1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
#!/bin/sh
# This file is part of cloud-init. See LICENSE file for license information.
do_syslog() {
log_message=$1
# rhels' version of logger_opts does not support long
# form of -s (--stderr), so use short form.
logger_opts="-s"
# Need to end the options list with "--" to ensure that any minus symbols
# in the text passed to logger are not interpreted as logger options.
logger_opts="$logger_opts -p user.info -t cloud-init --"
# shellcheck disable=SC2086 # logger give error if $logger_opts quoted
logger $logger_opts "$log_message"
}
# Redirect stderr to stdout
exec 2>&1
fp_blist=",${1},"
key_blist=",${2},"
fingerprint_header_shown=0
for f in /etc/ssh/ssh_host_*key.pub; do
[ -f "$f" ] || continue
# shellcheck disable=SC2034 # Unused "line" required for word splitting
read -r ktype line < "$f"
# skip the key if its type is in the blacklist
[ "${fp_blist#*,$ktype,}" = "${fp_blist}" ] || continue
if [ $fingerprint_header_shown -eq 0 ]; then
do_syslog "#############################################################"
do_syslog "-----BEGIN SSH HOST KEY FINGERPRINTS-----"
fingerprint_header_shown=1
fi
do_syslog "$(ssh-keygen -l -f "$f")"
done
if [ $fingerprint_header_shown -eq 1 ]; then
do_syslog "-----END SSH HOST KEY FINGERPRINTS-----"
do_syslog "#############################################################"
fi
key_header_shown=0
for f in /etc/ssh/ssh_host_*key.pub; do
[ -f "$f" ] || continue
# shellcheck disable=SC2034 # Unused "line" required for word splitting
read -r ktype line < "$f"
# skip the key if its type is in the blacklist
[ "${key_blist#*,$ktype,}" = "${key_blist}" ] || continue
if [ $key_header_shown -eq 0 ]; then
echo "-----BEGIN SSH HOST KEY KEYS-----"
key_header_shown=1
fi
cat "$f"
done
if [ $key_header_shown -eq 1 ]; then
echo "-----END SSH HOST KEY KEYS-----"
fi
|
