summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorelijah <elijah@riseup.net>2014-10-28 14:02:45 -0700
committerelijah <elijah@riseup.net>2014-10-28 14:02:45 -0700
commit06463db7a6e68898015e4a2138d5554f6394d300 (patch)
treed96d8e376a1d76451df2daf8070f8e757b3ce6d0 /lib
parent6d443e008a94f842799f30d15aacb754439fe101 (diff)
support both rsa and ecdsa ssh host keys in `leap node init`. closes #2373
Diffstat (limited to 'lib')
-rw-r--r--lib/leap_cli/commands/node.rb40
1 files changed, 31 insertions, 9 deletions
diff --git a/lib/leap_cli/commands/node.rb b/lib/leap_cli/commands/node.rb
index ba637f8..f1e1cf8 100644
--- a/lib/leap_cli/commands/node.rb
+++ b/lib/leap_cli/commands/node.rb
@@ -192,18 +192,40 @@ module LeapCli; module Commands
end
end
+ #
+ # get the public host key for a host.
+ # return SshKey object representation of the key.
+ #
+ # Only supports ecdsa or rsa host keys. ecdsa is preferred if both are available.
+ #
def get_public_key_for_ip(address, port=22)
assert_bin!('ssh-keyscan')
- output = assert_run! "ssh-keyscan -p #{port} -t ecdsa #{address}", "Could not get the public host key from #{address}:#{port}. Maybe sshd is not running?"
- line = output.split("\n").grep(/^[^#]/).first
- if line =~ /No route to host/
- bail! :failed, 'ssh-keyscan: no route to %s' % address
- elsif line =~ /no hostkey alg/
- bail! :failed, 'ssh-keyscan: no hostkey alg (must be missing an ecdsa public host key)'
+ output = assert_run! "ssh-keyscan -p #{port} #{address}", "Could not get the public host key from #{address}:#{port}. Maybe sshd is not running?"
+ if output.empty?
+ bail! :failed, "ssh-keyscan returned empty output."
+ end
+
+ # key arrays [ip, key_type, public_key]
+ rsa_key = nil
+ ecdsa_key = nil
+
+ lines = output.split("\n").grep(/^[^#]/)
+ lines.each do |line|
+ if line =~ /No route to host/
+ bail! :failed, 'ssh-keyscan: no route to %s' % address
+ elsif line =~ / ssh-rsa /
+ rsa_key = line.split(' ')
+ elsif line =~ / ecdsa-sha2-nistp256 /
+ ecdsa_key = line.split(' ')
+ end
+ end
+
+ if rsa_key.nil? && ecdsa_key.nil?
+ bail! "ssh-keyscan got zero host keys back! Output was: #{output}"
+ else
+ key = ecdsa_key || rsa_key
+ return SshKey.load(key[2], key[1])
end
- assert! line, "Got zero host keys back!"
- ip, key_type, public_key = line.split(' ')
- return SshKey.load(public_key, key_type)
end
def is_node_alive(node, options)