+ local returnCode
+
+ # default return code is 1, which assumes no key was found
+ returnCode=1
+
+ host="$1"
+
+ log "processing host: $host"
+
+ userID="ssh://${host}"
+
+ for line in $(process_user_id "ssh://${host}") ; do
+ ok=$(echo "$line" | cut -d: -f1)
+ keyid=$(echo "$line" | cut -d: -f2)
+
+ sshKey=$(gpg2ssh "$keyid")
+ # remove the old host key line
+ remove_line "$KNOWN_HOSTS" "$sshKey"
+ # if key OK, add new host line
+ if [ "$ok" -eq '0' ] ; then
+ # hash if specified
+ if [ "$HASH_KNOWN_HOSTS" = 'true' ] ; then
+ # FIXME: this is really hackish cause ssh-keygen won't
+ # hash from stdin to stdout
+ tmpfile=$(mktemp)
+ ssh2known_hosts "$host" "$sshKey" > "$tmpfile"
+ ssh-keygen -H -f "$tmpfile" 2> /dev/null
+ cat "$tmpfile" >> "$KNOWN_HOSTS"
+ rm -f "$tmpfile" "${tmpfile}.old"
+ else
+ ssh2known_hosts "$host" "$sshKey" >> "$KNOWN_HOSTS"
+ fi
+ # set return code to be 0, since a key was found
+ returnCode=0
+ fi
+ return "$returnCode"
+ done
+
+ return "$returnCode"
+}
+
+# update the known_hosts file for a set of hosts listed on command
+# line
+update_known_hosts() {
+ local host
+ local returnCode
+
+ # default return code is 0, which assumes a key was found for
+ # every host. code will be set to 1 if a key is not found for at
+ # least one host
+ returnCode=0