[Pkg-cups-devel] Bug#597997: monkeysphere: improve support for hosts without FQDN

[Vagrant Cascadian]

On Thu, Sep 23, 2010 at 01:40:29PM -0700, Vagrant Cascadian wrote:
> if someone types:
> 
>   ssh foo
> 
> and the search domain was example.net, then the monkeysphere proxy would look
> for:
> 
>   gpg --search '=ssh://foo.example.net' 
> 
> and append the key appropriately to known_hosts if it verifies correctly?

here's an ugly hack to at least partially work around this limitation... by
using the following as the ssh ProxyCommand:


#!/bin/sh

case $1 in
    *.*) exec monkeysphere ssh-proxycommand "$1" "$2" ;;
    *) 
    if [ -z "$(ssh-keygen -F $1)" ]; then
        # FIXME: deal with multiple lines returned by host
        fq=$(host $1 | awk '{print $1}' | head -n 1) 
        if [ -n "$fq" ]; then
            if monkeysphere update-known_hosts $fq ; then
                ssh-keygen -F "$fq" | egrep -v ^# | awk '{print $2" "$3}' | sed -e "s,^,$1 ,g" >> ~/.ssh/known_hosts
                ssh-keygen -H
                # FIXME: clean up known_hosts.old
            fi
        fi
    fi
    exec nc "$1" "$2"
    ;;
esac


seems like it may run into trouble if you switch domains and they have the same
hostnames, not sure if there are other potential problems with this sort of
behavior...


live well,
  vagrant