- # return 1 if there is no output of the user ID processing
- # ie. no key was found
- keyCachePath=$(process_user_id "$userID" "$cacheDir")
- if [ -z "$keyCachePath" ] ; then
- return 1
- fi
+ userID="ssh://${host}"
+
+ nKeys=0
+ nKeysOK=0
+
+ for line in $(process_user_id "ssh://${host}") ; do
+ # note that key was found
+ nKeys=$((nKeys+1))
+
+ ok=$(echo "$line" | cut -d: -f1)
+ keyid=$(echo "$line" | cut -d: -f2)
+
+ sshKey=$(gpg2ssh "$keyid")
+ if [ -z "$sshKey" ] ; then
+ log " ! key could not be translated."
+ continue
+ fi
+
+ # remove the old host key line, and note if removed
+ remove_line "$KNOWN_HOSTS" "$sshKey"
+
+ # if key OK, add new host line
+ if [ "$ok" -eq '0' ] ; then
+ # note that key was found ok
+ nKeysOK=$((nKeysOK+1))
+
+ # hash if specified
+ if [ "$HASH_KNOWN_HOSTS" = 'true' ] ; then
+ # FIXME: this is really hackish cause ssh-keygen won't
+ # hash from stdin to stdout
+ tmpfile=$(mktemp)
+ ssh2known_hosts "$host" "$sshKey" > "$tmpfile"
+ ssh-keygen -H -f "$tmpfile" 2> /dev/null
+ cat "$tmpfile" >> "$KNOWN_HOSTS"
+ rm -f "$tmpfile" "${tmpfile}.old"
+ else
+ ssh2known_hosts "$host" "$sshKey" >> "$KNOWN_HOSTS"
+ fi
+ fi
+ done