Skip to content

Instantly share code, notes, and snippets.

@gdm85

gdm85/ssh-knownhost

Last active August 29, 2015 14:19
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save gdm85/58150057106d95cc8336 to your computer and use it in GitHub Desktop.
Save gdm85/58150057106d95cc8336 to your computer and use it in GitHub Desktop.
Download ZIP
ssh-knownhost by Colin Percival
Raw
ssh-knownhost
#!/bin/sh -e
## original article: http://www.daemonology.net/blog/2012-01-16-automatically-populating-ssh-known-hosts.html
# I hereby place this script in the public domain -- Colin Percival
# Usage
if [ $# -lt 1 ]; then
echo "usage: $0 host [fingerprint ...]" >/dev/stderr
exit 1;
fi
# Extract host name from command line.
HOST=$1
shift;
# Print a warning if no fingerprints were provided.
if [ $# -lt 1 ]; then
echo "$0: No fingerprints provided for host $HOST" >/dev/stderr
exit 0;
fi
# Create a directory for our temporary files.
D=`mktemp -d "${TMP:-/tmp}/ssh-knownhost.XXXXXX"` || exit 1
# No good keys yet.
: > $D/goodkeys
# Handle SSH keys of various sorts.
for KTYPE in rsa1 rsa dsa ecdsa; do
ssh-keyscan -t $KTYPE $HOST > $D/hostkey.$KTYPE 2>/dev/null
if [ -s $D/hostkey.$KTYPE ]; then
KPRINT=`ssh-keygen -lf $D/hostkey.$KTYPE | cut -f 2 -d ' '`
GOODKEY=0
for KEY in "$@"; do
if [ "$KEY" = "$KPRINT" ]; then
GOODKEY=1
fi
done
if [ $GOODKEY = 1 ]; then
cat $D/hostkey.$KTYPE >> $D/goodkeys
else
echo "$0: $KTYPE key for $HOST not in provided list" \
>/dev/stderr
fi
fi
rm $D/hostkey.$KTYPE
done
# Add new keys to our known_hosts file.
sort < $D/goodkeys > $D/goodkeys.tmp
mv $D/goodkeys.tmp $D/goodkeys
sort < ~/.ssh/known_hosts | comm -13 - $D/goodkeys > $D/newkeys
cat $D/newkeys >> ~/.ssh/known_hosts
# Clean up
rm $D/goodkeys $D/newkeys
rmdir $D
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment