GIT.Harvie.CZ
/
mirrors
/
Programs.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Sleepcount improved
[mirrors/Programs.git]
/
bash
/
ssh-dnssec
/
ssh-dnssec.sh
diff --git
a/bash/ssh-dnssec/ssh-dnssec.sh
b/bash/ssh-dnssec/ssh-dnssec.sh
index 74ce22a546275f2b2cf876c58a7d900a35d111c3..737384e8063b81487da52ba59226a998473d61a4 100755
(executable)
--- a/
bash/ssh-dnssec/ssh-dnssec.sh
+++ b/
bash/ssh-dnssec/ssh-dnssec.sh
@@
-1,7
+1,16
@@
#!/bin/sh
#!/bin/sh
+#OpenSSH wrapper for DNSSEC (see $0 -h for help)
+
+#keys from lowest priority to highest:
+for key in\
+ '/usr/share/dnssec-trust-anchors/root-zone.key'\
+ '/etc/trusted-key.key'\
+ ; do
+ [ -r "$key" ] && drillargs="-k $key";
+done;
+
drill="$(which drill)"
ssh="$(which ssh)"
drill="$(which drill)"
ssh="$(which ssh)"
-
check_ssh_cmdline() {
while getopts "a:c:e:i:l:n:k:V:o:p:q:P:t:v:x:C:L:R:h" OPT; do
if [ "$OPT" == 'h' ]; then
check_ssh_cmdline() {
while getopts "a:c:e:i:l:n:k:V:o:p:q:P:t:v:x:C:L:R:h" OPT; do
if [ "$OPT" == 'h' ]; then
@@
-11,16
+20,20
@@
check_ssh_cmdline() {
You can use alias ssh='$0' (and you can add it to your ~/.bashrc)
You can use alias ssh='$0' (and you can add it to your ~/.bashrc)
- Command line options are just the same as for SSH, but you have to
- specify all the options before hostname and optional command. eg.:
- $0 -p2222 user@example.com (good)
- $0 user@example.com -p2222 (baad)
+ Command line options are just the same as for SSH
To test if $0 works as it's supposed to be working, you can try following:
$0 user@badsign-a.test.dnssec-tools.org
$0 user@rhybar.cz
(both commands should fail with DNSSEC error)
To test if $0 works as it's supposed to be working, you can try following:
$0 user@badsign-a.test.dnssec-tools.org
$0 user@rhybar.cz
(both commands should fail with DNSSEC error)
+ Known issues:
+ - DNS record can change between DNSSEC validation and SSH connection
+ - we should pass IP address directly to SSH binary (patches welcome)
+
+ If there are some autodetected drill arguments, you can see them here:
+ $drillargs
+
"
"$ssh" --help
exit 0;
"
"$ssh" --help
exit 0;
@@
-28,8
+41,8
@@
check_ssh_cmdline() {
done
shift $(($OPTIND -1));
host="${1##*@}";
done
shift $(($OPTIND -1));
host="${1##*@}";
- echo "$drill -TD $host"
- out="$("$drill" -TD "$host")"; ret=$?;
+ echo "$drill
$drillargs
-TD $host"
+ out="$("$drill"
$drillargs
-TD "$host")"; ret=$?;
echo "$out" | grep -i NO.DNSKEY;
return $ret;
}
echo "$out" | grep -i NO.DNSKEY;
return $ret;
}
This page took
0.119954 seconds
and
4
git commands to generate.