notes/update-host-keys


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

#!/bin/sh
set -e
_TEMP_DIR_=$(mktemp -d)
cd "$_TEMP_DIR_"
trap 'rm -rf "$_TEMP_DIR_"' EXIT
host=${1:-borges}
ssh-keygen -F "${host#*@}" | grep -v '^#' > ssh_known_hosts 2>/dev/null
touch ssh_known_hosts.stamp -r ssh_known_hosts

ssh()
{
    command ssh \
        -F /dev/null \
        -o GlobalKnownHostsFile=$PWD/ssh_known_hosts \
        -o UserKnownHostsFile=$PWD/ssh_known_hosts \
        -o UpdateHostKeys=yes \
        -o PasswordAuthentication=no \
        -o StrictHostKeyChecking=yes \
        "$@"
}

have=ecdsa-sha2-nistp256
want=rsa-sha2-256
ssh -q -n "$host" || true

cat ssh_known_hosts