X-Git-Url: https://git.openstreetmap.org./dns.git/blobdiff_plain/92c136c904be9197783db936f54082355730d300..99e12dae0a382ae776367a12af0c6e174cf49f39:/bin/mksshfp diff --git a/bin/mksshfp b/bin/mksshfp index 7c0f518..0e0027c 100755 --- a/bin/mksshfp +++ b/bin/mksshfp @@ -1,36 +1,80 @@ #!/usr/bin/perl +use strict; +use warnings; -open(SSHFP_JS, ">", "include/sshfp.js") || die $!; +use Digest::SHA qw(sha256_hex); +use MIME::Base64; -print SSHFP_JS qq|var SSHFP_RECORDS = [\n|; +my %algorithms = ( + "ssh-rsa" => "1", + "ssh-dss" => "2", + "ecdsa-sha2-nistp256" => "3", + "ssh-ed25519" => "4" +); + +my %hosts; if (-f "/etc/ssh/ssh_known_hosts") { - open(SSHFP, "-|","sshfp", "-k", "/etc/ssh/ssh_known_hosts") || die $!; + open(HOSTS, "<", "/etc/ssh/ssh_known_hosts") || die $!; - while (my $line = ) + while (my $line = ) { - if ($line =~ /^(\S+) IN SSHFP (\d+) (\d+) ([0-9A-F]+)$/) + if ($line =~ /^([^, ]+)\S* (\S+) (\S+)$/) { my $host = $1; - my $algorithm = $2; - my $type = $3; - my $value = $4; + my $algorithm = $algorithms{$2}; + my $value = uc(sha256_hex(decode_base64($3))); - if ($type == 2 && - ($algorithm == 3 || $algorithm == 4)) + $host =~ s/\.openstreetmap\.org$//; + + if ($algorithm ne "2") { - print SSHFP_JS qq| SSHFP("${host}", ${algorithm}, ${type}, "${value}"),\n|; + my $wanted = 0; + + if (exists($hosts{$host})) + { + if ($algorithm eq "3") + { + $wanted = 1; + } + elsif ($algorithm eq "4" && $hosts{$host}->{algorithm} ne "3") + { + $wanted = 1; + } + } + else + { + $wanted = 1; + } + + if ($wanted) + { + $hosts{$host} = { + algorithm => $algorithm, + type => "2", + value => $value + }; + } } } - else - { - warn $line; - } } - close(SSHFP); + close(HOSTS); +} + +open(SSHFP_JS, ">", "include/sshfp.js") || die $!; + +print SSHFP_JS qq|var SSHFP_RECORDS = [\n|; + +foreach my $host (sort keys %hosts) +{ + my $algorithm = $hosts{$host}->{algorithm}; + my $type = $hosts{$host}->{type}; + my $value = $hosts{$host}->{value}; + + print SSHFP_JS qq| SSHFP("${host}", ${algorithm}, ${type}, "${value}"),\n|; } print SSHFP_JS qq|];\n|;