On Thu, Sep 23, 2010 at 01:40:29PM -0700, Vagrant Cascadian wrote:
> if someone types:
>
> ssh foo
>
> and the search domain was example.net, then the monkeysphere proxy would look
> for:
>
> gpg --search '=ssh://foo.example.net'
>
> and append the key appropriately to known_hosts if it verifies correctly?
here's an ugly hack to at least partially work around this limitation... by
using the following as the ssh ProxyCommand:
#!/bin/sh
case $1 in
*.*) exec monkeysphere ssh-proxycommand "$1" "$2" ;;
*)
if [ -z "$(ssh-keygen -F $1)" ]; then
# FIXME: deal with multiple lines returned by host
fq=$(host $1 | awk '{print $1}' | head -n 1)
if [ -n "$fq" ]; then
if monkeysphere update-known_hosts $fq ; then
ssh-keygen -F "$fq" | egrep -v ^# | awk '{print $2" "$3}' | sed
-e "s,^,$1 ,g" >> ~/.ssh/known_hosts
ssh-keygen -H
# FIXME: clean up known_hosts.old
fi
fi
fi
exec nc "$1" "$2"
;;
esac
seems like it may run into trouble if you switch domains and they have the same
hostnames, not sure if there are other potential problems with this sort of
behavior...
live well,
vagrant
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
