blob: c1d90cb44bd95077ef74c6e6a8815eb4e8c6d5bb (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
# vim:ft=sh:
# fedora setup
local host
local found
local expected
local obtained
wget https://admin.fedoraproject.org/ssh_known_hosts -O ~/.ssh/fedora-known_hosts
while read host; do
found=$(grep $(dig +short "${host}") ~/.ssh/fedora-known_hosts)
if test -n "${found}"; then
chmod u+w ~/.ssh/config
cat >>~/.ssh/config <<EOF
Host $host
HostKeyAlias $(echo "${found}" | cut -d, -f1)
IdentityFile ~/.ssh/fedora-id_rsa
UserKnownHostsFile /dev/null
GlobalKnownHostsFile ~/.ssh/fedora-known_hosts
EOF
chmod u-w ~/.ssh/config
fi
done <<-EOFOUT
fedorapeople.org
git.fedorahosted.org
EOFOUT
# git.fedorahosted.org ~ fedorahosted.org
# github
expected=$(wget https://help.github.com/articles/generating-ssh-keys -O- \
| xmllint --html --xpath \
"//pre[@class='command-line']/span/text()[starts-with(.,'RSA key fingerprint is ')]" \
- | cut -c24-70)
obtained=$(expect <<-EOF
log_user 0
spawn ssh git@github.com \
-oStrictHostKeyChecking=ask \
-oUserKnownHostsFile=~/.ssh/github-known_hosts \
-oIdentityFile=/dev/null
expect -re {RSA key fingerprint is ([[:xdigit:]]{2}(?:[:][[:xdigit:]]{2}){15})} {
set fingerprint \$expect_out(1,string)
puts "\$fingerprint"
send "no\r"
sleep 1
}
EOF
)
[ "${obtained}" = "${expected}" ] \
&& ssh-keyscan github.com >~/.ssh/github-known_hosts 2>/dev/null
|| echo "Documented and obtained RSA fingerprint does NOT match"
|