# dumping to a file named ' ' so that the ssh-keygen output
# doesn't claim any potentially bogus hostname(s):
- tmpkey=$(mktemp -d ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX)
- gpg_authentication "--export $fingerprint" | openpgp2ssh "$fingerprint" 2>/dev/null > "$tmpkey/ "
+ tmpkey=$(mktemp ${TMPDIR:-/tmp}/tmp.XXXXXXXXXX) || failure "Could not create temporary directory!"
+ gpg_authentication "--export $fingerprint" | openpgp2ssh "$fingerprint" 2>/dev/null > "$tmpkey"
echo -n "ssh fingerprint: "
- (cd "$tmpkey" && ssh-keygen -l -f ' ' | awk '{ print $2 }')
+ ssh-keygen -l -f "$tmpkey" | awk '{ print $1, $2, $4 }'
rm -rf "$tmpkey"
echo -n "OpenPGP fingerprint: "
echo "$fingerprint"
log verbose "----- user: $uname -----"
# make temporary directory
- TMPLOC=$(mktemp -d ${MSTMPDIR}/tmp.XXXXXXXXXX)
+ TMPLOC=$(mktemp -d ${MSTMPDIR}/tmp.XXXXXXXXXX) || failure "Could not create temporary directory!"
# trap to delete temporary directory on exit
trap "rm -rf $TMPLOC" EXIT
# add user-controlled authorized_keys file if specified
# translate ssh-style path variables
rawAuthorizedKeys=$(translate_ssh_variables "$uname" "$RAW_AUTHORIZED_KEYS")
- if [ "$rawAuthorizedKeys" ] ; then
+ if [ "$rawAuthorizedKeys" != 'none' ] ; then
log debug "checking for raw authorized_keys..."
if [ -s "$rawAuthorizedKeys" ] ; then
# check permissions on the authorized_keys file path
(umask 077 && \
gpg_host --export-secret-key "$fingerprint" | \
openpgp2ssh "$fingerprint" > "${SYSDATADIR}/ssh_host_rsa_key")
- log info "private SSH host key output to file: ${SYSDATADIR}/ssh_host_rsa_key"
+ log info "SSH host private key output to file: ${SYSDATADIR}/ssh_host_rsa_key"
+ ssh-keygen -y -f "${SYSDATADIR}/ssh_host_rsa_key" > "${SYSDATADIR}/ssh_host_rsa_key.pub"
+ log info "SSH host public key output to file: ${SYSDATADIR}/ssh_host_rsa_key.pub"
+ gpg_authentication --export-options export-minimal --export "0x${fingerprint}!" > "${SYSDATADIR}/ssh_host_rsa_key.pub.gpg"
+ log info "SSH host public key in OpenPGP form: ${SYSDATADIR}/ssh_host_rsa_key.pub.gpg"
}
# extend the lifetime of a host key: