X-Git-Url: https://git.openstreetmap.org./dns.git/blobdiff_plain/21ccf33f2bc9942054a26a0f3ff11349e9f44963..6f12558ccfce58c00f7a5709aa4b2fdab6b44b47:/bin/mksshfp diff --git a/bin/mksshfp b/bin/mksshfp index 56c7bbb..f3b6d1a 100755 --- a/bin/mksshfp +++ b/bin/mksshfp @@ -1,32 +1,63 @@ #!/usr/bin/perl +use strict; +use warnings; -open(SSHFP_JS, ">", "include/sshfp.js") || die $!; +use Digest::SHA qw(sha256_hex); +use MIME::Base64; -print SSHFP_JS qq|var SSHFP_RECORDS = [\n|; +my %hosts; if (-f "/etc/ssh/ssh_known_hosts") { - open(SSHFP, "-|","sshfp", "-k", "/etc/ssh/ssh_known_hosts") || die $!; + open(HOSTS, "<", "/etc/ssh/ssh_known_hosts") || die $!; - while (my $line = ) + while (my $line = ) { - if ($line =~ /^(\S+) IN SSHFP (\d+) (\d+) ([0-9A-F]+)$/) + last if $line =~ /^# Manually maintained records$/; + + if ($line =~ /^([^, ]+)\S* (\S+) (\S+)$/) { my $host = $1; my $algorithm = $2; - my $type = $3; - my $value = $4; + my $value = uc(sha256_hex(decode_base64($3))); + + $host =~ s/\.openstreetmap\.org$//; - print SSHFP_JS qq| SSHFP("${host}", ${algorithm}, ${type}, "${value}");\n|; + if ($algorithm ne "2") + { + $hosts{$host} ||= {}; + + $hosts{$host}->{$algorithm} = $value; + } } - else + } + + close(HOSTS); +} + +open(SSHFP_JS, ">", "include/sshfp.js") || die $!; + +print SSHFP_JS qq|var SSHFP_RECORDS = [\n|; + +foreach my $host (sort keys %hosts) +{ + if ($hosts{$host}->{"ecdsa-sha2-nistp256"} || $hosts{$host}->{"ssh-ed25519"}) + { + if ($hosts{$host}->{"ecdsa-sha2-nistp256"}) { - warn $line; + print SSHFP_JS sshfp_record($host, "3", $hosts{$host}->{"ecdsa-sha2-nistp256"}); } - } - close(SSHFP); + if ($hosts{$host}->{"ssh-ed25519"}) + { + print SSHFP_JS sshfp_record($host, "4", $hosts{$host}->{"ssh-ed25519"}); + } + } + elsif ($hosts{$host}->{"ssh-rsa"}) + { + print SSHFP_JS sshfp_record($host, "1", $hosts{$host}->{"ssh-rsa"}); + } } print SSHFP_JS qq|];\n|; @@ -34,3 +65,12 @@ print SSHFP_JS qq|];\n|; close(SSHFP_JS); exit 0; + +sub sshfp_record +{ + my $host = shift; + my $algorithm = shift; + my $value = shift; + + return qq| SSHFP("${host}", ${algorithm}, 2, "${value}"),\n|; +}