From: Daniel Kahn Gillmor Date: Thu, 7 Aug 2008 04:22:18 +0000 (-0400) Subject: preparing better diagnostic messages for hosts that still have old HostKeys left. X-Git-Tag: monkeysphere_0.8-1~51 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=fc970021e82d737bddfe235bfff981db92ea1afe;p=monkeysphere.git preparing better diagnostic messages for hosts that still have old HostKeys left. --- diff --git a/src/monkeysphere-server b/src/monkeysphere-server index 63c3668..a0b7067 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -390,6 +390,7 @@ diagnostics() { local expire local uid local fingerprint + local badhostkeys seckey=$(gpg_host --list-secret-keys --fingerprint --with-colons --fixed-list-mode) keysfound=$(echo "$seckey" | grep -c ^sec:) @@ -471,6 +472,11 @@ diagnostics() { echo "! /etc/ssh/sshd_config does not point to the monkeysphere host key (${VARLIB}/ssh_host_rsa_key)." echo " - Recommendation: add a line to /etc/ssh/sshd_config: 'HostKey ${VARLIB}/ssh_host_rsa_key'" fi + if badhostkeys=$(grep '^HostKey' | grep -q -v "^HostKey ${VARLIB}/ssh_host_rsa_key$") ; then + echo "! /etc/sshd_config refers to some non-monkeysphere host keys:" + echo "$badhostkeys" + echo "- Recommendation: remove the above HostKey lines from /etc/ssh/sshd_config" + fi fi fi