preparing better diagnostic messages for hosts that still have old HostKeys left.
authorDaniel Kahn Gillmor <dkg@fifthhorseman.net>
Thu, 7 Aug 2008 04:22:18 +0000 (00:22 -0400)
committerDaniel Kahn Gillmor <dkg@fifthhorseman.net>
Thu, 7 Aug 2008 04:22:18 +0000 (00:22 -0400)
src/monkeysphere-server

index 63c3668c82019c3676c031c105d0424dfd4f54ec..a0b7067c844964962daf969800cc4b2c2042b1c1 100755 (executable)
@@ -390,6 +390,7 @@ diagnostics() {
     local expire
     local uid
     local fingerprint
+    local badhostkeys
 
     seckey=$(gpg_host --list-secret-keys --fingerprint --with-colons --fixed-list-mode)
     keysfound=$(echo "$seckey" | grep -c ^sec:)
@@ -471,6 +472,11 @@ diagnostics() {
                echo "! /etc/ssh/sshd_config does not point to the monkeysphere host key (${VARLIB}/ssh_host_rsa_key)."
                echo " - Recommendation: add a line to /etc/ssh/sshd_config: 'HostKey ${VARLIB}/ssh_host_rsa_key'"
            fi
+           if badhostkeys=$(grep '^HostKey' | grep -q -v "^HostKey ${VARLIB}/ssh_host_rsa_key$") ; then
+               echo "! /etc/sshd_config refers to some non-monkeysphere host keys:"
+               echo "$badhostkeys"
+               echo "- Recommendation: remove the above HostKey lines from /etc/ssh/sshd_config"
+           fi
        fi
     fi