File: //usr/libexec/cloud-init/write-ssh-key-fingerprints
#!/bin/sh
# This file is part of cloud-init. See LICENSE file for license information.
do_syslog() {
log_message=$1
# rhels' version of logger_opts does not support long
# form of -s (--stderr), so use short form.
logger_opts="-s"
# Need to end the options list with "--" to ensure that any minus symbols
# in the text passed to logger are not interpreted as logger options.
logger_opts="$logger_opts -p user.info -t cloud-init --"
# shellcheck disable=SC2086 # logger give error if $logger_opts quoted
logger $logger_opts "$log_message"
}
# Redirect stderr to stdout
exec 2>&1
fp_blist=",${1},"
key_blist=",${2},"
fingerprint_header_shown=0
for f in /etc/ssh/ssh_host_*key.pub; do
[ -f "$f" ] || continue
# shellcheck disable=SC2034 # Unused "line" required for word splitting
read -r ktype line < "$f"
# skip the key if its type is in the blacklist
[ "${fp_blist#*,$ktype,}" = "${fp_blist}" ] || continue
if [ $fingerprint_header_shown -eq 0 ]; then
do_syslog "#############################################################"
do_syslog "-----BEGIN SSH HOST KEY FINGERPRINTS-----"
fingerprint_header_shown=1
fi
do_syslog "$(ssh-keygen -l -f "$f")"
done
if [ $fingerprint_header_shown -eq 1 ]; then
do_syslog "-----END SSH HOST KEY FINGERPRINTS-----"
do_syslog "#############################################################"
fi
key_header_shown=0
for f in /etc/ssh/ssh_host_*key.pub; do
[ -f "$f" ] || continue
# shellcheck disable=SC2034 # Unused "line" required for word splitting
read -r ktype line < "$f"
# skip the key if its type is in the blacklist
[ "${key_blist#*,$ktype,}" = "${key_blist}" ] || continue
if [ $key_header_shown -eq 0 ]; then
echo "-----BEGIN SSH HOST KEY KEYS-----"
key_header_shown=1
fi
cat "$f"
done
if [ $key_header_shown -eq 1 ]; then
echo "-----END SSH HOST KEY KEYS-----"
fi