do not try to add to known_hosts if HASH_KNOWN_HOSTS is true but ssh-keygen is not available (includes some comments about how to fix these corner cases).

author: Daniel Kahn Gillmor <dkg@fifthhorseman.net> 2010-04-17 20:16:52 -0400
committer: Daniel Kahn Gillmor <dkg@fifthhorseman.net> 2010-04-17 20:16:52 -0400
commit: de07dd810164ec5c3d5798b45f0b98f92f9d994d (patch)
tree: 6bc72babc2db83b5f6c9d3893a7fa05e1952c7de /src/share/m
parent: b91c4d0c37daa741d45271fa7e961220bacbe91a (diff)
1 files changed, 11 insertions, 1 deletions
diff --git a/src/share/m/ssh_proxycommand b/src/share/m/ssh_proxycommand
index 5f7a63b..5fb2ce4 100644
--- a/src/share/m/ssh_proxycommand
+++ b/src/share/m/ssh_proxycommand
@@ -237,7 +237,17 @@ else
         if (type ssh-keygen &>/dev/null) ; then
             hostKey=$(ssh-keygen -F "$HOST" -f "$KNOWN_HOSTS" 2>/dev/null)
         else
-            # FIXME: we're not dealing with digested known_hosts if we don't 
+            # FIXME: we're not dealing with digested known_hosts if we
+            # don't have ssh-keygen
+
+       # But we could do this without needing ssh-keygen.  hashed
+       # known_hosts looks like: |1|X|Y where 1 means SHA1 (nothing
+       # else is defined in openssh sources), X is the salt (same
+       # length as the digest output), base64-encoded, and Y is the
+       # digested hostname (also base64-encoded).
+
+       # see hostfile.{c,h} in openssh sources.
+
             hostKey=$(cut -f1 -d\  < .ssh/known_hosts | tr ',' '\n' | grep -Fx -e "$HOST" || :)
         fi
     fi
author	Daniel Kahn Gillmor <dkg@fifthhorseman.net>	2010-04-17 20:16:52 -0400
committer	Daniel Kahn Gillmor <dkg@fifthhorseman.net>	2010-04-17 20:16:52 -0400
commit	de07dd810164ec5c3d5798b45f0b98f92f9d994d (patch)
tree	6bc72babc2db83b5f6c9d3893a7fa05e1952c7de /src/share/m
parent	b91c4d0c37daa741d45271fa7e961220bacbe91a (diff)