|
Packit Service |
a2ae7a |
(*
|
|
Packit Service |
a2ae7a |
Module: Known_Hosts
|
|
Packit Service |
a2ae7a |
Parses SSH known_hosts files
|
|
Packit Service |
a2ae7a |
|
|
Packit Service |
a2ae7a |
Author: Raphaël Pinson <raphink@gmail.com>
|
|
Packit Service |
a2ae7a |
|
|
Packit Service |
a2ae7a |
About: Reference
|
|
Packit Service |
a2ae7a |
This lens manages OpenSSH's known_hosts files. See `man 8 sshd` for reference.
|
|
Packit Service |
a2ae7a |
|
|
Packit Service |
a2ae7a |
About: License
|
|
Packit Service |
a2ae7a |
This file is licenced under the LGPL v2+, like the rest of Augeas.
|
|
Packit Service |
a2ae7a |
|
|
Packit Service |
a2ae7a |
About: Lens Usage
|
|
Packit Service |
a2ae7a |
Sample usage of this lens in augtool:
|
|
Packit Service |
a2ae7a |
|
|
Packit Service |
a2ae7a |
* Get a key by name from ssh_known_hosts
|
|
Packit Service |
a2ae7a |
> print /files/etc/ssh_known_hosts/*[.="foo.example.com"]
|
|
Packit Service |
a2ae7a |
...
|
|
Packit Service |
a2ae7a |
|
|
Packit Service |
a2ae7a |
* Change a host's key
|
|
Packit Service |
a2ae7a |
> set /files/etc/ssh_known_hosts/*[.="foo.example.com"]/key "newkey"
|
|
Packit Service |
a2ae7a |
|
|
Packit Service |
a2ae7a |
About: Configuration files
|
|
Packit Service |
a2ae7a |
This lens applies to SSH known_hosts files. See <filter>.
|
|
Packit Service |
a2ae7a |
|
|
Packit Service |
a2ae7a |
*)
|
|
Packit Service |
a2ae7a |
|
|
Packit Service |
a2ae7a |
module Known_Hosts =
|
|
Packit Service |
a2ae7a |
|
|
Packit Service |
a2ae7a |
autoload xfm
|
|
Packit Service |
a2ae7a |
|
|
Packit Service |
a2ae7a |
|
|
Packit Service |
a2ae7a |
(* View: marker
|
|
Packit Service |
a2ae7a |
The marker is optional, but if it is present then it must be one of
|
|
Packit Service |
a2ae7a |
“@cert-authority”, to indicate that the line contains a certification
|
|
Packit Service |
a2ae7a |
authority (CA) key, or “@revoked”, to indicate that the key contained
|
|
Packit Service |
a2ae7a |
on the line is revoked and must not ever be accepted.
|
|
Packit Service |
a2ae7a |
Only one marker should be used on a key line.
|
|
Packit Service |
a2ae7a |
*)
|
|
Packit Service |
a2ae7a |
let marker = [ key /@(revoked|cert-authority)/ . Sep.space ]
|
|
Packit Service |
a2ae7a |
|
|
Packit Service |
a2ae7a |
|
|
Packit Service |
a2ae7a |
(* View: type
|
|
Packit Service |
a2ae7a |
Bits, exponent, and modulus are taken directly from the RSA host key;
|
|
Packit Service |
a2ae7a |
they can be obtained, for example, from /etc/ssh/ssh_host_key.pub.
|
|
Packit Service |
a2ae7a |
The optional comment field continues to the end of the line, and is not used.
|
|
Packit Service |
a2ae7a |
*)
|
|
Packit Service |
a2ae7a |
let type = [ label "type" . store Rx.neg1 ]
|
|
Packit Service |
a2ae7a |
|
|
Packit Service |
a2ae7a |
|
|
Packit Service |
a2ae7a |
(* View: entry
|
|
Packit Service |
a2ae7a |
A known_hosts entry *)
|
|
Packit Service |
a2ae7a |
let entry =
|
|
Packit Service |
a2ae7a |
let alias = [ label "alias" . store Rx.neg1 ]
|
|
Packit Service |
a2ae7a |
in let key = [ label "key" . store Rx.neg1 ]
|
|
Packit Service |
a2ae7a |
in [ Util.indent . seq "entry" . marker?
|
|
Packit Service |
a2ae7a |
. store Rx.neg1
|
|
Packit Service |
a2ae7a |
. (Sep.comma . Build.opt_list alias Sep.comma)?
|
|
Packit Service |
a2ae7a |
. Sep.space . type . Sep.space . key
|
|
Packit Service |
a2ae7a |
. Util.comment_or_eol ]
|
|
Packit Service |
a2ae7a |
|
|
Packit Service |
a2ae7a |
(* View: lns
|
|
Packit Service |
a2ae7a |
The known_hosts lens *)
|
|
Packit Service |
a2ae7a |
let lns = (Util.empty | Util.comment | entry)*
|
|
Packit Service |
a2ae7a |
|
|
Packit Service |
a2ae7a |
(* Variable: filter *)
|
|
Packit Service |
a2ae7a |
let filter = incl "/etc/ssh/ssh_known_hosts"
|
|
Packit Service |
a2ae7a |
. incl (Sys.getenv("HOME") . "/.ssh/known_hosts")
|
|
Packit Service |
a2ae7a |
|
|
Packit Service |
a2ae7a |
let xfm = transform lns filter
|