summaryrefslogtreecommitdiff
path: root/src/monkeysphere-ssh-proxycommand
blob: 30d511a19ebab2b47fe5159eb6e35410bfd7d249 (plain)
  1. #!/bin/sh -e
  2. # monkeysphere-ssh-proxycommand: MonkeySphere ssh ProxyCommand hook
  3. #
  4. # The monkeysphere scripts are written by:
  5. # Jameson Rollins <jrollins@fifthhorseman.net>
  6. #
  7. # They are Copyright 2008, and are all released under the GPL, version 3
  8. # or later.
  9. # This is meant to be run as an ssh ProxyCommand to initiate a
  10. # monkeysphere known_hosts update before an ssh connection to host is
  11. # established. Can be added to ~/.ssh/config as follows:
  12. # ProxyCommand monkeysphere-ssh-proxycommand %h %p
  13. usage() {
  14. cat <<EOF >&2
  15. usage: ssh -o ProxyCommand="$(basename $0) %h %p" ...
  16. EOF
  17. }
  18. log() {
  19. echo "$@" >&2
  20. }
  21. if [ "$1" = '--no-connect' ] ; then
  22. NO_CONNECT='true'
  23. shift 1
  24. fi
  25. HOST="$1"
  26. PORT="$2"
  27. MS_HOME=${MS_HOME:-"${HOME}/.config/monkeysphere"}
  28. if [ -z "$HOST" ] ; then
  29. log "host must be specified."
  30. usage
  31. exit 1
  32. fi
  33. if [ -z "$PORT" ] ; then
  34. PORT=22
  35. fi
  36. # set the host URI
  37. URI="ssh://${HOST}"
  38. if [ "$PORT" != '22' ] ; then
  39. URI="${URI}:${PORT}"
  40. fi
  41. # if the host is in the gpg keyring...
  42. if gpg --list-key ="${URI}" 2>&1 >/dev/null ; then
  43. # do not check the keyserver
  44. CHECK_KEYSERVER=${CHECK_KEYSERVER:-"false"}
  45. # if the host is NOT in the keyring...
  46. else
  47. # if the host key is found in the known_hosts file...
  48. # FIXME: this only works for default known_hosts location
  49. hostKey=$(ssh-keygen -F "$HOST")
  50. if [ "$hostKey" ] ; then
  51. # do not check the keyserver
  52. # FIXME: more nuanced checking should be done here to properly
  53. # take into consideration hosts that join monkeysphere by
  54. # converting an existing and known ssh key
  55. CHECK_KEYSERVER=${CHECK_KEYSERVER:-"false"}
  56. # if the host key is not found in the known_hosts file...
  57. else
  58. # check the keyserver
  59. CHECK_KEYSERVER=${CHECK_KEYSERVER:-"true"}
  60. fi
  61. fi
  62. export CHECK_KEYSERVER
  63. # update the known_hosts file for the host
  64. monkeysphere update-known_hosts "$HOST"
  65. # exec a netcat passthrough to host for the ssh connection
  66. if [ -z "$NO_CONNECT" ] ; then
  67. exec nc "$HOST" "$PORT"
  68. fi