no_valid_key() {
LOG_PREFIX=
+ # if we don't have ssh-keyscan, we just don't scan:
+ if ( type ssh-keyscan &>/dev/null ) ; then
# retrieve the ssh key being offered by the host
- sshKeyOffered=$(ssh-keyscan -t rsa -p "$PORT" "$HOST" 2>/dev/null \
- | awk '{ print $2, $3 }')
+ sshKeyOffered=$(ssh-keyscan -t rsa -p "$PORT" "$HOST" 2>/dev/null \
+ | awk '{ print $2, $3 }')
+ fi
# get the gpg info for userid
gpgOut=$(gpg_user --list-key --fixed-list-mode --with-colon \
@@ -190,6 +189,7 @@ EOF
# the ssh proxycommand function itself
ssh_proxycommand() {
+local hostKey
if [ "$1" = '--no-connect' ] ; then
NO_CONNECT='true'
@@ -230,8 +230,17 @@ if gpg_user --list-key ="${URI}" &>/dev/null ; then
# if the host is NOT in the keyring...
else
- # if the host key is found in the known_hosts file...
- hostKey=$( [ ! -r "$KNOWN_HOSTS" ] || ssh-keygen -F "$HOST" -f "$KNOWN_HOSTS" 2>/dev/null)
+ # FIXME: what about system-wide known_hosts file (/etc/ssh/known_hosts)?
+
+ if [ -r "$KNOWN_HOSTS" ]; then
+ # look up the host key is found in the known_hosts file...
+ if (type ssh-keygen &>/dev/null) ; then
+ hostKey=$(ssh-keygen -F "$HOST" -f "$KNOWN_HOSTS" 2>/dev/null)
+ else
+ # FIXME: we're not dealing with digested known_hosts if we don't
+ hostKey=$(cut -f1 -d\ < .ssh/known_hosts | tr ',' '\n' | grep -Fx -e "$HOST" || :)
+ fi
+ fi
if [ "$hostKey" ] ; then
# do not check the keyserver