From: Michael Prokop <mika@grml.org>
Date: Tue, 25 Sep 2012 14:53:53 +0000 (+0200)
Subject: Display SSH server key fingerprints
X-Git-Tag: v0.9.58~3
X-Git-Url: http://git.grml.org/?p=grml-autoconfig.git;a=commitdiff_plain;h=12e47aed34dc3c59822af79dfec0a93fec810e00

Display SSH server key fingerprints

Useful if using the ssh boot option or providing your own
configuration files/script shipping SSH server keys.

Thanks: Peter Palfrader for the idea
---

diff --git a/autoconfig b/autoconfig
index dce5adb..ada7c18 100644
--- a/autoconfig
+++ b/autoconfig
@@ -57,6 +57,7 @@ CONFIG_DEBOOTSTRAP='yes'      # support automatic installation of Debian via grm
 CONFIG_DEBNET='yes'           # search for /etc/network/interfaces on partitions and set up network afterwards
 CONFIG_DEBS='yes'             # check for bootoption debs for installing .debs
 CONFIG_DEBUG='yes'            # activate start of shells during startup at several stages
+CONFIG_DISPLAY_SSH_FINGERPRINTS='yes' # display SSH server key fingerprints
 CONFIG_DISTCC='yes'           # activate and setup distcc through bootparam distcc=$NETWORK,$INTERFACE
 CONFIG_DISTRI='yes'           # support some customization via bootoption distri
 CONFIG_DMA='yes'              # Enable DMA for all IDE drives
diff --git a/autoconfig.functions b/autoconfig.functions
index 9488f55..06265e8 100755
--- a/autoconfig.functions
+++ b/autoconfig.functions
@@ -1121,6 +1121,22 @@ if checkbootparam 'ssh' ; then
    eoutdent
 fi
 }
+
+# }}}
+
+# {{{ display hostkeys of SSH server
+config_display_ssh_fingerprints() {
+  if ! find /etc/ssh/ -name ssh_host_\*_key >/dev/null 2>&1 ; then
+    return 0 # no SSH host keys present
+  fi
+
+  einfo "SSH key fingerprints:"
+  for file in /etc/ssh/ssh_host_*_key ; do
+    einfon
+    ssh-keygen -l -f $file
+  done | column -t
+  eend $?
+}
 # }}}
 
 # {{{ autostart of x11vnc
@@ -1473,6 +1489,7 @@ config_stats() {
  fi
 }
 # }}}
+
 # {{{ fix/workaround for unionfs
 fix_unionfs(){
   if [ -z "$INSTALLED" ]; then
diff --git a/grml-autoconfig b/grml-autoconfig
index a5a800d..9305cfe 100755
--- a/grml-autoconfig
+++ b/grml-autoconfig
@@ -164,6 +164,8 @@ checkvalue $CONFIG_SERVICES && config_services
 
 checkvalue $CONFIG_DEBNET && config_debnet
 
+checkvalue $CONFIG_DISPLAY_SSH_FINGERPRINTS && config_display_ssh_fingerprints
+
 checkvalue $CONFIG_NETCONFIG && config_netconfig
 
 checkvalue $CONFIG_NETSCRIPT && config_netscript