From c9e9417b0fccbc1d030782bb82635fa8d1f53fb0 Mon Sep 17 00:00:00 2001
From: Andrew Cady <d@samizdat>
Date: Wed, 29 Sep 2021 12:56:38 -0400
Subject: use ssh-keyscan on ip to get key (not secure)

---
 keycopy.sh | 54 ++++++++++++++++++++++++++++++++++++++++++++----------
 1 file changed, 44 insertions(+), 10 deletions(-)

diff --git a/keycopy.sh b/keycopy.sh
index 9f2f435..c85d8b7 100644
--- a/keycopy.sh
+++ b/keycopy.sh
@@ -1,21 +1,50 @@
 #!/bin/sh
-h=marble.tj5tzswz7isfavggdjsiwxdjswrg6tadlzuf3j3q.ed25519.cryptonomic.net 
+yourip=68.48.18.140
+h=$yourip
 n=andy
 
 key_basename=ssh_host_rsa_key
 input_key=/etc/ssh/$key_basename
 
+ssh2der()
+{
+	ssh-keygen -e -f "$1" -m PEM | openssl rsa -RSAPublicKey_in -outform DER
+}
+
+match_and_drop_first_word()
+{
+	expect=$1
+       	while read word rest
+       	do
+		if [ "$word" = "$expect" ]
+		then
+			printf '%s\n' "$rest"
+			return
+		fi
+       	done
+	false
+}
+
+keyscan()
+{
+	if [ -e keyscan.cache ]
+	then
+		cat keyscan.cache
+	else
+		ssh-keyscan -t rsa "$1"
+	fi
+}
+
 keycopy()
 {
 	openssl rsa -in "$input_key"         -outform DER > /etc/swanctl/private/"$key_basename"
 	openssl rsa -in "$input_key" -pubout -outform DER > /etc/swanctl/pubkey/"$key_basename".pub
 
 	t=$(mktemp)
-	ssh-keyscan -trsa "$h" | while read hh rest; do [ "$h" = "$hh" ] && printf '%s\n' "$rest"; done
-
-	ssh-keygen -e -f rsa.scan.edit -m PEM | openssl rsa -RSAPublicKey_in -outform DER > /etc/swanctl/pubkey/"$n".pub
 
-	ls -l /etc/swanctl/private/"$key_basename" /etc/swanctl/pubkey/"$key_basename".pub /etc/swanctl/pubkey/"$n".pub
+	keyscan "$yourip" | match_and_drop_first_word "$yourip" > "$t"
+	ssh2der "$t" > /etc/swanctl/pubkey/"$n".pub
+	rm -f "$t"
 }
 
 nocomments()
@@ -61,17 +90,20 @@ secrets {
 END
 }
 
-test_new_config()
+generate_config()
 {
-	ipsec stop
-
-	yourip=68.48.18.140
 	iface=$(ip -oneline route get "$yourip"  | sed -ne 's/.* dev \([^ ]*\) .*/\1/p')
 	[ "$iface" ] || return
 	mymac=$(ip -oneline -6 addr  show dev "$iface" | sed -ne 's/.* inet6 fe80::\([^/]*\)\/.*/\1/p')
 	[ "$mymac" ] || return
-
 	write_config andy "$yourip" "$mymac"
+}
+
+test_new_config()
+{
+	ipsec stop
+
+	generate_config
 
 	ipsec start
 	sleep 2
@@ -80,5 +112,7 @@ test_new_config()
 	ipsec up andy
 }
 
+set -e
+keycopy
 test_new_config
 
-- 
cgit v1.2.3