SSH config: add support for github

Signed-off-by: Jan Pokorný <jpokorny@redhat.com>

1 files changed, 28 insertions, 0 deletions

diff --git a/scripts/firstrun/02-ssh-common b/scripts/firstrun/02-ssh-common
index 140970b..c1d90cb 100644
--- a/scripts/firstrun/02-ssh-common
+++ b/scripts/firstrun/02-ssh-common
@@ -1,7 +1,10 @@
+# vim:ft=sh:
 # fedora setup
 
 local host
 local found
+local expected
+local obtained
 
 wget https://admin.fedoraproject.org/ssh_known_hosts -O ~/.ssh/fedora-known_hosts
 while read host; do
@@ -23,3 +26,28 @@ done <<-EOFOUT
 	git.fedorahosted.org
 EOFOUT
 # git.fedorahosted.org ~ fedorahosted.org
+
+# github
+expected=$(wget https://help.github.com/articles/generating-ssh-keys -O- \
+  | xmllint --html --xpath \
+    "//pre[@class='command-line']/span/text()[starts-with(.,'RSA key fingerprint is ')]" \
+    - | cut -c24-70)
+
+obtained=$(expect <<-EOF
+	log_user 0
+	spawn ssh git@github.com \
+	  -oStrictHostKeyChecking=ask \
+	  -oUserKnownHostsFile=~/.ssh/github-known_hosts \
+	  -oIdentityFile=/dev/null
+	expect -re {RSA key fingerprint is ([[:xdigit:]]{2}(?:[:][[:xdigit:]]{2}){15})} {
+		set fingerprint \$expect_out(1,string)
+		puts "\$fingerprint"
+		send "no\r"
+		sleep 1
+	}
+EOF
+)
+
+[ "${obtained}" = "${expected}" ] \
+  && ssh-keyscan github.com >~/.ssh/github-known_hosts 2>/dev/null
+  || echo "Documented and obtained RSA fingerprint does NOT match"