/usr/sbin/ltsp-update-sshkeys is in ltsp-server 5.5.1-1ubuntu2.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 | #!/bin/sh
#
# Copyright (c) 2005 Canonical LTD
#
# Author: Matt Zimmerman <mdz@canonical.com>
#
# 2006, Oliver Grawert <ogra@canonical.com>
# Vagrant Cascadian <vagrant@freegeek.org>
# 2007, Scott Balneaves <sbalneav@ltsp.org>
# Oliver Grawert <ogra@canonical.com>
# 2008, Vagrant Cascadian <vagrant@freegeek.org>
# Oliver Grawert <ogra@canonical.com>
# Warren Togami <wtogami@redhat.com>
# Eric Harrison <eharrison@k12linux.mesd.k12.or.us>
# Scott Balneaves <sbalneav@ltsp.org>
# 2010, Gideon Romm <gadi@ltsp.org>
# 2012, Alkis Georgopoulos <alkisg@gmail.com>
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; either version 2 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, you can find it on the World Wide
# Web at http://www.gnu.org/copyleft/gpl.html, or write to the Free
# Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
# MA 02110-1301, USA.
#
usage() {
cat <<EOF
Usage: $0 [OPTION] [host...]
If any hosts are specified, their SSH keys are exported in a file,
by default /etc/ltsp/ssh_known_hosts.auto.
Otherwise, all LTSP chroots are updated to trust the SSH keys of this server
along with any additional keys in /etc/ltsp/ssh_known_hosts.* files.
Options:
-b, --base[=PATH] The LTSP base directory Defaults to /opt/ltsp if unspecified.
-e, --export[=FILE] File name to export the hosts SSH keys to (- for stdout).
Defaults to /etc/ltsp/ssh_known_hosts.auto if unspecified.
-h, --help Displays the ltsp-update-sshkeys help message.
-p, --port[=PORT] SSH port for remote servers.
-u, --update Update the chroot SSH keys even if hosts are specified.
--version Output version information and exit.
EOF
}
# One may run the following command to replace the hostnames/IPs with *:
# sed 's/^[^# ][^ ]* /* /' -i /opt/ltsp/i386/etc/ssh/ssh_known_hosts
# This way the clients will trust those hosts even if their IP changes.
# In general that should be avoided though, it's safer to connect by hostname.
# The boot server is always known as "server", and others can be declared in
# DNS, in CHROOT/etc/hosts.ltsp, or with HOSTS_xx lts.conf directives.
# LDM_SERVER entries should match whatever was specified in the SSH keys.
# Set an optional MODULES_BASE, so help2man can be called from build env
MODULES_BASE=${MODULES_BASE:-/usr/share/ltsp}
# This also sources vendor functions and .conf file settings
. ${MODULES_BASE}/ltsp-server-functions
# Parse command line arguments
ARGS=$(getopt -o b:e:hp:u --long base:,export:,help,port:,update,version -n $0 -- "$@")
[ $? != 0 ] && exit 1
eval set -- "$ARGS"
while true ; do
case "$1" in
-b|--base) BASE=$2 ; shift 2 ;;
-e|--export) EXPORT=$2 ; shift 2 ;;
-h|--help) usage ; exit 0 ;;
-p|--port) PORT="$2" ; shift 2 ;;
-u|--update) UPDATE=1 ; shift 1 ;;
--version) ltsp_version; exit 0 ;;
--) shift ; break ;;
*) echo "Internal error!" ; exit 1 ;;
esac
done
# If any hosts were specified, export their ssh keys to a file
if [ $# -gt 0 ]; then
if [ "$EXPORT" = "-" ]; then
EXPORT="/dev/stdout"
else
EXPORT="${EXPORT:-/etc/ltsp/ssh_known_hosts.auto}"
fi
# We want the stderr of ssh-keyscan, but not its annoying "server info"
ssh-keyscan -t dsa,rsa,ecdsa ${PORT:+-p $PORT} "$@" 2>&1 >"$EXPORT" |
grep -v ^# >&2
else
UPDATE=1
fi
# UPDATE is either set with -u or automatically when no hostnames are passed
if [ -n "$UPDATE" ]; then
if [ -z "$CHROOTS" ]; then
BASE=${BASE:-"/opt/ltsp"}
CHROOTS=$(find "$BASE/" -mindepth 1 -maxdepth 1 -type d ! -name images)
fi
for chroot in $CHROOTS; do
test -x "$chroot/bin/true" || continue
mkdir -p "$chroot/etc/ssh"
# Do the work once; next times, use cp
if [ -z "$firstfile" ]; then
firstfile="$chroot/etc/ssh/ssh_known_hosts"
echo '# ssh keys for LTSP' > "$firstfile"
for key in $(find /etc/ssh/ -type f -name 'ssh_host_*_key.pub'); do
sed 's/^/server /' "$key" >> "$firstfile"
done
for file in $(find /etc/ltsp/ -type f -name 'ssh_known_hosts.*') ; do
cat "$file" >> "$firstfile"
done
else
cp "$firstfile" "$chroot/etc/ssh/ssh_known_hosts"
fi
done
if [ -z "$firstfile" ]; then
die "No LTSP chroots found, please run ltsp-build-client"
fi
fi
|