From 01f2462f6b553ba649a26874ab1b9096f6f082f1 Mon Sep 17 00:00:00 2001
From: Andrew Cady <d@jerkface.net>
Date: Wed, 29 Sep 2021 21:26:18 -0400
Subject: show ssh-keyscan errors

---
 bin/cryptonomic-dyndns-command | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/bin/cryptonomic-dyndns-command b/bin/cryptonomic-dyndns-command
index 348ed74..c191066 100755
--- a/bin/cryptonomic-dyndns-command
+++ b/bin/cryptonomic-dyndns-command
@@ -83,6 +83,21 @@ add()
 	powerdns_sqlite_add_replace_record "$domain" "$record_type" "$ip"
 }
 
+validate_ssh_server()
+{
+        e=$(mktemp)
+        ssh-keyscan -t "$SSH_CLIENT_KEYTYPE" "$ip_address" | grep -q " $SSH_CLIENT_KEYDATA\$" 2>"$e"
+        if [ $? = 0 ]
+        then
+                rm "$e"
+                return 0
+        else
+                cat "$e" >&2
+                rm "$e"
+                false
+        fi
+}
+
 validate_dns_label()
 {
 	if [ $#1 -gt 64 ]
@@ -105,6 +120,7 @@ validate_dns_label()
 
 main()
 {
+	validate_ssh_server "$ip_address" || return
 	add "$domain" "$ip_address"
 	for label in $SSH_ORIGINAL_COMMAND
 	do
-- 
cgit v1.2.3