diff options
| author | Andrew Cady <d@jerkface.net> | 2021-10-10 03:31:22 -0400 |
|---|---|---|
| committer | Andrew Cady <d@jerkface.net> | 2021-10-10 03:34:58 -0400 |
| commit | 03d3d89cdcae262065dbafd72d0d88d052cfc56b (patch) | |
| tree | fc8db27dfee2ebef32cd3955dc0e8cd10689d14f /notes | |
| parent | c38fcfab61b2c38bdd2aaac10adbbc23a08cd30d (diff) | |
get-host-keys command is working
The command fetches and validates the host key of a self-authenticating
cryptonomic url. Then it tries to log in on the server and obtain proof
of all the system's other host keys.
That way, we can use SSH to share the RSA key that Strongswan needs.
But still use ed25519 for the primary identity in the URL.
This is the functionality that needs to be incorporated into
'cryptonomic-vpn' to make ed25519.cryptonomic.net urls work.
Diffstat (limited to 'notes')
| -rwxr-xr-x | notes/update-host-keys | 26 |
1 files changed, 0 insertions, 26 deletions
diff --git a/notes/update-host-keys b/notes/update-host-keys deleted file mode 100755 index 4ef0e0b..0000000 --- a/notes/update-host-keys +++ /dev/null | |||
| @@ -1,26 +0,0 @@ | |||
| 1 | #!/bin/sh | ||
| 2 | set -e | ||
| 3 | _TEMP_DIR_=$(mktemp -d) | ||
| 4 | cd "$_TEMP_DIR_" | ||
| 5 | trap 'rm -rf "$_TEMP_DIR_"' EXIT | ||
| 6 | host=${1:-borges} | ||
| 7 | ssh-keygen -F "${host#*@}" | grep -v '^#' > ssh_known_hosts 2>/dev/null | ||
| 8 | touch ssh_known_hosts.stamp -r ssh_known_hosts | ||
| 9 | |||
| 10 | ssh() | ||
| 11 | { | ||
| 12 | command ssh \ | ||
| 13 | -F /dev/null \ | ||
| 14 | -o GlobalKnownHostsFile=$PWD/ssh_known_hosts \ | ||
| 15 | -o UserKnownHostsFile=$PWD/ssh_known_hosts \ | ||
| 16 | -o UpdateHostKeys=yes \ | ||
| 17 | -o PasswordAuthentication=no \ | ||
| 18 | -o StrictHostKeyChecking=yes \ | ||
| 19 | "$@" | ||
| 20 | } | ||
| 21 | |||
| 22 | have=ecdsa-sha2-nistp256 | ||
| 23 | want=rsa-sha2-256 | ||
| 24 | ssh -q -n "$host" || true | ||
| 25 | |||
| 26 | cat ssh_known_hosts | ||