monkeysphere (0.30~pre) UNRELEASED; urgency=low
* changing tarball creation and packaging strategies
+ * make non-ssh parts of monkeysphere work well when openssh is not
+ installed; degrade ssh-specific parts gracefully when openssh is not
+ installed.
- -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 23 Mar 2010 13:57:31 -0400
+ -- Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sat, 17 Apr 2010 16:46:52 -0400
monkeysphere (0.29) unstable; urgency=low
local otherUids
# get the ssh key of the gpg key
- sshKeyGPGFile=$(msmktempfile)
- gpg2ssh "$keyid" >"$sshKeyGPGFile"
- sshFingerprint=$(ssh-keygen -l -f "$sshKeyGPGFile" | \
- awk '{ print $2 }')
- rm -f "$sshKeyGPGFile"
+ sshFingerprint=$(gpg2ssh "$keyid" | "$SYSSHAREDIR/keytrans" sshfpr)
# get the sigs for the matching key
gpgSigOut=$(gpg_user --check-sigs \
LOG_PREFIX=
+ # if we don't have ssh-keyscan, we just don't scan:
+ if ( type ssh-keyscan &>/dev/null ) ; then
# retrieve the ssh key being offered by the host
- sshKeyOffered=$(ssh-keyscan -t rsa -p "$PORT" "$HOST" 2>/dev/null \
- | awk '{ print $2, $3 }')
+ sshKeyOffered=$(ssh-keyscan -t rsa -p "$PORT" "$HOST" 2>/dev/null \
+ | awk '{ print $2, $3 }')
+ fi
# get the gpg info for userid
gpgOut=$(gpg_user --list-key --fixed-list-mode --with-colon \
# the ssh proxycommand function itself
ssh_proxycommand() {
+local hostKey
if [ "$1" = '--no-connect' ] ; then
NO_CONNECT='true'
# if the host is NOT in the keyring...
else
- # if the host key is found in the known_hosts file...
- hostKey=$( [ ! -r "$KNOWN_HOSTS" ] || ssh-keygen -F "$HOST" -f "$KNOWN_HOSTS" 2>/dev/null)
+ # FIXME: what about system-wide known_hosts file (/etc/ssh/known_hosts)?
+
+ if [ -r "$KNOWN_HOSTS" ]; then
+ # look up the host key is found in the known_hosts file...
+ if (type ssh-keygen &>/dev/null) ; then
+ hostKey=$(ssh-keygen -F "$HOST" -f "$KNOWN_HOSTS" 2>/dev/null)
+ else
+ # FIXME: we're not dealing with digested known_hosts if we don't
+ hostKey=$(cut -f1 -d\ < .ssh/known_hosts | tr ',' '\n' | grep -Fx -e "$HOST" || :)
+ fi
+ fi
if [ "$hostKey" ] ; then
# do not check the keyserver