Re: Generating ~/.ssh/known_hosts from LDAP
On Mon, 15 Dec 2003 17:06:32 -0500
Clint Adams [EMAIL PROTECTED] wrote:
I couldn't find any way to authenticate db.debian.org when using
direct LDAP(TLS doesn't seem to be supported), but nonetheless this
is damn convenient.
(requires python-ldap)
Or, for people who don't want python installed.
[debian-known-hosts text/plain (437 bytes)]
#!/bin/zsh
for i in ${(M)${(ps:\n\n:)${$(ldapsearc
Now what do I do if I want neither python nor zsh installed ;)
grts Tim
Re: Generating ~/.ssh/known_hosts from LDAP
On Tue, Dec 16, 2003 at 02:47:42PM +0100, Tim Dijkstra wrote:
On Mon, 15 Dec 2003 17:06:32 -0500
Clint Adams [EMAIL PROTECTED] wrote:
I couldn't find any way to authenticate db.debian.org when using
direct LDAP(TLS doesn't seem to be supported), but nonetheless this
is damn convenient.
(requires python-ldap)
Or, for people who don't want python installed.
[debian-known-hosts text/plain (437 bytes)]
#!/bin/zsh
for i in ${(M)${(ps:\n\n:)${$(ldapsearc
Now what do I do if I want neither python nor zsh installed ;)
You don't have a choice about having perl-base installed. Still need
ldap-utils, though; I figure that's less onerous than libnet-ldap-perl
(This is written for clarity. It can be written considerably shorter
if you don't make making it ugly. If you feel like doing so, please do
something worthwhile instead)
(MIT/X11 license)
--
.''`. ** Debian GNU/Linux ** | Andrew Suffield
: :' : http://www.debian.org/ |
`. `' |
`- -- |
#!/usr/bin/perl
use strict;
use warnings;
open LDAPSEARCH, -|, ldapsearch -LLL -x -h db.debian.org -b dc=debian,dc=org
-s sub objectClass=debianServer hostname sshRSAHostKey;
my $hostname;
while (LDAPSEARCH)
{
chomp;
next if /^#/;
if (/^dn:/)
{
$hostname = undef;
}
elsif (/^hostname: (\S+)$/)
{
$hostname = $1;
}
elsif (/^sshRSAHostKey: (.+)$/)
{
my $key = $1;
while (LDAPSEARCH)
{
chomp;
if (/^ (.+)$/)
{
$key .= $1;
}
elsif (/^sshRSAHostKey: (.+)$/)
{
print $hostname $key\n if defined $hostname;
$key = $1;
}
else
{
last;
}
}
print $hostname $key\n if defined $hostname;
}
}
close LDAPSEARCH;
signature.asc
Description: Digital signature
Re: Generating ~/.ssh/known_hosts from LDAP
I couldn't find any way to authenticate db.debian.org when using direct LDAP
(TLS doesn't seem to be supported), but nonetheless this is damn convenient.
(requires python-ldap)
Or, for people who don't want python installed.
#!/bin/zsh
for i in ${(M)${(ps:\n\n:)${$(ldapsearch -LLL -x -h db.debian.org -b
dc=debian,dc=org -s sub objectClass=debianServer hostname
sshRSAHostKey)}}:#*sshRSAHostKey:*};
do
for j in ${${(M)${(f)${i//
/}}:#sshRSAHostKey: *}#sshRSAHostKey: };
do
print ${(j:,:)${${(M)${(f)i}:#hostname: *}#hostname: }} $j
done
done
Re: Generating ~/.ssh/known_hosts from LDAP
Thanks Matt for your script. Will you add it to debian-goodies ? Cheers, -- Bill. [EMAIL PROTECTED] Imagine a large red swirl here.
Generating ~/.ssh/known_hosts from LDAP
I couldn't find any way to authenticate db.debian.org when using direct LDAP
(TLS doesn't seem to be supported), but nonetheless this is damn convenient.
(requires python-ldap)
--
- mdz
#!/usr/bin/python
#
# debian-known-hosts
#
# Dump ssh host keys from db.debian.org in a format suitable for an
# ssh known_hosts file
#
# BUGS: has no way to authenticate db.debian.org
#
# Matt Zimmerman [EMAIL PROTECTED], 12/13/2003
#
import ldap
conn = ldap.ldapobject.SmartLDAPObject('ldap://db.debian.org')
msgid = conn.search('dc=debian,dc=org', ldap.SCOPE_SUBTREE,
filterstr='objectClass=debianServer',
attrlist=('hostname', 'sshRSAHostKey'))
restype, resdata = conn.result(msgid)
for dn, attrs in resdata:
if 'sshRSAHostKey' not in attrs:
continue
hostnames = ','.join(attrs['hostname'])
for hostkey in attrs['sshRSAHostKey']:
print hostnames, hostkey
signature.asc
Description: Digital signature
