Re: Generating ~/.ssh/known_hosts from LDAP
On Mon, 15 Dec 2003 17:06:32 -0500 Clint Adams [EMAIL PROTECTED] wrote: I couldn't find any way to authenticate db.debian.org when using direct LDAP(TLS doesn't seem to be supported), but nonetheless this is damn convenient. (requires python-ldap) Or, for people who don't want python installed. [debian-known-hosts text/plain (437 bytes)] #!/bin/zsh for i in ${(M)${(ps:\n\n:)${$(ldapsearc Now what do I do if I want neither python nor zsh installed ;) grts Tim
Re: Generating ~/.ssh/known_hosts from LDAP
On Tue, Dec 16, 2003 at 02:47:42PM +0100, Tim Dijkstra wrote: On Mon, 15 Dec 2003 17:06:32 -0500 Clint Adams [EMAIL PROTECTED] wrote: I couldn't find any way to authenticate db.debian.org when using direct LDAP(TLS doesn't seem to be supported), but nonetheless this is damn convenient. (requires python-ldap) Or, for people who don't want python installed. [debian-known-hosts text/plain (437 bytes)] #!/bin/zsh for i in ${(M)${(ps:\n\n:)${$(ldapsearc Now what do I do if I want neither python nor zsh installed ;) You don't have a choice about having perl-base installed. Still need ldap-utils, though; I figure that's less onerous than libnet-ldap-perl (This is written for clarity. It can be written considerably shorter if you don't make making it ugly. If you feel like doing so, please do something worthwhile instead) (MIT/X11 license) -- .''`. ** Debian GNU/Linux ** | Andrew Suffield : :' : http://www.debian.org/ | `. `' | `- -- | #!/usr/bin/perl use strict; use warnings; open LDAPSEARCH, -|, ldapsearch -LLL -x -h db.debian.org -b dc=debian,dc=org -s sub objectClass=debianServer hostname sshRSAHostKey; my $hostname; while (LDAPSEARCH) { chomp; next if /^#/; if (/^dn:/) { $hostname = undef; } elsif (/^hostname: (\S+)$/) { $hostname = $1; } elsif (/^sshRSAHostKey: (.+)$/) { my $key = $1; while (LDAPSEARCH) { chomp; if (/^ (.+)$/) { $key .= $1; } elsif (/^sshRSAHostKey: (.+)$/) { print $hostname $key\n if defined $hostname; $key = $1; } else { last; } } print $hostname $key\n if defined $hostname; } } close LDAPSEARCH; signature.asc Description: Digital signature
Re: Generating ~/.ssh/known_hosts from LDAP
I couldn't find any way to authenticate db.debian.org when using direct LDAP (TLS doesn't seem to be supported), but nonetheless this is damn convenient. (requires python-ldap) Or, for people who don't want python installed. #!/bin/zsh for i in ${(M)${(ps:\n\n:)${$(ldapsearch -LLL -x -h db.debian.org -b dc=debian,dc=org -s sub objectClass=debianServer hostname sshRSAHostKey)}}:#*sshRSAHostKey:*}; do for j in ${${(M)${(f)${i// /}}:#sshRSAHostKey: *}#sshRSAHostKey: }; do print ${(j:,:)${${(M)${(f)i}:#hostname: *}#hostname: }} $j done done
Re: Generating ~/.ssh/known_hosts from LDAP
Thanks Matt for your script. Will you add it to debian-goodies ? Cheers, -- Bill. [EMAIL PROTECTED] Imagine a large red swirl here.
Generating ~/.ssh/known_hosts from LDAP
I couldn't find any way to authenticate db.debian.org when using direct LDAP (TLS doesn't seem to be supported), but nonetheless this is damn convenient. (requires python-ldap) -- - mdz #!/usr/bin/python # # debian-known-hosts # # Dump ssh host keys from db.debian.org in a format suitable for an # ssh known_hosts file # # BUGS: has no way to authenticate db.debian.org # # Matt Zimmerman [EMAIL PROTECTED], 12/13/2003 # import ldap conn = ldap.ldapobject.SmartLDAPObject('ldap://db.debian.org') msgid = conn.search('dc=debian,dc=org', ldap.SCOPE_SUBTREE, filterstr='objectClass=debianServer', attrlist=('hostname', 'sshRSAHostKey')) restype, resdata = conn.result(msgid) for dn, attrs in resdata: if 'sshRSAHostKey' not in attrs: continue hostnames = ','.join(attrs['hostname']) for hostkey in attrs['sshRSAHostKey']: print hostnames, hostkey signature.asc Description: Digital signature