+ host="$1"
+ userID="ssh://${host}"
+
+ log "processing: $host"
+
+ nKeys=0
+ nKeysOK=0
+
+ IFS=$'\n'
+ for line in $(process_user_id "${userID}") ; do
+ # note that key was found
+ nKeys=$((nKeys+1))
+
+ ok=$(echo "$line" | cut -d: -f1)
+ sshKey=$(echo "$line" | cut -d: -f2)
+
+ if [ -z "$sshKey" ] ; then
+ continue
+ fi
+
+ # remove the old host key line, and note if removed
+ remove_line "$KNOWN_HOSTS" "$sshKey"
+
+ # if key OK, add new host line
+ if [ "$ok" -eq '0' ] ; then
+ # note that key was found ok
+ nKeysOK=$((nKeysOK+1))
+
+ # hash if specified
+ if [ "$HASH_KNOWN_HOSTS" = 'true' ] ; then
+ # FIXME: this is really hackish cause ssh-keygen won't
+ # hash from stdin to stdout
+ tmpfile=$(mktemp)
+ ssh2known_hosts "$host" "$sshKey" > "$tmpfile"
+ ssh-keygen -H -f "$tmpfile" 2> /dev/null
+ cat "$tmpfile" >> "$KNOWN_HOSTS"
+ rm -f "$tmpfile" "${tmpfile}.old"
+ else
+ ssh2known_hosts "$host" "$sshKey" >> "$KNOWN_HOSTS"
+ fi
+ fi
+ done
+
+ # if at least one key was found...
+ if [ "$nKeys" -gt 0 ] ; then
+ # if ok keys were found, return 0
+ if [ "$nKeysOK" -gt 0 ] ; then
+ return 0
+ # else return 2
+ else
+ return 2
+ fi
+ # if no keys were found, return 1
+ else
+ return 1
+ fi
+}
+
+# update the known_hosts file for a set of hosts listed on command
+# line
+update_known_hosts() {
+ local nHosts
+ local nHostsOK
+ local nHostsBAD
+ local fileCheck
+ local host
+
+ # the number of hosts specified on command line
+ nHosts="$#"
+
+ nHostsOK=0
+ nHostsBAD=0
+
+ # set the trap to remove any lockfiles on exit
+ trap "lockfile-remove $KNOWN_HOSTS" EXIT
+