From 2e77eceade780b8f2e5f7ebb5b0145413e9b0caf Mon Sep 17 00:00:00 2001 From: KiekerJan Date: Thu, 11 Jul 2024 22:13:26 +0200 Subject: [PATCH] also extract ip address from ssd config --- management/dns_update.py | 46 +++++++++++++++++++++++++++++----------- 1 file changed, 34 insertions(+), 12 deletions(-) diff --git a/management/dns_update.py b/management/dns_update.py index efa20623b..4c767b6fa 100755 --- a/management/dns_update.py +++ b/management/dns_update.py @@ -488,21 +488,43 @@ def build_sshfp_records(): return # Determine where sshd is listening - listenaddress = shell("check_output", ["sshd", "-T", "|", "grep", "listenaddress"]) - listenaddress = listenaddress.split("\n") + sshd_config = shell("check_output", ["sshd", "-T"]) + sshd_config = sshd_config.split("\n") - # Nothing to do on empty listenaddress - if len(listenaddress) == 0: + # Nothing to do on empty sshd config + if len(sshd_config) == 0: return - try: - # If there's a [ and ], it's an ipv6 address - if listenaddress[0].find("[") >= 0 and listenaddress[0].find("]") >= 0: - keys = shell("check_output", ["ssh-keyscan", "-6", "-t", "rsa,dsa,ecdsa,ed25519", "-p", str(port), "localhost"]) - else: - keys = shell("check_output", ["ssh-keyscan", "-4", "-t", "rsa,dsa,ecdsa,ed25519", "-p", str(port), "localhost"]) - except: - return + keys = "" + for line in sshd_config: + if line.startswith("listenaddress "): + line = line.replace("listenaddress ", "") + + if line[0] == "[": + # ipv6 is of form [ab:cd::]: + leftpos = 1 + rightpos = line.find("]") + iptype = "-6" + else: + # ipv4 is of form 1.2.3.4: + leftpos = 0 + rightpos = line.find(":") + iptype = "-4" + + ipaddr = line[leftpos:rightpos] + + if ipaddr == "0.0.0.0" or ipaddr == "::": + ipaddr = "localhost" + + try: + keys = shell("check_output", ["ssh-keyscan", iptype, "-t", "rsa,dsa,ecdsa,ed25519", "-p", str(port), ipaddr]) + if len(keys) > 0: + # Found something, assume it's ok and do early exit + break + except: + # Something went wrong executing the shell command, but continue looking in the sshd + # config + continue keys = sorted(keys.split("\n"))