Marty Oehme
645248e83a
Added fingerprint matching to host functionality replacing the old matching on ip with nc idea. Functions essentially the same, only that now if another host randomly/or targeted replaces the original checking target you will still not try to be connected since the ssh fingerprint will not match. Should make it a teensy bit more secure.
21 lines
679 B
Bash
Executable file
21 lines
679 B
Bash
Executable file
#!/bin/bash
|
|
# from: https://awbmilne.github.io/blog/SSH-Host-Fallback/
|
|
# Takes 2 arguments: a hostname and an ssh fingerprint
|
|
# Retrieves all fingerprints from hostname and compares
|
|
# to see if the fingerprint passed in is part of them.
|
|
# If it is, returns true; if not, false.
|
|
# Can be used for more secure matching on hostname availability
|
|
# in sshconfig than e.g. nc ip matching.
|
|
#
|
|
# To find your keys fingerprint, one option is just connecting
|
|
# via `ssh -v` and looking for the fingerprint there.
|
|
|
|
fingerprints=$(ssh-keygen -lf <(ssh-keyscan "$1" 2>/dev/null))
|
|
|
|
for fingerprint in $fingerprints; do
|
|
if [ "$fingerprint" == "$2" ]; then
|
|
exit 0
|
|
fi
|
|
done
|
|
|
|
exit 1
|