summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Cady <d@jerkface.net>2021-10-10 05:30:56 -0400
committerAndrew Cady <d@jerkface.net>2021-10-10 05:30:56 -0400
commita5dc38245e1e76d4bf8b321aac488b76ad399b43 (patch)
tree9fc686d5ac5c3d79d6092b607ae0b5b5f2358545
parent015ec452bf5eaf2c56d9f311634d19b09f158269 (diff)
cryptonomic-vpn calls out to ./get-host-keys
cryptonomic-vpn calls out to ./get-host-keys to get host keys. That path has to be changed. OK for here since both need to be merged into selfpublish.sh.
Diffstat
-rwxr-xr-xcryptonomic-vpn68
1 files changed, 24 insertions, 44 deletions
diff --git a/cryptonomic-vpn b/cryptonomic-vpn
index 855793b..2ca1fc0 100755
--- a/cryptonomic-vpn
+++ b/cryptonomic-vpn
@@ -268,48 +268,6 @@ install_local_private_key()
268 rm -f "$private_key_tmp" 268 rm -f "$private_key_tmp"
269} 269}
270 270
271b16_to_b32()
272{
273 printf %s "$1" | basez -x -d | basez -j -l | tr -d =
274}
275
276key_to_domain_suffix()
277{
278 [ -f "$1" ] || return
279 local keytype=1 hashtype=2 sshfp_b16 sshfp_b32
280 sshfp_b16=$(ssh-keygen -r . -f "$1" | sed -ne "s/^. IN SSHFP $keytype $hashtype //p") &&
281 [ "$sshfp_b16" ] || die "could not determine ssh client fingerprint"
282 sshfp_b32=$(b16_to_b32 "$sshfp_b16")
283
284 printf %s.%s.%s "$sshfp_b32" "$REMOTE_KEY_TYPE" cryptonomic.net | tail -c64
285}
286
287validate_public_key_name()
288{
289 local suffix keyfile="$1" name="$2"
290 case "$name" in
291 *.cryptonomic.net) validate_cryptonomic_public_key_name "$@" ;;
292 *) validate_generic_public_key_name "$@" ;;
293 esac
294}
295
296validate_cryptonomic_public_key_name()
297{
298 [ "$keyfile" ]
299 [ "$name" ]
300 suffix=$(key_to_domain_suffix "$keyfile")
301 case "$name" in
302 *."$suffix" | "$suffix" ) true ;;
303 * ) false ;;
304 esac
305}
306
307validate_generic_public_key_name()
308{
309 read expected < "$1"
310 scan_knownhosts_files "$2" | grep -q -F -e "$expected"
311}
312
313scan_knownhosts_files() 271scan_knownhosts_files()
314{ 272{
315 local host="$1" f files 273 local host="$1" f files
@@ -325,16 +283,38 @@ scan_knownhosts_files()
325 done 283 done
326} 284}
327 285
286find_known_ssh_host_rsa_key_by_name()
287{
288 local target="$1" name="$2" keytype_wanted='ssh-rsa'
289 scan_knownhosts_files "$name" | (
290 while read keytype key
291 do
292 [ "$keytype" = "$keytype_wanted" ] || continue
293 echo "Notice: found $name $keytype $key" >&2
294 echo "$keytype $key" > "$target"
295 exit
296 done
297 false
298 )
299}
300
328install_remote_public_key() 301install_remote_public_key()
329{ 302{
330 trap 'rm -f "$t"' EXIT 303 trap 'rm -f "$t"' EXIT
331 t=$(mktemp) 304 t=$(mktemp)
332 keyscan "$REMOTE_IP" | match_and_drop_first_word "$REMOTE_IP" > "$t"
333 validate_public_key_name "$t" "$REMOTE_NAME" || die 'cannot authenticate remote public key'
334 305
306 if find_known_ssh_host_rsa_key_by_name "$t" "$REMOTE_NAME"
307 then
308 echo "Notice: using host key from OpenSSH KnownHostsFiles for $REMOTE_NAME" >&2
309 else
310 echo "Notice: scanning the network for host keys for $REMOTE_NAME" >&2
311 ./get-host-keys "$REMOTE_NAME" || die 'get-host-keys'
312 find_known_ssh_host_rsa_key_by_name "$t" "$REMOTE_NAME" || die "could not find host rsa key for $REMOTE_NAME"
313 fi
335 314
336 REMOTE_PUBLIC_KEY_DEST=/etc/swanctl/pubkey/$(sshfp_rsa_filename_string "$t").pub 315 REMOTE_PUBLIC_KEY_DEST=/etc/swanctl/pubkey/$(sshfp_rsa_filename_string "$t").pub
337 write_successfully "$REMOTE_PUBLIC_KEY_DEST" -- write_remote_key "$t" 316 write_successfully "$REMOTE_PUBLIC_KEY_DEST" -- write_remote_key "$t"
317
338 trap - EXIT 318 trap - EXIT
339 rm -f "$t" 319 rm -f "$t"
340} 320}
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-18 17:54:39 +0000